CVE-2015-6392

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions 4.1 through 7.3 Cisco NX-OS versions 11.0 through 11.2

Description A vulnerability in the implementation of the DHCPv4 relay agent and smart relay agent could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The issue is due to improper validation of crafted DHCPv4 offer packets. An attacker could exploit this by sending crafted DHCPv4 offer packets to an affected device, potentially causing the DHCP process or device to crash. This can be triggered by crafted DHCP packets processed by a DHCP relay agent or smart relay agent listening on the device using the IPv4 broadcast address or the IPv4 unicast address of any interface configured on a device.

Recommendations For Cisco NX-OS versions 4.1 through 7.3, update to a fixed version of the software. For Cisco NX-OS versions 11.0 through 11.2, update to a fixed version of the software. As a temporary workaround, consider restricting access to the DHCP relay agent and smart relay agent to minimize the risk of exploitation.