Guest

Preview Tool

Cisco Bug: CSCus56252 - Cisco ASA DHCPv6 Relay Denial of Service Vulnerability

Last Modified

Aug 13, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

100.13(1.40) 9.4(1)

Description (partial)

Symptom:
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) software could allow an unauthenticated, remote attacker
to cause an affected device to reload.

The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this vulnerability only if the software
is configured with the DHCPv6 relay feature. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device.


Note: Only DHCPv6 packets directed to the Cisco ASA interface where the DHCPv6 relay is enabled can be used to trigger this vulnerability. This
vulnerability affects systems configured in routed or transparent firewall mode and in single or multiple context mode. This vulnerability can be
triggered only by IPv6 traffic. 

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dhcp1

Conditions:
See Security Advisory
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.