Описание
Уязвимость функции отслеживания DHCP операционной системы Cisco IOS XE связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании путём отправки специально сформированного IPv4-пакета DHCP-запроса
Вендор
Cisco Systems Inc.
Наименование ПО
Cisco IOS XE
Версия ПО
17.2.1 (Cisco IOS XE)
17.1.1 (Cisco IOS XE)
17.3.3 (Cisco IOS XE)
17.1.1 (Cisco IOS XE)
17.1.1a (Cisco IOS XE)
17.1.1a (Cisco IOS XE)
17.1.1s (Cisco IOS XE)
17.1.1s (Cisco IOS XE)
17.1.2 (Cisco IOS XE)
17.1.2 (Cisco IOS XE)
17.1.1t (Cisco IOS XE)
17.1.1t (Cisco IOS XE)
17.1.3 (Cisco IOS XE)
17.1.3 (Cisco IOS XE)
17.2.1 (Cisco IOS XE)
17.2.1r (Cisco IOS XE)
17.2.1r (Cisco IOS XE)
17.2.1a (Cisco IOS XE)
17.2.1a (Cisco IOS XE)
17.2.1v (Cisco IOS XE)
17.2.1v (Cisco IOS XE)
17.2.2 (Cisco IOS XE)
17.2.2 (Cisco IOS XE)
17.2.3 (Cisco IOS XE)
17.2.3 (Cisco IOS XE)
17.3.1 (Cisco IOS XE)
17.3.1 (Cisco IOS XE)
17.3.2 (Cisco IOS XE)
17.3.2 (Cisco IOS XE)
17.3.3 (Cisco IOS XE)
17.3.1a (Cisco IOS XE)
17.3.1a (Cisco IOS XE)
17.3.1w (Cisco IOS XE)
17.3.1w (Cisco IOS XE)
17.3.2a (Cisco IOS XE)
17.3.2a (Cisco IOS XE)
17.3.1x (Cisco IOS XE)
17.3.1x (Cisco IOS XE)
17.3.1z (Cisco IOS XE)
17.3.1z (Cisco IOS XE)
17.3.3a (Cisco IOS XE)
17.3.3a (Cisco IOS XE)
17.3.4 (Cisco IOS XE)
17.3.4 (Cisco IOS XE)
17.3.5 (Cisco IOS XE)
17.3.5 (Cisco IOS XE)
17.3.4a (Cisco IOS XE)
17.3.4a (Cisco IOS XE)
17.3.6 (Cisco IOS XE)
17.3.6 (Cisco IOS XE)
17.3.4b (Cisco IOS XE)
17.3.4b (Cisco IOS XE)
17.3.4c (Cisco IOS XE)
17.3.4c (Cisco IOS XE)
17.3.5a (Cisco IOS XE)
17.3.5a (Cisco IOS XE)
17.3.5b (Cisco IOS XE)
17.3.5b (Cisco IOS XE)
17.3.7 (Cisco IOS XE)
17.3.7 (Cisco IOS XE)
17.3.8 (Cisco IOS XE)
17.3.8 (Cisco IOS XE)
17.3.8a (Cisco IOS XE)
17.3.8a (Cisco IOS XE)
17.4.1 (Cisco IOS XE)
17.4.1 (Cisco IOS XE)
17.4.2 (Cisco IOS XE)
17.4.2 (Cisco IOS XE)
17.4.1a (Cisco IOS XE)
17.4.1a (Cisco IOS XE)
17.4.1b (Cisco IOS XE)
17.4.1b (Cisco IOS XE)
17.4.1c (Cisco IOS XE)
17.4.1c (Cisco IOS XE)
17.4.2a (Cisco IOS XE)
17.4.2a (Cisco IOS XE)
17.5.1 (Cisco IOS XE)
17.5.1 (Cisco IOS XE)
17.5.1a (Cisco IOS XE)
17.5.1a (Cisco IOS XE)
17.6.1 (Cisco IOS XE)
17.6.1 (Cisco IOS XE)
17.6.2 (Cisco IOS XE)
17.6.2 (Cisco IOS XE)
17.6.1w (Cisco IOS XE)
17.6.1w (Cisco IOS XE)
17.6.1a (Cisco IOS XE)
17.6.1a (Cisco IOS XE)
17.6.1x (Cisco IOS XE)
17.6.1x (Cisco IOS XE)
17.6.3 (Cisco IOS XE)
17.6.3 (Cisco IOS XE)
17.6.1y (Cisco IOS XE)
