CVE-2017-12319 Cisco CVE debrief

Who should care

Organizations running Cisco IOS XE Software, especially network operations and security teams responsible for devices that use EVPN/BGP features. Incident responders and patch-management teams should also prioritize it because it appears in CISA’s Known Exploited Vulnerabilities catalog.

Technical summary

The supplied records identify this issue as a Cisco IOS XE Software EVPN/BGP denial-of-service vulnerability. The corpus does not include affected version ranges, attack preconditions, or a CVSS score, but the CISA KEV entry indicates it is a known exploited vulnerability. The practical defensive takeaway is to inventory Cisco IOS XE systems, confirm whether EVPN/BGP functionality is in use, and apply vendor-provided updates promptly.

Defensive priority

High — CISA KEV-listed; prioritize remediation immediately and track against the supplied 2022-03-24 due date if the asset is still exposed.

Recommended defensive actions

• Apply Cisco updates per vendor instructions.
• Inventory Cisco IOS XE Software devices and identify systems using EVPN/BGP functionality.
• Prioritize remediation for critical, internet-facing, or hard-to-maintain network infrastructure.
• Coordinate maintenance windows to update affected devices without delaying remediation unnecessarily.
• Review network and device logs for unusual service disruption consistent with a denial-of-service condition.

Evidence notes

The debrief is based only on the supplied CVE metadata, the CISA KEV source item, and the official reference links. The corpus provides the vulnerability title, KEV inclusion date (2022-03-03), due date (2022-03-24), and the required action to apply updates per vendor instructions. No CVSS score, affected-version range, or vendor advisory text was supplied.

Official resources