Cisco Bug: CSCup47513 - Cisco Small Cell Command Execution Vulnerability
Jan 31, 2017
- Cisco Universal Small Cell 3000 Series
Known Affected Releases
Symptom: A vulnerability in DHCP client implementation of Cisco Small Cell products could allow an unauthenticated, adjacent attacker to execute commands and potentially take full control over the affected device. The vulnerability is due to improper parsing of crafted DHCP messages. An attacker could exploit this vulnerability by sending crafted DHCP messages to the affected device. An exploit could allow the attacker to execute commands and potentially take full control over the affected device.'' Conditions: All USC small cell hardware variants (USC3000, 5000, 7000 and 9000 series) running one of the following software versions are affected by this vulnerability: - BV184.108.40.206 - BV220.127.116.11 IMS software - BV18.104.22.168 and later Iuh versions GAN software (R2.10) is NOT impacted.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases