• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Cisco IOS DHCP Input Queue Blocking Denial Of Service Vulnerability

Severity: HIGH

Description:

Cisco IOS is reported susceptible to a remote denial of service vulnerability when handling specific DHCP packets.

Cisco IOS contains a DHCP server, and DHCP relay agent functionality. This functionality is used to serve as a DHCP (Dynamic Host Configuration Protocol) server in a network, or to forward DHCP and BOOTP packets from one broadcast domain to another in order to enhance the reach of an existing DHCP server. This functionality is enabled by default, even if no configuration has been specified.

Reportedly, DHCP packets containing certain unspecified content have the capability to block the input queue of interfaces on affected devices. These DHCP packets are undeliverable, but permanently remain in the input queue. Once the input queue of an interface has been filled by multiple malicious DHCP packets, it will cease to process further packets destined for the device.

Once an input queue is blocked in this manner, further ARP, and routing protocol packets will not be processed. This condition can only be corrected by rebooting the affected device.

DHCP is a UDP-based protocol, allowing attackers to spoof the source address of their attack.

An attacker with the ability to send malicious DHCP packets to an affected device may be able to interrupt the routing services of the affected device, potentially denying further network service to legitimate users.

Affected Products:

• Cisco 2650 Multiservice Platform 0.0.0
• Cisco 2650XM Multiservice Platform 0.0.0
• Cisco 2651 Multiservice Platform 0.0.0
• Cisco 2651XM Multiservice Platform 0.0.0
• Cisco 7200 0.0.0
• Cisco 7300 0.0.0
• Cisco 7500 0.0.0
• Cisco 7600 0.0.0
• Cisco Catalyst 7600 Sup720/MSFC3
• Cisco IOS 12.2(14)SZ
• Cisco IOS 12.2(18)EW
• Cisco IOS 12.2(18)EWA
• Cisco IOS 12.2(18)S
• Cisco IOS 12.2(18)SE
• Cisco IOS 12.2(18)SV
• Cisco IOS 12.2(18)SW
• Cisco IOS 12.2(20)EW

References:

• Cisco: Cisco Security Advisory: Cisco IOS DHCP Blocked Interface Denial-of-Service

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.