Guest

Preview Tool

Cisco Bug: CSCuw77959 - Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability

Last Modified

Jun 19, 2019

Products (51)

  • Cisco IOS
  • Cisco 892W Integrated Services Router
  • Cisco 2951 Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 861W Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco 888W Integrated Services Router
  • Cisco 881SRSTW Integrated Services Router
  • Cisco 881W Integrated Services Router
  • Cisco 888E-CUBE Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.1(4)M9

Description (partial)

Symptom:
The DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp

This advisory is part of the September 27, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Conditions:
This vulnerability affects Cisco devices that are running a vulnerable release of a Cisco IOS XE Software. See the published advisory for more
information.

Please see the Cisco IOS XE Software Checker tool for information on non-vulnerable, vulnerable and fixed releases. This tool is available at
http://tools.cisco.com/security/center/selectIOSVersion.x

Related Community Discussions

Can I grab the first fix info to -all calls
Can I grab the first fix info from the https://api.cisco.com/security/advisories/all itself I see all the attributes like advisory_id and details on it except for first fixed version, can I get this value added too.
Latest activity: Jul 03, 2018
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.