7.8 - cisco-sa-20180328-dhcpr2

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2"] This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682"].

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJau71bXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczdVEQAI7++7HLBlVW0W6ZVTEmwvhJ1G+V DC36m6FhdhZizxgnorZQXxcfI1HWy9mHABWefo0c7w68X42FTIN4gbM7qtJZ1zHr 8FjApb26wC7FKUgMb3abMYkK9gqS8s3vHOAimUrR0HW4AI9Y1hdlI3TiyN4/fzQL tY4ORJMowKMnjhKHluVwdArynRTKehdYZY5MHTSjsujD0boTsRvJ36W6zW5f9zAa 1yuFdkBpypP+/xJWiN5da89oD3bMwH19uz8IsWUfdwMcMe9QYZ6xpF3Oa1NxBH1z 2lTMxR+qHZTh9oqzI5v02wMUAe+cGbS/psElGW9nHpCKa6kOvYo0Pr68l/1j/cia poFT3KcUfEo/G7uh/V96pNgQkpYIwc7zeM5TMlxlr15b8aFmODrKDLFYb9uv7nnq oCKQq0CwUMm466jY5bNNPuL209wQWJxIymS7iZLOoV+GCH3IdBSipmg9eila6UPh samDk4ZAVKizAKyj8+r+bD749SpUZ4AGvx3S2isvBISj/Fp2HcFGp69vCuj4chin L4BbINRmh/iY0iE1CefzPjdx8oa4vxh4brWwqbamipkqyk+Q5+iXspjFwZXQ9Lek /gP7ryxpRTPOOqSL9M9mv7mIyY63SiLlDAX78zeDwmidwnjX6wiWOvVM4kBJovS/ RJ9n3j9W+LT9tuKi =QpTN END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com