Cisco IOS DHCP Blocked Interface Denial-of-Service - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Cisco IOS devices running branches of Cisco IOS version 12.2S that
have Dynamic Host Configuration Protocol (DHCP) server or relay agent
enabled, even if not configured, are vulnerable to a denial of service
where the input queue becomes blocked when receiving specifically
crafted DHCP packets. Cisco is providing free fixed software to address
this issue. There are also workarounds to mitigate this vulnerability.
This issue was introduced by the fix included in CSCdx46180 and is
being tracked by Cisco Bug ID CSCee50294.

See also :

http://www.nessus.org/u?7f0d4f1a
http://www.nessus.org/u?ccad8deb

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20041110-dhcp.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: CISCO

Nessus Plugin ID: 48978 (cisco-sa-20041110-dhcphttp.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1111