Sign-up

ID

VAR-201703-0893


CVE

CVE-2017-3864


TITLE

Cisco IOS and Cisco IOS XE of DHCP Vulnerability related to resource management in client implementation

Trust: 0.8

sources: JVNDB: JVNDB-2017-002742

DESCRIPTION

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and using a specific DHCP client configuration. Cisco Bug IDs: CSCuu43892. Vendors have confirmed this vulnerability Bug ID CSCuu43892 It is released as.Service operation interruption (DoS) An attack may be carried out. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. All the vulnerabilities have a Security Impact Rating of High. -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJY0qJpZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmgUxAAr4fO4WKcJfWEA8O5 Nlj4U9E93ThFJpZErA2ikSNaWMzgXV2j9rxnUKpQbDICOWLzqlu7AuM2Gru9xrBe chLaLYOnoBf9Z4vA3qgT00IpCFSljoV524jyQCnxPtz8O6/LvA+Cq6EBw/oWfHG7 ZXeNS8sx6BoglqFuheuc62/3buvDzi6IvsszOB44YX0cxcII1v/91VxxO03sgixp 1Mp6c3hhsIbKNjCR4jYzh9xVNgCzqKylbqmkPL4I2O4kJdG26VHXJyVa/9rlpaNx uNPn7dH1nJtxbJB7uW9V/TR4zg+l4xleIqO+JUHSbh6Hsfhu3ZxPUnoNeeeh/hq6 PGhWHwAKqg0pErGAvxY/Srai2yYXdX+qw2ywy69Af3sDDK9g3EtronFof/aEnF/5 +tpdMTyX3kuw6BJhGUvgJluNLCOxidT8FKBglWG+T2LTXTJtz1y7vv9JCNI3i506 FttEVONbDpIk4LFhaIE9uG13NifTtPxq1N3lQHUGTKrCWPWjLMJ3tUJfDclu1vG0 N8/tZvtv6paKnIC+M3tC0EBYYfzNXxfbXDipWbnWLcyA4yY0BoDedJ5cV4X8aDyw U7ZzL/GHmD91DNtgxVjUDfOhgcc7Ce0UOfeaVvV1MzbLFMYhThIDOr74cNyN0Vlr joZYd+7JsSr+SHkmL7bWnRsNEbU= =Uk+n -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2017-3864 // JVNDB: JVNDB-2017-002742 // CNVD: CNVD-2017-04006 // BID: 97012 // VULHUB: VHN-112067 // VULMON: CVE-2017-3864 // PACKETSTORM: 141768

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04006

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.4

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:15.6

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:3.7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 1.0

vendor:ciscomodel:iosscope:gteversion:15.0

Trust: 1.0

vendor:ciscomodel:ios xescope:gteversion:3.3

Trust: 1.0

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios mra jxscope:gtversion:12.2(33)<12.4

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(24\)mdb18

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(24\)mdb7

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(25d\)ja1

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)t3

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(22\)t1

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)jnb

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(15\)t14

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)t

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.2\(3\)gc

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.0\(1\)sy7

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-04006 // BID: 97012 // JVNDB: JVNDB-2017-002742 // CNNVD: CNNVD-201703-987 // NVD: CVE-2017-3864

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3864
value: HIGH

Trust: 1.0

NVD: CVE-2017-3864
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-04006
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201703-987
value: HIGH

Trust: 0.6

VULHUB: VHN-112067
value: HIGH

Trust: 0.1

VULMON: CVE-2017-3864
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-3864
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-04006
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-112067
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3864
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2017-3864
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-04006 // VULHUB: VHN-112067 // VULMON: CVE-2017-3864 // JVNDB: JVNDB-2017-002742 // CNNVD: CNNVD-201703-987 // NVD: CVE-2017-3864

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-112067 // JVNDB: JVNDB-2017-002742 // NVD: CVE-2017-3864

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 141768 // CNNVD: CNNVD-201703-987

