Vulnerability Name:

CVE-2021-34737 (CCN-208880)

Assigned:2021-09-08
Published:2021-09-08
Updated:2021-09-22
Summary:A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the dhcpd process. While the dhcpd process is restarting, which may take up to approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period.
Note: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
5.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-476
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-34737

Source: XF
Type: UNKNOWN
cisco-cve202134737-dos(208880)

Source: CCN
Type: Cisco Security Advisory cisco-sa-iosxr-dhcp-dos-pjPVReLU
Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability

Source: CISCO
Type: Vendor Advisory
20210908 Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version < 7.3.2)
  • OR cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version >= 7.4.0 and <= 7.4.1)
  • AND
  • cpe:/h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9001:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9006:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9010:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9901:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9902:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9903:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9904:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9906:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9910:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9912:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:asr_9922:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version < 7.3.2)
  • OR cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version >= 7.4.0 and <= 7.4.1)
  • AND
  • cpe:/h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version < 7.3.2)
  • OR cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version >= 7.4.0 and < 7.4.1)
  • AND
  • cpe:/h:cisco:ncs540-12z20g-sys-a:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540-12z20g-sys-d:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540-24z8q2c-m:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540-24z8q2c-sys:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540-28z4c-sys-a:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540-28z4c-sys-d:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540-acc-sys:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540x-12z16g-sys-a:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540x-12z16g-sys-d:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540x-16z4g8q2c-a:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540x-16z4g8q2c-d:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs540x-acc-sys:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version < 7.3.2)
  • OR cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version >= 7.4.0 and < 7.4.1)
  • AND
  • cpe:/h:cisco:ncs_5001:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs_5002:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs_5011:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version < 7.3.2)
  • OR cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version >= 7.4.0 and < 7.4.1)
  • AND
  • cpe:/h:cisco:ncs_560-4:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs_560-7:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version < 7.3.2)
  • OR cpe:/o:cisco:ios_xr:*:*:*:*:*:*:*:* (Version >= 7.4.0 and < 7.4.1)
  • AND
  • cpe:/h:cisco:ncs_5501:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs_5502:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs_5508:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ncs_5516:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco ios xr *
    cisco ios xr *
    cisco asr 9000v-v2 -
    cisco asr 9001 -
    cisco asr 9006 -
    cisco asr 9010 -
    cisco asr 9901 -
    cisco asr 9902 -
    cisco asr 9903 -
    cisco asr 9904 -
    cisco asr 9906 -
    cisco asr 9910 -
    cisco asr 9912 -
    cisco asr 9922 -
    cisco ios xr *
    cisco ios xr *
    cisco ios xrv 9000 -
    cisco ios xr *
    cisco ios xr *
    cisco ncs540-12z20g-sys-a -
    cisco ncs540-12z20g-sys-d -
    cisco ncs540-24z8q2c-m -
    cisco ncs540-24z8q2c-sys -
    cisco ncs540-28z4c-sys-a -
    cisco ncs540-28z4c-sys-d -
    cisco ncs540-acc-sys -
    cisco ncs540x-12z16g-sys-a -
    cisco ncs540x-12z16g-sys-d -
    cisco ncs540x-16z4g8q2c-a -
    cisco ncs540x-16z4g8q2c-d -
    cisco ncs540x-acc-sys -
    cisco ios xr *
    cisco ios xr *
    cisco ncs 5001 -
    cisco ncs 5002 -
    cisco ncs 5011 -
    cisco ios xr *
    cisco ios xr *
    cisco ncs 560-4 -
    cisco ncs 560-7 -
    cisco ios xr *
    cisco ios xr *
    cisco ncs 5501 -
    cisco ncs 5501-se -
    cisco ncs 5502 -
    cisco ncs 5502-se -
    cisco ncs 5508 -
    cisco ncs 5516 -