CVE-2017-12237 — Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
2022-03-03 • CISA Known Exploited Vulnerability
[event] A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Cisco |
| Product | IOS and IOS XE Software |
| CWE | CWE-399 |
| CVE ID | CVE-2017-12237 |
| Date Added | 2022-03-03 |
| Due Date | 2022-03-24 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-03-24