What is the severity of cisco-sa-cpnr-dhcp-dos-BkEZfhLP?

The severity of cisco-sa-cpnr-dhcp-dos-BkEZfhLP is rated as high due to its potential to cause a denial of service.

How do I fix cisco-sa-cpnr-dhcp-dos-BkEZfhLP?

To fix cisco-sa-cpnr-dhcp-dos-BkEZfhLP, update the affected Cisco Prime Network Registrar to a fixed version as specified in the advisory.

Which versions are affected by cisco-sa-cpnr-dhcp-dos-BkEZfhLP?

Cisco Prime Network Registrar versions 8.3, 9.0, 9.1, and 10.0 are affected by cisco-sa-cpnr-dhcp-dos-BkEZfhLP.

Who can exploit cisco-sa-cpnr-dhcp-dos-BkEZfhLP?

cisco-sa-cpnr-dhcp-dos-BkEZfhLP can be exploited by unauthenticated, remote attackers.

What causes the vulnerability cisco-sa-cpnr-dhcp-dos-BkEZfhLP?

The vulnerability cisco-sa-cpnr-dhcp-dos-BkEZfhLP is caused by insufficient input validation of incoming DHCP traffic.

Vulnerability/
cisco-sa-cpnr-dhcp-dos-BkEZfhLP

high

7.5

CWE

20/5/2020

cisco-sa-cpnr-dhcp-dos-BkEZfhLP: Cisco Prime Network Registrar DHCP Denial of Service Vulnerability

First published: Wed May 20 2020(Updated: )

A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-dhcp-dos-BkEZfhLP

Credit: This vulnerability was found during the resolution a Cisco TAC support case

Affected Software	Affected Version	How to fix
Cisco Prime Network Registrar	=10.1<10.1.0.1>=8.3=9.0=9.1<=10.0<10.1.0.1	10.1.0.1 10.1.0.1

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-dhcp-dos-BkEZfhLP (Advisory)

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2020-3272

Frequently Asked Questions

What is the severity of cisco-sa-cpnr-dhcp-dos-BkEZfhLP?
The severity of cisco-sa-cpnr-dhcp-dos-BkEZfhLP is rated as high due to its potential to cause a denial of service.
How do I fix cisco-sa-cpnr-dhcp-dos-BkEZfhLP?
To fix cisco-sa-cpnr-dhcp-dos-BkEZfhLP, update the affected Cisco Prime Network Registrar to a fixed version as specified in the advisory.
Which versions are affected by cisco-sa-cpnr-dhcp-dos-BkEZfhLP?
Cisco Prime Network Registrar versions 8.3, 9.0, 9.1, and 10.0 are affected by cisco-sa-cpnr-dhcp-dos-BkEZfhLP.
Who can exploit cisco-sa-cpnr-dhcp-dos-BkEZfhLP?
cisco-sa-cpnr-dhcp-dos-BkEZfhLP can be exploited by unauthenticated, remote attackers.
What causes the vulnerability cisco-sa-cpnr-dhcp-dos-BkEZfhLP?
The vulnerability cisco-sa-cpnr-dhcp-dos-BkEZfhLP is caused by insufficient input validation of incoming DHCP traffic.

agent/type
agent/last-modified-date
agent/first-publish-date
agent/severity
agent/title
agent/author
agent/weakness
agent/references
agent/remedy
agent/description
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/cisco-advisory
source/Cisco
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco prime network registrar
version/cisco prime network registrar/10.1
version/cisco prime network registrar/8.3
version/cisco prime network registrar/9.0
version/cisco prime network registrar/9.1
version/cisco prime network registrar/10.0