Search
On this page ▾
CVE-2017-12234 — Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability

CVE-2017-12234

Cisco IOS — Second CIP DoS Vulnerability; Unauthenticated Remote Device Reload; September 2017 Advisory Bundle; ICS/OT Network Exposure
⚠️ CVSS 3.1  7.5 / 10 — HIGH 🔴 CISA Known Exploited Vulnerability

What Is Cisco IOS?

Cisco IOS is the operating system running on Cisco routers and switches that form the backbone of enterprise, government, and critical infrastructure networks. The Common Industrial Protocol (CIP) support in Cisco IOS enables routing of industrial automation traffic in environments where IT and OT networks converge. Multiple CIP implementation vulnerabilities were patched in the September 2017 Cisco advisory bundle — CVE-2017-12234 is a second, distinct CIP DoS vulnerability (alongside CVE-2017-12233) in the same IOS CIP feature.

Overview

Actively Exploited. This vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog on March 3, 2022. Federal agencies are required to apply mitigations per BOD 22-01.

CVE-2017-12234 is a second denial-of-service vulnerability in the Cisco IOS CIP (Common Industrial Protocol) feature that is distinct from CVE-2017-12233. Like CVE-2017-12233, it allows an unauthenticated remote attacker to cause an IOS device to reload by sending a specially crafted CIP packet. The existence of two separate CIP DoS vulnerabilities patched in the same advisory reflects multiple improper input validation flaws in the CIP implementation. Patched in the September 2017 Cisco advisory bundle. CISA added CVE-2017-12234 to the KEV catalog in March 2022 alongside its companion CIP vulnerability.

Affected Versions

Cisco IOS versions with CIP functionality enabled — same affected version scope as CVE-2017-12233. Use Cisco IOS Software Checker with advisory cisco-sa-20170929-cip.

Technical Details

Root Cause: Second CIP Input Validation Flaw

CVE-2017-12234 is an improper input validation vulnerability (CWE-20) in the Cisco IOS CIP implementation — a distinct code path from CVE-2017-12233 that triggers the same outcome (device reload) via a different CIP packet structure. Both CVE-2017-12233 and CVE-2017-12234 were patched together in the same IOS CIP advisory, indicating the CIP implementation had multiple validation gaps in its packet processing code.

Attack Characteristics

Attribute Detail
Attack Vector Network — remote, no authentication required
Protocol CIP (Common Industrial Protocol)
Impact Device reload → network/ICS disruption
Related CVE CVE-2017-12233 (companion CIP DoS)

Exploitation Context

  • Same exploitation context as CVE-2017-12233 — both CIP DoS vulnerabilities were added to KEV in the same March 2022 batch and share the same exploitation context: nation-state actors (Russian Dragonfly/Berserk Bear) targeting US critical infrastructure network devices, with particular concern for ICS/OT environments where CIP traffic is routed by IOS devices
  • Defense-in-depth principle: The presence of two separate CIP vulnerabilities reinforces the importance of patching rather than relying on mitigations — an organization that blocked one CIP packet type but not the other would remain vulnerable to CVE-2017-12234

Remediation

CISA BOD 22-01 Deadline: March 24, 2022. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

  1. Apply Cisco IOS security update — the same IOS update that patches CVE-2017-12233 also addresses CVE-2017-12234; apply cisco-sa-20170929-cip patch guidance for both vulnerabilities simultaneously.

  2. Disable CIP if not required — disabling the CIP feature eliminates both CVE-2017-12233 and CVE-2017-12234 attack surface.

  3. Apply CIP traffic ACLs — restrict inbound CIP traffic to authorized industrial systems; this reduces exploitation risk for both CIP DoS vulnerabilities.

Key Details

PropertyValue
CVE ID CVE-2017-12234
Vendor / Product Cisco — IOS software
NVD Published2017-09-29
NVD Last Modified2026-01-12
CVSS 3.1 Score7.5
CVSS 3.1 VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SeverityHIGH
CWE CWE-20 — Improper Input Validation find similar ↗
CISA KEV Added2022-03-03
CISA KEV Deadline2022-03-24
Known Ransomware Use No

CVSS 3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Required Action

CISA BOD 22-01 Deadline: 2022-03-24. Apply updates per vendor instructions.

Timeline

DateEvent
2017-09-27Cisco releases September 2017 security advisory bundle patching CVE-2017-12234
2017-09-29CVE-2017-12234 published by NVD
2022-03-03Added to CISA Known Exploited Vulnerabilities catalog
2022-03-24CISA BOD 22-01 remediation deadline

References

ResourceType
NVD — CVE-2017-12234 Vulnerability Database
CISA KEV Catalog Entry US Government
Cisco Security Advisory cisco-sa-20170929-cip Vendor Advisory

Last updated: 2026-05-25

Suggest an update ↗

Gavin Hollinger & AI assembled this air-gap friendly HTML