ID CVE-2004-1111
Summary Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.
References
Vulnerable Configurations
  • Cisco IOS 12.2 (14)SZ
    cpe:2.3:o:cisco:ios:12.2%2814%29sz
  • Cisco IOS 12.2 (18)EW
    cpe:2.3:o:cisco:ios:12.2%2818%29ew
  • Cisco IOS 12.2 (18)EWA
    cpe:2.3:o:cisco:ios:12.2%2818%29ewa
  • Cisco IOS 12.2 (18)S
    cpe:2.3:o:cisco:ios:12.2%2818%29s
  • Cisco IOS 12.2 (18)SE
    cpe:2.3:o:cisco:ios:12.2%2818%29se
  • Cisco IOS 12.2 (18)SV
    cpe:2.3:o:cisco:ios:12.2%2818%29sv
  • Cisco IOS 12.2 (18)SW
    cpe:2.3:o:cisco:ios:12.2%2818%29sw
  • Cisco IOS 12.2 (20)EW
    cpe:2.3:o:cisco:ios:12.2%2820%29ew
  • Cisco Multiservice Platform 2650
    cpe:2.3:h:cisco:multiservice_platform_2650
  • Cisco Multiservice Platform 2650XM
    cpe:2.3:h:cisco:multiservice_platform_2650xm
  • Cisco Multiservice Platform 2651
    cpe:2.3:h:cisco:multiservice_platform_2651
  • Cisco Multiservice Platform 2651XM
    cpe:2.3:h:cisco:multiservice_platform_2651xm
  • Cisco 7200
    cpe:2.3:h:cisco:7200_router
  • Cisco 7300
    cpe:2.3:h:cisco:7300_router
  • Cisco 7500
    cpe:2.3:h:cisco:7500_router
  • Cisco 7600
    cpe:2.3:h:cisco:7600_router
  • cpe:2.3:h:cisco:catalyst_7600:-:sup720_msfc3
    cpe:2.3:h:cisco:catalyst_7600:-:sup720_msfc3
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family CISCO
    NASL id CSCEE50294.NASL
    description The remote router contains a version of IOS which has flaw in the DHCP service/relay service that may let an attacker to disable DHCP serving and or relaying on the remote router. CISCO identifies this vulnerability as bug id CSCee50294.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 15782
    published 2004-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15782
    title Cisco IOS Malformed DHCP Packet DoS (CSCee50294)
  • NASL family CISCO
    NASL id CISCO-SA-20041110-DHCPHTTP.NASL
    description Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets. Cisco is providing free fixed software to address this issue. There are also workarounds to mitigate this vulnerability. This issue was introduced by the fix included in CSCdx46180 and is being tracked by Cisco Bug ID CSCee50294.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 48978
    published 2010-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48978
    title Cisco IOS DHCP Blocked Interface Denial-of-Service - Cisco Systems
oval via4
accepted 2008-09-08T04:00:31.343-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.
family ios
id oval:org.mitre.oval:def:5632
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco Systems IOS DHCP Input Queue DoS Vulnerability
version 3
refmap via4
cert TA04-316A
cert-vn VU#630104
ciac P-034
cisco 20041110 Cisco Security Advisory: Cisco IOS DHCP Blocked Interface Denial-of-Service
xf cisco-ios-dhcp-dos(18021)
Last major update 04-03-2009 - 00:23
Published 10-01-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top