Guest

Preview Tool

Cisco Bug: CSCus04097 - Cisco Headend UDP TFTP Denial of Service (DoS) Vulnerability

Last Modified

Aug 06, 2018

Products (1)

  • Headend System Releases

Known Affected Releases

dncs-7.0.0.15

Description (partial)

Symptom:
A vulnerability in the User Datagram Protocol (UDP) applications Trivial File Transfer Protocol (TFTP) 
and Dynamic Host Configuration Protocol (DHCP)  of the Cisco Headend System Release could allow an 
unauthenticated, remote attacker to take the TFTP and DHCP listen ports offline for a period of  time.

The vulnerability is due to a particular UDP traffic pattern in addition to the amount of UDP traffic generated.
An attacker could exploit this vulnerability by sending crafted UDP TFTP and DHCP packets to the device.
An exploit could allow the attacker to take the TFTP and DHCP ports offline so those  ports do not respond to 
incoming requests.

Conditions:
Devices running an affected version of the Cisco Headend System Release software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.