Guest

Preview Tool

Cisco Bug: CSCup47513 - Cisco Small Cell Command Execution Vulnerability

Last Modified

Jan 31, 2017

Products (1)

  • Cisco Universal Small Cell 3000 Series

Known Affected Releases

BV3.3.12.9

Description (partial)

Symptom:
A vulnerability in DHCP client implementation of Cisco Small Cell products could allow an unauthenticated, adjacent attacker to execute commands 
and potentially take full control over the affected device.

The vulnerability is due to improper parsing of crafted DHCP messages. An attacker could exploit this vulnerability by sending crafted DHCP 
messages to the affected device. An exploit could allow the attacker to execute commands and potentially take full control over the affected device.''

Conditions:
All USC small cell hardware variants (USC3000, 5000, 7000 and 9000 series) running one of the following software versions are affected by this 
vulnerability:

- BV2.11.2.5 - BV2.17.3.1 IMS software 
- BV3.2.1.9 and later Iuh versions 

GAN software (R2.10) is NOT impacted.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.