CVE-2017-12240

CVE-2017-12240

Vendor N/A

Product Cisco IOS and IOS XE

Weakness CWE-20 · Input validation

KEV Status Known Exploited

Published September 28, 2017

Last update January 12, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

September 28, 2017 CVE published

January 12, 2026 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-12240 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2017-12240

Related vulnerabilities

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE