{"containers": {"cna": {"affected": [{"product": "Cisco IOS", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco IOS"}]}], "datePublic": "2017-09-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-09-29T09:57:01.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1039453", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039453"}, {"name": "101040", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101040"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-12238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS", "version": {"version_data": [{"version_value": "Cisco IOS"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "references": {"reference_data": [{"name": "1039453", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039453"}, {"name": "101040", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101040"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:16.695Z"}, "title": "CVE Program Container", "references": [{"name": "1039453", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039453"}, {"name": "101040", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101040"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"}]}, {"references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12238", "tags": ["government-resource"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-08T17:32:27.818663Z", "id": "CVE-2017-12238", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12238"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T21:46:19.716Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-12238", "datePublished": "2017-09-28T07:00:00.000Z", "dateReserved": "2017-08-03T00:00:00.000Z", "dateUpdated": "2026-01-12T21:46:19.716Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securitytracker.com/id/1039453", "name": "1039453", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/101040", "name": "101040", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:16.695Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2017-12238", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-08T17:32:27.818663Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12238"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12238", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T16:06:53.088Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Cisco IOS", "versions": [{"status": "affected", "version": "Cisco IOS"}]}], "datePublic": "2017-09-28T00:00:00.000Z", "references": [{"url": "http://www.securitytracker.com/id/1039453", "name": "1039453", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://www.securityfocus.com/bid/101040", "name": "101040", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-399", "description": "CWE-399"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2017-09-29T09:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Cisco IOS"}]}, "product_name": "Cisco IOS"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securitytracker.com/id/1039453", "name": "1039453", "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/101040", "name": "101040", "refsource": "BID"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-12238", "STATE": "PUBLIC", "ASSIGNER": "psirt@cisco.com"}}}}, "cveMetadata": {"cveId": "CVE-2017-12238", "state": "PUBLISHED", "dateUpdated": "2026-01-12T21:46:19.716Z", "dateReserved": "2017-08-03T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2017-09-28T07:00:00.000Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"cisaActionDue": "2022-03-24", "cisaExploitAdd": "2022-03-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C8ACCBC-19E5-4960-84BF-BD6EBAE0AC39", "versionEndIncluding": "15.4", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:c6800-16p10g:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D782FEB-FF9A-4F41-95BA-88C239656F7D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:c6800-16p10g-xl:-:*:*:*:*:*:*:*", "matchCriteriaId": "F508C81E-D31B-44BA-82C8-FEDA00324B8B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "38280588-3CE2-4797-A56A-00256E634C62", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "1A2AF1C7-23EB-4C13-AC71-4FA7E78E8ED7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "0BF0BBC8-04BD-4867-B188-35461E50FF16", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "A2C1E3F7-D48E-4AF1-8205-33EB71E09E09", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "C959C93D-D58C-4AB5-9058-0CF257C68F72", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "4FDB5EAC-E41D-4A15-B059-45B4BE4813EC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "E2DF345D-AD8A-4DE6-8136-6EF7B011E4B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEFBFA86-64F2-4CB0-99E1-FAEFCA690FF8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "15B48565-92C7-4AE1-AE3A-6FF7DD010745", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "EC58B690-8D30-4A04-82AA-A827F87DEE02", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "E6BED8BD-79D2-4DD9-A895-66A8C9349F62", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "41491D13-A3F9-464A-A84B-A58320838CBD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "9E0747C3-2712-4FA9-92E3-260B3CF080DC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "CFF4CBFF-56C4-4411-9F12-2506C3DD563E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "DD4D3F34-A1B3-4469-BF21-666FDAE9198B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6503-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "F202892E-2E58-4D77-B983-38AFA51CDBC6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6504-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F57DF3E-4069-4EF0-917E-84CDDFCEBEEF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6506-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BE25114-ABBC-47A0-9C20-E8D40D721313", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6509-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "FADD5F49-2817-40EC-861C-C922825708BD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6509-neb-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E628F9C4-98C6-4A95-AF81-F1E6A56E8648", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6509-v-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFF899C-1EB3-46D8-9003-EA36A68C90B3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6513:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6463491-F63E-44CB-A1D4-C029BE7D3D3D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_6513-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8668D34-096B-4FC3-B9B1-0ECFD6265778", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927."}, {"lang": "es", "value": "Una vulnerabilidad en el c\u00f3digo VPLS (Virtual Private LAN Service) de Cisco IOS desde la versi\u00f3n 15.0 hasta la 15.4 para los switches de la serie 6800 de Cisco Catalyst podr\u00eda permitir que un atacante adyacente sin autenticar provoque el cierre inesperado de las tarjetas de l\u00ednea C6800-16P10G o C6800-16P10G-XL, provocando una denegaci\u00f3n de servicio (DoS) como consecuencia. Esta vulnerabilidad se debe a un problema de gesti\u00f3n de memoria en el software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad creando un gran n\u00famero de entradas MAC generadas por el VPLS en la tabla de direcciones MAC del dispositivo afectado. Si se explota con \u00e9xito, podr\u00eda permitir que el atacante provoque el cierre inesperado de las tarjetas de l\u00ednea C6800-16P10G o C6800-16P10G-XL, provocando una denegaci\u00f3n de servicio (DoS) como consecuencia. Esta vulnerabilidad afecta a los switches de la serie 6800 de Cisco Catalyst que ejecutan una distribuci\u00f3n vulnerable del software de Cisco IOS y tienen una tarjeta de l\u00ednea Cisco C6800-16P10G o C6800-16P10G-XL que se utiliza con Supervisor Engine 6T. Para que sea vulnerable, el dispositivo tiene que estar tambi\u00e9n configurado con VPLS y la tarjeta de l\u00ednea C6800-16P10G o C6800-16P10G-XL necesita estar en las interfaces conectadas al n\u00facleo MPLS Cisco Bug IDs: CSCva61927."}], "id": "CVE-2017-12238", "lastModified": "2026-04-21T18:08:05.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2017-09-29T01:34:48.997", "references": [{"source": "psirt@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101040"}, {"source": "psirt@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039453"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12238"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "psirt@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}