Cisco Bug: CSCuq24603 - Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability

Last Modified

Sep 18, 2019

Products (1)

Cisco Nexus 7000 Series Switches

Known Affected Releases

7.1(0)ZD

Description (partial)

Symptoms:
A vulnerability in the implementation of the DHCPv4 relay agent and smart relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service 
(DoS) condition on an affected device.

The vulnerability is due to improper validation of crafted DHCPv4 offer packets. An attacker could exploit this vulnerability by sending crafted DHCPv4 offer packets to an affected device. An 
exploit could allow the attacker to cause the DHCP process or device to crash.

This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by crafted DHCP packets processed by a DHCP relay agent or smart relay agent listening on the 
device using the IPv4 broadcast address or the IPv4 unicast address of any interface configured on a device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1

Conditions:
See Advisory

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts