Cisco Bug: CSCus04097 - Cisco Headend UDP TFTP Denial of Service (DoS) Vulnerability
Aug 16, 2016
- Headend System Releases
Known Affected Releases
Symptom: A vulnerability in the User Datagram Protocol (UDP) applications Trivial File Transfer Protocol (TFTP) and Dynamic Host Configuration Protocol (DHCP) of the Cisco Headend System Release could allow an unauthenticated, remote attacker to take the TFTP and DHCP listen ports offline for a period of time. The vulnerability is due to a particular UDP traffic pattern in addition to the amount of UDP traffic generated. An attacker could exploit this vulnerability by sending crafted UDP TFTP and DHCP packets to the device. An exploit could allow the attacker to take the TFTP and DHCP ports offline so those ports do not respond to incoming requests. Conditions: Devices running an affected version of the Cisco Headend System Release software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases