Cisco IOS Software CIP Multiple Vulnerabilities (cisco-sa-20170927-cip)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version and configuration, the Cisco
IOS software running on the remote device is affected by multiple
denial of service vulnerabilities in the Common Industrial Protocol
(CIP) feature due to improper processing of unusual but valid CIP
requests. An unauthenticated, remote attacker can exploit this, via
specially crafted CIP requests, to cause the switch to stop processing
traffic, requiring a device restart to regain functionality.

See also :

http://www.nessus.org/u?8057e067

Solution :

Upgrade to the relevant fixed version referenced in Cisco bug IDs
CSCuz95334 and CSCvc43709.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: CISCO

Nessus Plugin ID: 103668 ()

Bugtraq ID: 101038

CVE ID: CVE-2017-12233
CVE-2017-12234

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now