CVE-2017-12238

Name of the Vulnerable Software and Affected Versions Cisco Catalyst 6800 Series Switches versions 15.0 through 15.4

Description A memory management issue in the Virtual Private LAN Service (VPLS) code of Cisco IOS Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. An attacker could exploit this issue by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. The vulnerability affects devices running a vulnerable release of Cisco IOS Software, configured with VPLS, and using a C6800-16P10G or C6800-16P10G-XL line card as the core-facing MPLS interfaces.

Recommendations To resolve the issue, update to a version of Cisco IOS Software that addresses this vulnerability. As a temporary workaround, consider restricting the creation of VPLS-generated MAC entries in the MAC address table to minimize the risk of exploitation. Restrict access to the VPLS configuration to prevent unauthorized changes. Note: Cisco has released software updates that address this vulnerability, and there are no workarounds that address this vulnerability.