Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-10322

Опубликовано: 07 мая 2025
Источник: fstec
CVSS3: 8.6
CVSS2: 7.8
EPSS Низкий

Описание

Уязвимость функции безопасности DHCP Snooping операционных систем Cisco IOS XE связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco IOS XE

Версия ПО

16.12.1 (Cisco IOS XE)
16.11.1 (Cisco IOS XE)
16.11.1a (Cisco IOS XE)
16.11.1s (Cisco IOS XE)
16.11.1c (Cisco IOS XE)
16.12.1a (Cisco IOS XE)
16.12.1c (Cisco IOS XE)
16.12.1s (Cisco IOS XE)
16.11.2 (Cisco IOS XE)
17.2.1 (Cisco IOS XE)
17.1.1 (Cisco IOS XE)
16.12.2 (Cisco IOS XE)
16.12.2s (Cisco IOS XE)
16.12.2t (Cisco IOS XE)
16.12.4 (Cisco IOS XE)
16.12.3s (Cisco IOS XE)
17.1.1s (Cisco IOS XE)
17.1.2 (Cisco IOS XE)
17.1.1t (Cisco IOS XE)
17.1.3 (Cisco IOS XE)
17.2.1r (Cisco IOS XE)
17.2.1v (Cisco IOS XE)
17.2.2 (Cisco IOS XE)
17.3.1 (Cisco IOS XE)
17.3.1a (Cisco IOS XE)
17.6.1 (Cisco IOS XE)
17.9.1 (Cisco IOS XE)
17.9.1a (Cisco IOS XE)
17.11.1 (Cisco IOS XE)
17.11.1a (Cisco IOS XE)
17.12.1 (Cisco IOS XE)
17.12.1a (Cisco IOS XE)
17.10.1 (Cisco IOS XE)
17.10.1a (Cisco IOS XE)
16.12.3 (Cisco IOS XE)
16.12.8 (Cisco IOS XE)
16.12.5 (Cisco IOS XE)
16.12.6 (Cisco IOS XE)
16.12.7 (Cisco IOS XE)
17.8.1 (Cisco IOS XE)
17.9.2 (Cisco IOS XE)
17.9.3 (Cisco IOS XE)
17.9.4 (Cisco IOS XE)
17.9.4a (Cisco IOS XE)
17.7.1 (Cisco IOS XE)
17.6.5a (Cisco IOS XE)
17.6.6a (Cisco IOS XE)
17.6.6 (Cisco IOS XE)
17.6.2 (Cisco IOS XE)
17.6.3 (Cisco IOS XE)
17.6.4 (Cisco IOS XE)
17.6.5 (Cisco IOS XE)
17.3.2 (Cisco IOS XE)
17.3.3 (Cisco IOS XE)
17.3.4 (Cisco IOS XE)
17.3.5 (Cisco IOS XE)
17.3.6 (Cisco IOS XE)
17.3.7 (Cisco IOS XE)
17.3.8 (Cisco IOS XE)
17.3.8a (Cisco IOS XE)
17.4.1 (Cisco IOS XE)
17.5.1 (Cisco IOS XE)
17.2.3 (Cisco IOS XE)
17.3.4a (Cisco IOS XE)
17.4.1a (Cisco IOS XE)
17.4.1b (Cisco IOS XE)
17.4.1c (Cisco IOS XE)
17.4.2 (Cisco IOS XE)
17.5.1a (Cisco IOS XE)
17.5.1b (Cisco IOS XE)
17.5.1c (Cisco IOS XE)
17.6.1a (Cisco IOS XE)
17.6.3a (Cisco IOS XE)
17.7.1a (Cisco IOS XE)
17.7.2 (Cisco IOS XE)
17.8.1a (Cisco IOS XE)
17.9.2a (Cisco IOS XE)
17.9.3a (Cisco IOS XE)
17.12.2 (Cisco IOS XE)
17.6.1y (Cisco IOS XE)
17.9.5a (Cisco IOS XE)
17.12.3a (Cisco IOS XE)
17.13.1 (Cisco IOS XE)
17.13.1a (Cisco IOS XE)
17.14.1 (Cisco IOS XE)
17.14.1a (Cisco IOS XE)
17.6.7 (Cisco IOS XE)
17.9.5 (Cisco IOS XE)
17.12.3 (Cisco IOS XE)
17.9.5e (Cisco IOS XE)
17.9.5f (Cisco IOS XE)
17.12.4 (Cisco IOS XE)
17.12.4a (Cisco IOS XE)
17.12.4b (Cisco IOS XE)
17.6.8a (Cisco IOS XE)
17.15.1 (Cisco IOS XE)
17.15.1a (Cisco IOS XE)
17.6.8 (Cisco IOS XE)
17.9.6 (Cisco IOS XE)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Cisco Systems Inc. Cisco IOS XE 16.12.1
Cisco Systems Inc. Cisco IOS XE 16.11.1
Cisco Systems Inc. Cisco IOS XE 16.11.1a
Cisco Systems Inc. Cisco IOS XE 16.11.1s
Cisco Systems Inc. Cisco IOS XE 16.11.1c
Cisco Systems Inc. Cisco IOS XE 16.12.1a
Cisco Systems Inc. Cisco IOS XE 16.12.1c
Cisco Systems Inc. Cisco IOS XE 16.12.1s
Cisco Systems Inc. Cisco IOS XE 16.11.2
Cisco Systems Inc. Cisco IOS XE 17.2.1
Cisco Systems Inc. Cisco IOS XE 17.1.1
Cisco Systems Inc. Cisco IOS XE 16.12.2
Cisco Systems Inc. Cisco IOS XE 16.12.2s
Cisco Systems Inc. Cisco IOS XE 16.12.2t
Cisco Systems Inc. Cisco IOS XE 16.12.4
Cisco Systems Inc. Cisco IOS XE 16.12.3s
