CVE-2017-3857

HIGH

Cisco IOS 12.0-12.4 and 15.0-15.6 and IOS XE 3.1-3.18 - Unauthenticated Denial of Service via L2TP Packet Parsing

Title source: llm

Description

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038100

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97010

VDB Entry x_refsource_confirm

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp

Scores

CVSS v3 7.5

EPSS 0.0259

EPSS Percentile 83.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-399 CWE-400

Status published

Products (3)

cisco/ios 12.0 - 12.4

cisco/ios_xe 3.1.0 - 3.18.0

n/a/Cisco IOS and IOS XE Cisco IOS and IOS XE

Published Mar 22, 2017

Tracked Since Feb 18, 2026