CVE-2021-34737

Published: Sep 9, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period. Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.

Affected (3)

Products: Cisco: Ios Xr

Cisco

1 product

Ios Xr

Configuration A

12 platform

Running on/with	Platform Versions
Cisco Asr 9000v V2	All versions
Cisco Asr 9001	All versions
Cisco Asr 9006	All versions
Cisco Asr 9010	All versions
Cisco Asr 9901	All versions
Cisco Asr 9902	All versions
Cisco Asr 9903	All versions
Cisco Asr 9904	All versions
Cisco Asr 9906	All versions
Cisco Asr 9910	All versions
Cisco Asr 9912	All versions
Cisco Asr 9922	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	From 7.4.0 to 7.4.1

Running on/with	Platform Versions
Cisco Ios Xrv 9000	All versions

Configuration C

12 platform

Running on/with	Platform Versions
Cisco Ncs540 12z20g Sys A	All versions
Cisco Ncs540 12z20g Sys D	All versions
Cisco Ncs540 24z8q2c M	All versions
Cisco Ncs540 24z8q2c Sys	All versions
Cisco Ncs540 28z4c Sys A	All versions
Cisco Ncs540 28z4c Sys D	All versions
Cisco Ncs540 Acc Sys	All versions
Cisco Ncs540x 12z16g Sys A	All versions
Cisco Ncs540x 12z16g Sys D	All versions
Cisco Ncs540x 16z4g8q2c A	All versions
Cisco Ncs540x 16z4g8q2c D	All versions
Cisco Ncs540x Acc Sys	All versions

Configuration D

3 platform

Running on/with	Platform Versions
Cisco Ncs 5001	All versions
Cisco Ncs 5002	All versions
Cisco Ncs 5011	All versions

Configuration E

2 platform

Running on/with	Platform Versions
Cisco Ncs 560 4	All versions
Cisco Ncs 560 7	All versions

Configuration F

2 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Before 7.3.2
Cisco Ios Xr	From 7.4.0 to 7.4.1

Running on/with	Platform Versions
Cisco Ncs 5501	All versions
Cisco Ncs 5501 Se	All versions
Cisco Ncs 5502	All versions
Cisco Ncs 5502 Se	All versions
Cisco Ncs 5508	All versions
Cisco Ncs 5516	All versions

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-pjPVReLU

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-pjPVReLU

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.