Preview Tool

Cisco Bug: CSCup90532 - Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability

Last Modified

Apr 26, 2018

Products (87)

  • Cisco IOS
  • Cisco 812 CiFi Integrated Services Router
  • Cisco 888W Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 892W Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco C892FSP Integrated Services Router
  • Cisco 886VAG 3G Integrated Services Router
  • Cisco 819 Hardened Integrated Services Router
  • Cisco C897VA Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases


Description (partial)

A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the
device to reload, to corrupt the information present in the device's local DNS cache, or read part of the process memory.

The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by intercepting and
crafting a DNS response message to a client DNS query that was forwarded from the affected device to a DNS server. A successful exploit could
cause the device to reload, resulting in a denial of service (DoS) condition or in a corruption of the local DNS cache information.

Cisco has released software updates that address this vulnerability.

This advisory is available at the following link:

See Security Advisory
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.