17.6.1y (Cisco IOS XE)
17.6.1z (Cisco IOS XE)
17.6.1z (Cisco IOS XE)
17.6.3a (Cisco IOS XE)
17.6.3a (Cisco IOS XE)
17.6.4 (Cisco IOS XE)
17.6.4 (Cisco IOS XE)
17.6.1z1 (Cisco IOS XE)
17.6.1z1 (Cisco IOS XE)
17.6.5 (Cisco IOS XE)
17.6.5 (Cisco IOS XE)
17.6.6 (Cisco IOS XE)
17.6.6 (Cisco IOS XE)
17.6.6a (Cisco IOS XE)
17.6.6a (Cisco IOS XE)
17.6.5a (Cisco IOS XE)
17.6.5a (Cisco IOS XE)
17.7.1 (Cisco IOS XE)
17.7.1 (Cisco IOS XE)
17.7.1a (Cisco IOS XE)
17.7.1a (Cisco IOS XE)
17.7.1b (Cisco IOS XE)
17.7.1b (Cisco IOS XE)
17.7.2 (Cisco IOS XE)
17.7.2 (Cisco IOS XE)
17.10.1 (Cisco IOS XE)
17.10.1 (Cisco IOS XE)
17.10.1a (Cisco IOS XE)
17.10.1a (Cisco IOS XE)
17.10.1b (Cisco IOS XE)
17.10.1b (Cisco IOS XE)
17.8.1 (Cisco IOS XE)
17.8.1 (Cisco IOS XE)
17.8.1a (Cisco IOS XE)
17.8.1a (Cisco IOS XE)
17.9.1 (Cisco IOS XE)
17.9.1 (Cisco IOS XE)
17.9.1w (Cisco IOS XE)
17.9.1w (Cisco IOS XE)
17.9.2 (Cisco IOS XE)
17.9.2 (Cisco IOS XE)
17.9.1a (Cisco IOS XE)
17.9.1a (Cisco IOS XE)
17.9.1x (Cisco IOS XE)
17.9.1x (Cisco IOS XE)
17.9.1y (Cisco IOS XE)
17.9.1y (Cisco IOS XE)
17.9.3 (Cisco IOS XE)
17.9.3 (Cisco IOS XE)
17.9.2a (Cisco IOS XE)
17.9.2a (Cisco IOS XE)
17.9.1x1 (Cisco IOS XE)
17.9.1x1 (Cisco IOS XE)
17.9.3a (Cisco IOS XE)
17.9.3a (Cisco IOS XE)
17.9.4 (Cisco IOS XE)
17.9.4 (Cisco IOS XE)
17.9.1y1 (Cisco IOS XE)
17.9.1y1 (Cisco IOS XE)
17.9.4a (Cisco IOS XE)
17.9.4a (Cisco IOS XE)
17.11.1 (Cisco IOS XE)
17.11.1 (Cisco IOS XE)
17.11.1a (Cisco IOS XE)
17.11.1a (Cisco IOS XE)
17.12.1 (Cisco IOS XE)
17.12.1 (Cisco IOS XE)
17.12.1w (Cisco IOS XE)
17.12.1w (Cisco IOS XE)
17.12.1a (Cisco IOS XE)
17.12.1a (Cisco IOS XE)
17.11.99SW (Cisco IOS XE)
17.11.99SW (Cisco IOS XE)
Тип ПО
Операционная система
Операционные системы и аппаратные платформы
Cisco Systems Inc. Cisco IOS XE 17.2.1
Cisco Systems Inc. Cisco IOS XE 17.1.1
Cisco Systems Inc. Cisco IOS XE 17.3.3
Cisco Systems Inc. Cisco IOS XE 17.1.1
Cisco Systems Inc. Cisco IOS XE 17.1.1a
Cisco Systems Inc. Cisco IOS XE 17.1.1a
Cisco Systems Inc. Cisco IOS XE 17.1.1s
Cisco Systems Inc. Cisco IOS XE 17.1.1s
Cisco Systems Inc. Cisco IOS XE 17.1.2
Cisco Systems Inc. Cisco IOS XE 17.1.2
Cisco Systems Inc. Cisco IOS XE 17.1.1t
Cisco Systems Inc. Cisco IOS XE 17.1.1t
Cisco Systems Inc. Cisco IOS XE 17.1.3
Cisco Systems Inc. Cisco IOS XE 17.1.3
Cisco Systems Inc. Cisco IOS XE 17.2.1
