CVE-2017-3864Uncontrolled Resource Consumption in Cisco IOS

CWE-399CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
8.6HIGHNVD
EPSS
1.1%
top 21.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedMar 22
Latest updateMay 13

Description

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios15.015.6+2
NVDcisco/ios_xe3.33.7

🔴Vulnerability Details

2
GHSA
GHSA-qj55-f9h6-mf7m: A vulnerability in the DHCP client implementation of Cisco IOS (122022-05-13
CVEList
CVE-2017-3864: A vulnerability in the DHCP client implementation of Cisco IOS (122017-03-22

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability2017-03-22
CVE-2017-3864 — Uncontrolled Resource Consumption | cvebase