Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

2014-09-2416:00:00

tools.cisco.com

0.013 Low

EPSS

Percentile

85.7%

JSON

A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper parsing of malformed DHCPv6 packets. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of an affected device.

Cisco has released software updates that address this vulnerability. This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6”]

Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html”]

CPENameOperatorVersion
ioseq15.2S
ioseq15.1S
ioseq15.3S
ioseq15.4T
ioseq15.1MRA
ioseq15.4S
ioseq15.3M
ioseq15.2SC
ioseq15.3XB
ioseq15.4CG

Name	Operator	Version
ios	eq	15.2S
ios	eq	15.1S
ios	eq	15.3S
ios	eq	15.4T
ios	eq	15.1MRA
ios	eq	15.4S
ios	eq	15.3M
ios	eq	15.2SC
ios	eq	15.3XB
ios	eq	15.4CG

Rows per page:

1-10 of 1271

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CISCO-SA-20140924-DHCPV6