Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2017-3864
HistoryMar 22, 2017 - 7:59 p.m.

CVE-2017-3864

2017-03-2219:59:00
CWE-399
cisco
web.nvd.nist.gov
45
4
cve-2017-3864
dhcp
cisco
ios
ios xe
vulnerability
denial of service
remote attacker
nvd
cisco bug ids
cscuu43892

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON

A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and using a specific DHCP client configuration. Cisco Bug IDs: CSCuu43892.

Affected configurations

Nvd
Node
ciscoiosRange15.015.6
OR
ciscoiosMatch12.2
OR
ciscoiosMatch12.4
OR
ciscoios_xeRange3.33.7
VendorProductVersionCPE
ciscoios*cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
ciscoios12.2cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*
ciscoios12.4cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*
ciscoios_xe*cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco IOS and IOS XE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS and IOS XE"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
nessus 2
openvas 2
prion 1
cisco 1
nvd 1
threatpost 1
cvelist
cvelist
CVE-2017-3864
2017-03-22 19:00:00
nessus
nessus
Cisco IOS XE DHCP Client DoS (cisco-sa-20170322-dhcpc)
2017-03-28 00:00:00
Cisco IOS DHCP Client DoS (cisco-sa-20170322-dhcpc)
2017-03-28 00:00:00
openvas
openvas
Cisco IOS XE Software DHCP Client Denial of Service Vulnerability
2017-03-23 00:00:00
Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability
2017-03-23 00:00:00
prion
prion
Race condition
2017-03-22 19:59:00
cisco
cisco
Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability
2017-03-22 16:00:00
nvd
nvd
CVE-2017-3864
2017-03-22 19:59:00
threatpost
threatpost
Cisco Patches Critical IOx Vulnerability
2017-03-23 15:24:47

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON
Related for CVE-2017-3864
cvelist1nessus2openvas2prion1cisco1nvd1threatpost1