Cisco Systems Inc. Cisco IOS XE 17.1.1s
Cisco Systems Inc. Cisco IOS XE 17.1.2
Cisco Systems Inc. Cisco IOS XE 17.1.1t
Cisco Systems Inc. Cisco IOS XE 17.1.3
Cisco Systems Inc. Cisco IOS XE 17.2.1r
Cisco Systems Inc. Cisco IOS XE 17.2.1v
Cisco Systems Inc. Cisco IOS XE 17.2.2
Cisco Systems Inc. Cisco IOS XE 17.3.1
Cisco Systems Inc. Cisco IOS XE 17.3.1a
Cisco Systems Inc. Cisco IOS XE 17.6.1
Cisco Systems Inc. Cisco IOS XE 17.9.1
Cisco Systems Inc. Cisco IOS XE 17.9.1a
Cisco Systems Inc. Cisco IOS XE 17.11.1
Cisco Systems Inc. Cisco IOS XE 17.11.1a
Cisco Systems Inc. Cisco IOS XE 17.12.1
Cisco Systems Inc. Cisco IOS XE 17.12.1a
Cisco Systems Inc. Cisco IOS XE 17.10.1
Cisco Systems Inc. Cisco IOS XE 17.10.1a
Cisco Systems Inc. Cisco IOS XE 16.12.3
Cisco Systems Inc. Cisco IOS XE 16.12.8
Cisco Systems Inc. Cisco IOS XE 16.12.5
Cisco Systems Inc. Cisco IOS XE 16.12.6
Cisco Systems Inc. Cisco IOS XE 16.12.7
Cisco Systems Inc. Cisco IOS XE 17.8.1
Cisco Systems Inc. Cisco IOS XE 17.9.2
Cisco Systems Inc. Cisco IOS XE 17.9.3
Cisco Systems Inc. Cisco IOS XE 17.9.4
Cisco Systems Inc. Cisco IOS XE 17.9.4a
Cisco Systems Inc. Cisco IOS XE 17.7.1
Cisco Systems Inc. Cisco IOS XE 17.6.5a
Cisco Systems Inc. Cisco IOS XE 17.6.6a
Cisco Systems Inc. Cisco IOS XE 17.6.6
Cisco Systems Inc. Cisco IOS XE 17.6.2
Cisco Systems Inc. Cisco IOS XE 17.6.3
Cisco Systems Inc. Cisco IOS XE 17.6.4
Cisco Systems Inc. Cisco IOS XE 17.6.5
Cisco Systems Inc. Cisco IOS XE 17.3.2
Cisco Systems Inc. Cisco IOS XE 17.3.3
Cisco Systems Inc. Cisco IOS XE 17.3.4
Cisco Systems Inc. Cisco IOS XE 17.3.5
Cisco Systems Inc. Cisco IOS XE 17.3.6
Cisco Systems Inc. Cisco IOS XE 17.3.7
Cisco Systems Inc. Cisco IOS XE 17.3.8
Cisco Systems Inc. Cisco IOS XE 17.3.8a
Cisco Systems Inc. Cisco IOS XE 17.4.1
Cisco Systems Inc. Cisco IOS XE 17.5.1
Cisco Systems Inc. Cisco IOS XE 17.2.3
Cisco Systems Inc. Cisco IOS XE 17.3.4a
Cisco Systems Inc. Cisco IOS XE 17.4.1a
Cisco Systems Inc. Cisco IOS XE 17.4.1b
Cisco Systems Inc. Cisco IOS XE 17.4.1c
Cisco Systems Inc. Cisco IOS XE 17.4.2
Cisco Systems Inc. Cisco IOS XE 17.5.1a
Cisco Systems Inc. Cisco IOS XE 17.5.1b
Cisco Systems Inc. Cisco IOS XE 17.5.1c
Cisco Systems Inc. Cisco IOS XE 17.6.1a
Cisco Systems Inc. Cisco IOS XE 17.6.3a
Cisco Systems Inc. Cisco IOS XE 17.7.1a
Cisco Systems Inc. Cisco IOS XE 17.7.2
Cisco Systems Inc. Cisco IOS XE 17.8.1a
Cisco Systems Inc. Cisco IOS XE 17.9.2a
Cisco Systems Inc. Cisco IOS XE 17.9.3a
Cisco Systems Inc. Cisco IOS XE 17.12.2
Cisco Systems Inc. Cisco IOS XE 17.6.1y
Cisco Systems Inc. Cisco IOS XE 17.9.5a
Cisco Systems Inc. Cisco IOS XE 17.12.3a
Cisco Systems Inc. Cisco IOS XE 17.13.1
Cisco Systems Inc. Cisco IOS XE 17.13.1a
Cisco Systems Inc. Cisco IOS XE 17.14.1
Cisco Systems Inc. Cisco IOS XE 17.14.1a
Cisco Systems Inc. Cisco IOS XE 17.6.7
Cisco Systems Inc. Cisco IOS XE 17.9.5
Cisco Systems Inc. Cisco IOS XE 17.12.3
Cisco Systems Inc. Cisco IOS XE 17.9.5e
Cisco Systems Inc. Cisco IOS XE 17.9.5f
Cisco Systems Inc. Cisco IOS XE 17.12.4
Cisco Systems Inc. Cisco IOS XE 17.12.4a
Cisco Systems Inc. Cisco IOS XE 17.12.4b
Cisco Systems Inc. Cisco IOS XE 17.6.8a
Cisco Systems Inc. Cisco IOS XE 17.15.1
Cisco Systems Inc. Cisco IOS XE 17.15.1a
Cisco Systems Inc. Cisco IOS XE 17.6.8
Cisco Systems Inc. Cisco IOS XE 17.9.6

