CVE-2019-1840

Name of the Vulnerable Software and Affected Versions Cisco Prime Network Registrar versions prior to 8.3(7) and 9.1(2)

Description The issue is related to the incorrect initialization in the DHCPv6 input packet processor of Cisco Prime Network Registrar. This could allow a remote attacker to cause a denial of service (DoS) condition by sending malformed DHCPv6 packets. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet. An attacker could exploit this by sending malformed packets, potentially leading to a restart of the service and, if repeated, a DoS condition. This vulnerability can only be exploited if custom extensions that attempt to modify packet details before processing are installed.

Recommendations For versions prior to 8.3(7), update to version 8.3(7) or later to resolve the issue. For versions prior to 9.1(2), update to version 9.1(2) or later to resolve the issue. As a temporary workaround, consider disabling custom extensions that modify packet parameters until a patch is available. Restrict access to the DHCPv6 packet processor to minimize the risk of exploitation. Avoid using custom extensions that attempt to modify packet details before the packet has been sanitized until the issue is resolved.