Detections
Analytics
Cisco IOS XR DHCPv4 Message Saturation DoS
medium Nessus Plugin ID 82473
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
The remote Cisco ASR 9000 device is running a version of Cisco IOS XR that is affected by a denial of service vulnerability due to improper processing of crafted DHCP messages. An unauthenticated, remote attacker can exploit this issue by sending a large amount of crafted DHCP messages to a targeted interface to cause the device to stop responding, resulting in a denial of service condition.Solution
Apply the relevant patch referenced in Cisco bug ID CSCup67822.See Also
https://tools.cisco.com/security/center/viewAlert.x?alertId=38006
Plugin Details
Severity: Medium
ID: 82473
File Name: cisco-sn-CSCup67822-iosxr.nasl
Version: 1.5
Type: combined
Family: CISCO
Published: 3/31/2015
Updated: 4/8/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.5
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2015-0672
Vulnerability Information
CPE: cpe:/o:cisco:ios_xr, cpe:/h:cisco:asr
Required KB Items: Host/Cisco/IOS-XR/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 3/24/2015
Vulnerability Publication Date: 3/24/2015
Reference Information
CVE: CVE-2015-0672
BID: 73318
CISCO-BUG-ID: CSCup67822