CVE-2017-3859

Name of the Vulnerable Software and Affected Versions Cisco ASR 920 Series Aggregation Services Routers versions 3.13 through 3.18

Description A vulnerability in the DHCP code for the Zero Touch Provisioning feature could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device, resulting in a denial of service (DoS) condition.

Recommendations For versions 3.13 through 3.18, update to a newer version of Cisco IOS XE Software that addresses this vulnerability. As a temporary workaround, consider disabling the DHCP server port to minimize the risk of exploitation.