← Back

CVE-2017-3859

nvd nist
Published: Mar 22, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385.

Affected (33)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
33 vulnerable · 8 platform
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
Version 3.13.4s
Ios Xe
Version 3.13.5as
Ios Xe
Version 3.13.5s
Ios Xe
Version 3.13.6as
Ios Xe
Version 3.13.6s
Ios Xe
Version 3.14.3s
Ios Xe
Version 3.14.4s
Ios Xe
Version 3.15.2s
Ios Xe
Version 3.15.3s
Ios Xe
Version 3.15.4s
Ios Xe
Version 3.16.0cs
Ios Xe
Version 3.16.0s
Ios Xe
Version 3.16.1as
Ios Xe
Version 3.16.1s
Ios Xe
Version 3.16.2as
Ios Xe
Version 3.16.2bs
Ios Xe
Version 3.16.2s
Ios Xe
Version 3.16.3as
Ios Xe
Version 3.16.3s
Ios Xe
Version 3.17.0s
Ios Xe
Version 3.17.1as
Ios Xe
Version 3.17.1s
Ios Xe
Version 3.17.2s
Ios Xe
Version 3.18.0as
Ios Xe
Version 3.18.0s
Ios Xe
Version 3.18.0sp
Ios Xe
Version 3.18.1asp
Ios Xe
Version 3.18.1bsp
Ios Xe
Version 3.18.1csp
Ios Xe
Version 3.18.1s
Ios Xe
Version 3.18.1sp
Ios Xe
Version 3.18.2s
Ios Xe
Version 3.18.3vs
Running on/withPlatform Versions
Cisco
Asr 920 12cz A
All versions
Cisco
Asr 920 12cz D
All versions
Cisco
Asr 920 12sz Im
All versions
Cisco
Asr 920 24sz Im
All versions
Cisco
Asr 920 24sz M
All versions
Cisco
Asr 920 24tz M
All versions
Cisco
Asr 920 4sz A
All versions
Cisco
Asr 920 4sz D
All versions

Related CWEs

CWE-134
Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (6)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.