A vulnerability in the DHCP option 82 encapsulation functionality of Cisconbsp;IOS Software and Cisconbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of servicenbsp;(DoS) condition.

The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4nbsp;(DHCPv4) packets from DHCP relay agents.

An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device.

A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1
This advisory is part of the March 28, 2018, release of the Cisconbsp;IOS and IOSnbsp;XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities.

For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2018-0172

Leave a Reply