Security readout for executives and security teams
Plain-English summary
This flaw can let an unauthenticated internet-reachable attacker disrupt affected Cisco routers or gateways by triggering high CPU use or a device reload. Business impact is availability loss, especially for VPN, WAN, or branch connectivity dependent on Cisco IOS or IOS XE devices with ISAKMP enabled.
Executive priority
Treat as high priority where affected Cisco devices support VPN or edge connectivity. KEV status means remediation should be tracked as an operational risk, not only a compliance finding.
Technical view
CVE-2017-12237 is an IKEv2 processing denial-of-service vulnerability in Cisco IOS 15.0-15.6 and IOS XE 3.5-16.5. Devices are vulnerable when ISAKMP is enabled, even without IKEv2-specific features. Successful exploitation can cause high CPU, traceback messages, or reload.
Likely exposure
Exposure is most likely on Cisco IOS or IOS XE devices using ISAKMP, including LAN-to-LAN VPN, remote-access VPN except SSL VPN, DMVPN, and FlexVPN deployments. Internet-facing VPN endpoints and edge routers deserve priority review.
Exploitation context
CISA KEV marks this CVE as known exploited. The provided sources do not describe current campaign scale, exploit availability, or specific attacker groups. The vulnerability is remotely reachable, requires no authentication, and primarily affects availability.
Researcher notes
The key exposure condition is ISAKMP enabled, not explicit IKEv2 feature configuration. Scope validation should focus on IOS and IOS XE version ranges, ISAKMP state, and externally reachable VPN/IKE surfaces.
Mitigation direction
- Check Cisco advisory cisco-sa-20170927-ike for fixed releases and supported mitigations.
- Prioritize remediation for internet-facing VPN and edge devices with ISAKMP enabled.
- Review whether exposed ISAKMP/IKE services are required for each device role.
- Use vendor-supported software trains when planning IOS or IOS XE upgrades.
- Monitor affected devices for high CPU, tracebacks, and unexpected reloads.
Validation and detection
- Inventory Cisco IOS and IOS XE versions across routers, gateways, and VPN endpoints.
- Confirm whether ISAKMP is enabled on each potentially affected device.
- Map VPN features using IKEv2-related services, including DMVPN and FlexVPN.
- Check vulnerability records for Cisco Bug ID CSCvc41277.
- Review device telemetry for unexplained CPU spikes, tracebacks, or reloads.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-399: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2017-12237 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- High
- CVSS
- 7.5 (3.1)
- Known Exploited
- Yes
- Published
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CISA KEV status
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H3.93.6Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
7.5HighVector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source materials
- CVE List V5 sourceCVE List V5
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ikeCVE reference · x_refsource_CONFIRM
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12237CVE reference · government-resource
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Resource Management Errors
Resource Management Errors represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