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,8)
Высокий уровень опасности (базовая оценка CVSS 3.1 составляет 8,6)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 39%
0.00177
Низкий

8.6 High

CVSS3

7.8 High

CVSS2

Связанные уязвимости

nvd логотип

CVE-2025-20162

CVSS3: 8.6
nvd
9 месяцев назад

A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in a denial of service (DoS) condition. This vulnerability is due to improper handling of DHCP request packets. An attacker could exploit this vulnerability by sending DHCP request packets to an affected device. A successful exploit could allow the attacker to cause packets to wedge in the queue, creating a DoS condition for downstream devices of the affected system and requiring that the system restart to drain the queue. Note: This vulnerability can be exploited with either unicast or broadcast DHCP packets on a VLAN that does not have DHCP snooping enabled.

github логотип

GHSA-p84x-683q-c49j

CVSS3: 8.6
github
9 месяцев назад

A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in a denial of service (DoS) condition. This vulnerability is due to improper handling of DHCP request packets. An attacker could exploit this vulnerability by sending DHCP request packets to an affected device. A successful exploit could allow the attacker to cause packets to wedge in the queue, creating a DoS condition for downstream devices of the affected system and requiring that the system restart to drain the queue. Note: This vulnerability can be exploited with either unicast or broadcast DHCP packets on a VLAN that does not have DHCP snooping enabled.

EPSS

Процентиль: 39%
0.00177
Низкий

8.6 High

CVSS3

7.8 High

CVSS2