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201703-987

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002742

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-112067

PATCH
title:cisco-sa-20170322-dhcpcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-dhcpc
Trust: 0.8
title:Patch for Cisco IOS DHCP Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/91538
Trust: 0.6
title:Cisco IOS  and IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68698
Trust: 0.6
title:Threatposturl:https://threatpost.com/cisco-patches-critical-iox-vulnerability/124533/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04006 // 
            
            
            
            VULMON: CVE-2017-3864 // 
            
            
            
            JVNDB: JVNDB-2017-002742 // 
            
            
            
            CNNVD: CNNVD-201703-987

EXTERNAL IDS
db:NVDid:CVE-2017-3864
Trust: 3.6
db:BIDid:97012
Trust: 2.7
db:SECTRACKid:1038103
Trust: 1.8
db:JVNDBid:JVNDB-2017-002742
Trust: 0.8
db:CNNVDid:CNNVD-201703-987
Trust: 0.7
db:CNVDid:CNVD-2017-04006
Trust: 0.6
db:PACKETSTORMid:141768
Trust: 0.2
db:VULHUBid:VHN-112067
Trust: 0.1
db:VULMONid:CVE-2017-3864
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04006 // 
            
            
            
            VULHUB: VHN-112067 // 
            
            
            
            VULMON: CVE-2017-3864 // 
            
            
            
            BID: 97012 // 
            
            
            
            JVNDB: JVNDB-2017-002742 // 
            
            
            
            PACKETSTORM: 141768 // 
            
            
            
            CNNVD: CNNVD-201703-987 // 
            
            
            
            NVD: CVE-2017-3864

REFERENCES
url:http://www.securityfocus.com/bid/97012
Trust: 2.5
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170322-dhcpc
Trust: 2.2
url:http://www.securitytracker.com/id/1038103
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3864
Trust: 1.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3864
Trust: 0.8
url:http://seclists.org/bugtraq/2017/mar/79
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-patches-critical-iox-vulnerability/124533/
Trust: 0.1
url:http://tools.cisco.com/security/center/viewerp.x?alertid=erp-60851"].
Trust: 0.1
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170322-dhcpc"]
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04006 // 
            
            
            
            VULHUB: VHN-112067 // 
            
            
            
            VULMON: CVE-2017-3864 // 
            
            
            
            BID: 97012 // 
            
            
            
            JVNDB: JVNDB-2017-002742 // 
            
            
            
            PACKETSTORM: 141768 // 
            
            
            
            CNNVD: CNNVD-201703-987 // 
            
            
            
            NVD: CVE-2017-3864

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 97012

SOURCES
db:CNVDid:CNVD-2017-04006
db:VULHUBid:VHN-112067
db:VULMONid:CVE-2017-3864
db:BIDid:97012
db:JVNDBid:JVNDB-2017-002742
db:PACKETSTORMid:141768
db:CNNVDid:CNNVD-201703-987
db:NVDid:CVE-2017-3864

LAST UPDATE DATE
2024-11-23T22:01:12.940000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04006date:2017-04-06T00:00:00
db:VULHUBid:VHN-112067date:2020-09-04T00:00:00
db:VULMONid:CVE-2017-3864date:2020-09-04T00:00:00
db:BIDid:97012date:2017-03-23T00:01:00
db:JVNDBid:JVNDB-2017-002742date:2017-04-26T00:00:00
db:CNNVDid:CNNVD-201703-987date:2020-10-22T00:00:00
db:NVDid:CVE-2017-3864date:2024-11-21T03:26:16.307

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04006date:2017-04-06T00:00:00
db:VULHUBid:VHN-112067date:2017-03-22T00:00:00
db:VULMONid:CVE-2017-3864date:2017-03-22T00:00:00
db:BIDid:97012date:2017-03-22T00:00:00
db:JVNDBid:JVNDB-2017-002742date:2017-04-26T00:00:00
db:PACKETSTORMid:141768date:2017-03-22T17:23:00
db:CNNVDid:CNNVD-201703-987date:2017-03-23T00:00:00
db:NVDid:CVE-2017-3864date:2017-03-22T19:59:00.400