CVE-2017-3864
Cisco Security Advisory 20170322-dhcpc
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and using a specific DHCP client configuration. Cisco Bug IDs: CSCuu43892.
Una vulnerabilidad en la implementación del cliente DHCP de Cisco IOS (12.2, 12.4 y 15.0 hasta la versión 15.6) y Cisco IOS XE (3.3 hasta la versión 3.7) podría permitir a un atacante remoto no autenticado provocar una denegación de servicio (DoS). La vulnerabilidad se produce durante el análisis de un paquete DHCP elaborado. Un atacante podría explotar esta vulnerabilidad mediante el envío de paquetes DHCP creados a un dispositivo afectado configurado como un cliente DHCP. Una explotación exitosa podría permitir al atacante hacer que el dispositivo se volviera a cargar, lo que daría lugar a una condición DoS. Esta vulnerabilidad afecta a los dispositivos Cisco que ejecutan una versión vulnerable del software Cisco IOS o IOS XE y que utilizan una configuración de cliente DHCP específica. ID de bugs de Cisco: CSCuu43892.
A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-21 CVE Reserved
- 2017-03-22 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97012 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038103 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-dhcpc | 2020-09-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | >= 15.0 <= 15.6 Search vendor "Cisco" for product "Ios" and version " >= 15.0 <= 15.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.2 Search vendor "Cisco" for product "Ios" and version "12.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.4 Search vendor "Cisco" for product "Ios" and version "12.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | >= 3.3 <= 3.7 Search vendor "Cisco" for product "Ios Xe" and version " >= 3.3 <= 3.7" | - |
Affected
| ||||||