| VID |
29100 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The version of the Cisco IOS has a denial of service vulnerability in the DHCP service (CISCO bug ID CSCee50294). Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets.
This issue affects only Cisco devices running affected Cisco IOS versions 12.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW and higher that do not have the configuration command "no service dhcp", regardless whether the DHCP server or relay agent is configured on the device or not.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml
http://www.kb.cert.org/vuls/id/630104
http://www.ciac.org/ciac/bulletins/p-034.shtml
* Platforms Affected:
Cisco IOS versions 12.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW and higher
Cisco 7200, 7300, 7500 platforms
Cisco 2650, 2651, 2650XM, 2651XM Multiservice platform
Cisco ONS15530, ONS15540
Cisco Catalyst 4000, Sup2plus, Sup3, Sup4 and Sup5 modules
Cisco Catalyst 4500, Sup2Plus TS
Cisco Catalyst 4948, 2970, 3560, and 3750
Cisco Catalyst 6000, Sup2/MSFC2 and Sup720/MSFC3
Cisco 7600 Sup2/MSFC2 and Sup720/MSFC3 |
| Recommendation |
Upgrade to the fixed Cisco IOS version, as listed in "Software Versions and Fixes" of Cisco Security Advisory (Cisco IOS DHCP Blocked Interface Denial-of-Service) at http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml .
Upgrades should be obtained through the Software Center on Cisco's worldwide web site at http://www.cisco.com .
For details, see http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml . |
| Related URL |
(CVE) |
| Related URL |
11649 (SecurityFocus) |
| Related URL |
18021 (ISS) |
|
