Main Vulnerability Database Vulnerabilities #VU6165

#VU6165 Denial of service in Cisco IOS and Cisco IOS XE - CVE-2017-3864

Published: March 23, 2017 / Updated: April 5, 2018

Vulnerability identifier: #VU6165

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-3864

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to an error when parsing malicious DHCP packet. A remote can sendspecially crafted DHCP packets and cause the affected device to reload.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-dhcpc

#VU6165 Denial of service in Cisco IOS and Cisco IOS XE - CVE-2017-3864

Description

Remediation

External links

Please verify you're human