Cisco Systems Inc. Cisco IOS XE 17.2.1r
Cisco Systems Inc. Cisco IOS XE 17.2.1r
Cisco Systems Inc. Cisco IOS XE 17.2.1a
Cisco Systems Inc. Cisco IOS XE 17.2.1a
Cisco Systems Inc. Cisco IOS XE 17.2.1v
Cisco Systems Inc. Cisco IOS XE 17.2.1v
Cisco Systems Inc. Cisco IOS XE 17.2.2
Cisco Systems Inc. Cisco IOS XE 17.2.2
Cisco Systems Inc. Cisco IOS XE 17.2.3
Cisco Systems Inc. Cisco IOS XE 17.2.3
Cisco Systems Inc. Cisco IOS XE 17.3.1
Cisco Systems Inc. Cisco IOS XE 17.3.1
Cisco Systems Inc. Cisco IOS XE 17.3.2
Cisco Systems Inc. Cisco IOS XE 17.3.2
Cisco Systems Inc. Cisco IOS XE 17.3.3
Cisco Systems Inc. Cisco IOS XE 17.3.1a
Cisco Systems Inc. Cisco IOS XE 17.3.1a
Cisco Systems Inc. Cisco IOS XE 17.3.1w
Cisco Systems Inc. Cisco IOS XE 17.3.1w
Cisco Systems Inc. Cisco IOS XE 17.3.2a
Cisco Systems Inc. Cisco IOS XE 17.3.2a
Cisco Systems Inc. Cisco IOS XE 17.3.1x
Cisco Systems Inc. Cisco IOS XE 17.3.1x
Cisco Systems Inc. Cisco IOS XE 17.3.1z
Cisco Systems Inc. Cisco IOS XE 17.3.1z
Cisco Systems Inc. Cisco IOS XE 17.3.3a
Cisco Systems Inc. Cisco IOS XE 17.3.3a
Cisco Systems Inc. Cisco IOS XE 17.3.4
Cisco Systems Inc. Cisco IOS XE 17.3.4
Cisco Systems Inc. Cisco IOS XE 17.3.5
Cisco Systems Inc. Cisco IOS XE 17.3.5
Cisco Systems Inc. Cisco IOS XE 17.3.4a
Cisco Systems Inc. Cisco IOS XE 17.3.4a
Cisco Systems Inc. Cisco IOS XE 17.3.6
Cisco Systems Inc. Cisco IOS XE 17.3.6
Cisco Systems Inc. Cisco IOS XE 17.3.4b
Cisco Systems Inc. Cisco IOS XE 17.3.4b
Cisco Systems Inc. Cisco IOS XE 17.3.4c
Cisco Systems Inc. Cisco IOS XE 17.3.4c
Cisco Systems Inc. Cisco IOS XE 17.3.5a
Cisco Systems Inc. Cisco IOS XE 17.3.5a
Cisco Systems Inc. Cisco IOS XE 17.3.5b
Cisco Systems Inc. Cisco IOS XE 17.3.5b
Cisco Systems Inc. Cisco IOS XE 17.3.7
Cisco Systems Inc. Cisco IOS XE 17.3.7
Cisco Systems Inc. Cisco IOS XE 17.3.8
Cisco Systems Inc. Cisco IOS XE 17.3.8
Cisco Systems Inc. Cisco IOS XE 17.3.8a
Cisco Systems Inc. Cisco IOS XE 17.3.8a
Cisco Systems Inc. Cisco IOS XE 17.4.1
Cisco Systems Inc. Cisco IOS XE 17.4.1
Cisco Systems Inc. Cisco IOS XE 17.4.2
Cisco Systems Inc. Cisco IOS XE 17.4.2
Cisco Systems Inc. Cisco IOS XE 17.4.1a
Cisco Systems Inc. Cisco IOS XE 17.4.1a
Cisco Systems Inc. Cisco IOS XE 17.4.1b
Cisco Systems Inc. Cisco IOS XE 17.4.1b
Cisco Systems Inc. Cisco IOS XE 17.4.1c
Cisco Systems Inc. Cisco IOS XE 17.4.1c
Cisco Systems Inc. Cisco IOS XE 17.4.2a
