exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Cisco Security Advisory 20161005-dhcp2

Cisco Security Advisory 20161005-dhcp2
Posted Oct 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the DHCPv4 relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of malformed DHCPv4 packets. An attacker could exploit this vulnerability by sending malformed DHCPv4 packets to an affected device. An exploit could allow the attacker to cause the DHCP process or device to crash. This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by malformed DHCP packets processed by a DHCP relay agent listening on the device, using the IPv4 broadcast address or IPv4 unicast address of any interface configured on a device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | 00ef1585c4be6ec24217654758520b7d73508afb58cff86f584eb0bf75779bda

Cisco Security Advisory 20161005-dhcp2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20161005-dhcp2

Revision: 1.0

For Public Release: 2016 October 5 16:00 GMT

+------------------------------------------------------------------------------

Summary
=======
A vulnerability in the implementation of the DHCPv4 relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to improper validation of malformed DHCPv4 packets. An attacker could exploit this vulnerability by sending malformed DHCPv4 packets to an affected device. An exploit could allow the attacker to cause the DHCP process or device to crash.

This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by malformed DHCP packets processed by a DHCP relay agent listening on the device, using the IPv4 broadcast address or IPv4 unicast address of any interface configured on a device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp2

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJX9RRvAAoJEK89gD3EAJB5MVEP/3Vx+EYmJR06nN7u3bJ09QcL
rCM8WkIN1l65nJOsefcneDlPoLDnob31KznL81u7gXtXuOptUD2sT0TsDePwKatT
otvhVQEu10tzOmDwStDjhNO6q5fsrExFMrdD/GwU8ZSWUlffWfMT22Ov4o31qck1
rMtE5Qs7G9oaSVNA+CkXcQijdhnkgBs3C51CumSHB1R7HkZcNJdPU7bOlU5lgb9p
1kzg60E4owVThLiGoG9CwBYoW9EhhkiUQCDiPui/cyp2SFuUeGdcz+hpX48Uf/0+
/2t2cqmibN44Yo/1NJytmEam4HhjF+rpPZBO2R/1/Woggh5id8FAGFmg2prcyM8Q
4/o9PZHFI61UrXAFIHyvEJGdrU5hCrGHaoOZMoY+TwCdmw+bvvYjGu1uSzK6An0L
PDzJkLVSwogr16dECgESt3BEA819it9r9M87c+oRp020aniWZnne39xuXnCA6oN1
3+183bnFKYpgdYrlDLNICOi2MdWsEAjxPFMI/zkHlQtqus4vkuWtSPkiC6+AlGeZ
9z8YEbpjFhfZjlhqnXd9jLNQLAxFGAGOcz3vndjNsIwLQmaN67+EIbtt30lxJ0Bq
JmtrsojSOx6VsH9JigAOxznLzF//R4reNopiVZqwvIAHpbE3CXjSmmp5601QPVK7
nsoocohg8L6C9yNvdQSU
=jkG4
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close