CVE-2018-0174

Published: Mar 28, 2018Modified: Jan 14, 2026CISA KEV

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.

Affected (6)

Products: Cisco: Ios, Ios Xe

Cisco

2 products

Ios

Ios Xe

Configuration A

2 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Cisco Ios	Version 12.2(33)sre7a
Cisco Ios Xe	Version 12.2(33)sre7a

Running on/with	Platform Versions
Cisco 7600 Series Route Switch Processor 720	All versions
Cisco 7600 Series Supervisor Engine 32	All versions
Cisco 7600 Series Supervisor Engine 720	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ios	Up to 15.2\(4a\)ea5
Cisco Ios Xe	Up to 15.2\(4a\)ea5

Running on/with	Platform Versions
Rockwellautomation Allen Bradley Stratix 8300	All versions

Configuration C

2 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Cisco Ios	Up to 15.2\(6\)e0a
Cisco Ios Xe	Up to 15.2\(6\)e0a

Running on/with	Platform Versions
Rockwellautomation Allen Bradley Armorstratix 5700	All versions
Rockwellautomation Allen Bradley Stratix 5400	All versions
Rockwellautomation Allen Bradley Stratix 5410	All versions
Rockwellautomation Allen Bradley Stratix 5700	All versions
Rockwellautomation Allen Bradley Stratix 8000	All versions