CVE-2007-2461

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) and PIX versions 7.2(1) through 7.2(2.14)

Description The issue allows remote attackers to cause a denial of service, resulting in dropped packets. This occurs when a DHCPREQUEST or DHCPINFORM message causes multiple DHCPACK messages to be sent from DHCP servers to the agent, consuming the memory allocated for a local buffer. The issue is specific to configurations where multiple DHCP servers are used.

Recommendations For versions 7.2(1) through 7.2(2.14), consider restricting the use of the DHCP relay agent until a patch is available. As a temporary workaround, limiting the number of DHCP servers used could minimize the risk of exploitation.