Cisco Systems Inc. Cisco IOS XE 17.4.2a
Cisco Systems Inc. Cisco IOS XE 17.5.1
Cisco Systems Inc. Cisco IOS XE 17.5.1
Cisco Systems Inc. Cisco IOS XE 17.5.1a
Cisco Systems Inc. Cisco IOS XE 17.5.1a
Cisco Systems Inc. Cisco IOS XE 17.6.1
Cisco Systems Inc. Cisco IOS XE 17.6.1
Cisco Systems Inc. Cisco IOS XE 17.6.2
Cisco Systems Inc. Cisco IOS XE 17.6.2
Cisco Systems Inc. Cisco IOS XE 17.6.1w
Cisco Systems Inc. Cisco IOS XE 17.6.1w
Cisco Systems Inc. Cisco IOS XE 17.6.1a
Cisco Systems Inc. Cisco IOS XE 17.6.1a
Cisco Systems Inc. Cisco IOS XE 17.6.1x
Cisco Systems Inc. Cisco IOS XE 17.6.1x
Cisco Systems Inc. Cisco IOS XE 17.6.3
Cisco Systems Inc. Cisco IOS XE 17.6.3
Cisco Systems Inc. Cisco IOS XE 17.6.1y
Cisco Systems Inc. Cisco IOS XE 17.6.1y
Cisco Systems Inc. Cisco IOS XE 17.6.1z
Cisco Systems Inc. Cisco IOS XE 17.6.1z
Cisco Systems Inc. Cisco IOS XE 17.6.3a
Cisco Systems Inc. Cisco IOS XE 17.6.3a
Cisco Systems Inc. Cisco IOS XE 17.6.4
Cisco Systems Inc. Cisco IOS XE 17.6.4
Cisco Systems Inc. Cisco IOS XE 17.6.1z1
Cisco Systems Inc. Cisco IOS XE 17.6.1z1
Cisco Systems Inc. Cisco IOS XE 17.6.5
Cisco Systems Inc. Cisco IOS XE 17.6.5
Cisco Systems Inc. Cisco IOS XE 17.6.6
Cisco Systems Inc. Cisco IOS XE 17.6.6
Cisco Systems Inc. Cisco IOS XE 17.6.6a
Cisco Systems Inc. Cisco IOS XE 17.6.6a
Cisco Systems Inc. Cisco IOS XE 17.6.5a
Cisco Systems Inc. Cisco IOS XE 17.6.5a
Cisco Systems Inc. Cisco IOS XE 17.7.1
Cisco Systems Inc. Cisco IOS XE 17.7.1
Cisco Systems Inc. Cisco IOS XE 17.7.1a
Cisco Systems Inc. Cisco IOS XE 17.7.1a
Cisco Systems Inc. Cisco IOS XE 17.7.1b
Cisco Systems Inc. Cisco IOS XE 17.7.1b
Cisco Systems Inc. Cisco IOS XE 17.7.2
Cisco Systems Inc. Cisco IOS XE 17.7.2
Cisco Systems Inc. Cisco IOS XE 17.10.1
Cisco Systems Inc. Cisco IOS XE 17.10.1
Cisco Systems Inc. Cisco IOS XE 17.10.1a
Cisco Systems Inc. Cisco IOS XE 17.10.1a
Cisco Systems Inc. Cisco IOS XE 17.10.1b
Cisco Systems Inc. Cisco IOS XE 17.10.1b
Cisco Systems Inc. Cisco IOS XE 17.8.1
Cisco Systems Inc. Cisco IOS XE 17.8.1
Cisco Systems Inc. Cisco IOS XE 17.8.1a
Cisco Systems Inc. Cisco IOS XE 17.8.1a
Cisco Systems Inc. Cisco IOS XE 17.9.1
Cisco Systems Inc. Cisco IOS XE 17.9.1
Cisco Systems Inc. Cisco IOS XE 17.9.1w
Cisco Systems Inc. Cisco IOS XE 17.9.1w
Cisco Systems Inc. Cisco IOS XE 17.9.2
Cisco Systems Inc. Cisco IOS XE 17.9.2
Cisco Systems Inc. Cisco IOS XE 17.9.1a
