Cisco IOS Software and Cisco IOS XE Software Crafted DHCPv6 Sequence Denial of Service Vulnerability

A vulnerability in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper handling of DHCPv6 packets for a SOLICIT message for an Identity Association for Non-Temporary Addresses (IA-NA) by a device running the affected software. An unauthenticated, adjacent attacker could exploit this vulnerability by sending a crafted sequence exchange of DHCPv6 packets for a SOLICIT message for an IA-NA to an affected device. If successful, the attacker could cause the device to crash, resulting in a DoS condition.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must be on the same broadcast or collision domain as the affected device. This access requirement decreases the likelihood of a successful exploit.

An attacker may need to obtain additional information about the device such as whether the device is configured with DHCPv6 server. The device must be configured for DHCPv6 server in order to exploit this vulnerability.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.