Cisco Systems Inc. Cisco IOS XE 17.9.1a
Cisco Systems Inc. Cisco IOS XE 17.9.1x
Cisco Systems Inc. Cisco IOS XE 17.9.1x
Cisco Systems Inc. Cisco IOS XE 17.9.1y
Cisco Systems Inc. Cisco IOS XE 17.9.1y
Cisco Systems Inc. Cisco IOS XE 17.9.3
Cisco Systems Inc. Cisco IOS XE 17.9.3
Cisco Systems Inc. Cisco IOS XE 17.9.2a
Cisco Systems Inc. Cisco IOS XE 17.9.2a
Cisco Systems Inc. Cisco IOS XE 17.9.1x1
Cisco Systems Inc. Cisco IOS XE 17.9.1x1
Cisco Systems Inc. Cisco IOS XE 17.9.3a
Cisco Systems Inc. Cisco IOS XE 17.9.3a
Cisco Systems Inc. Cisco IOS XE 17.9.4
Cisco Systems Inc. Cisco IOS XE 17.9.4
Cisco Systems Inc. Cisco IOS XE 17.9.1y1
Cisco Systems Inc. Cisco IOS XE 17.9.1y1
Cisco Systems Inc. Cisco IOS XE 17.9.4a
Cisco Systems Inc. Cisco IOS XE 17.9.4a
Cisco Systems Inc. Cisco IOS XE 17.11.1
Cisco Systems Inc. Cisco IOS XE 17.11.1
Cisco Systems Inc. Cisco IOS XE 17.11.1a
Cisco Systems Inc. Cisco IOS XE 17.11.1a
Cisco Systems Inc. Cisco IOS XE 17.12.1
Cisco Systems Inc. Cisco IOS XE 17.12.1
Cisco Systems Inc. Cisco IOS XE 17.12.1w
Cisco Systems Inc. Cisco IOS XE 17.12.1w
Cisco Systems Inc. Cisco IOS XE 17.12.1a
Cisco Systems Inc. Cisco IOS XE 17.12.1a
Cisco Systems Inc. Cisco IOS XE 17.11.99SW
Cisco Systems Inc. Cisco IOS XE 17.11.99SW
Уровень опасности уязвимости
Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,8)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 8,6)
Возможные меры по устранению уязвимости
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- отключение функционала отслеживания DHCP и анализа конечных точек;
- использование средств межсетевого экранирования уровня веб-приложений для ограничения возможности удалённого доступа;
- ограничение доступа из общедоступных сетей (Интернет);
- использование виртуальных частных сетей для организации удаленного доступа (VPN).
Использование рекомендаций производителя:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Данные уточняются
Информация об устранении
Уязвимость устранена
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 66%
0.00502
Низкий
8.6 High
CVSS3
7.8 High
CVSS2
Связанные уязвимости
CVSS3: 8.6
nvd
почти 2 года назад
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.
CVSS3: 8.6
github
почти 2 года назад
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.
EPSS
Процентиль: 66%
0.00502
Низкий
8.6 High
CVSS3
7.8 High
CVSS2