-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability

Advisory ID: cisco-sa-20170322-ztp

Revision: 1.0

For Public Release: 2017 March 22 16:00 GMT

Last Updated: 2017 March 22 16:00 GMT

CVE ID(s): CVE-2017-3859

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-ztp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-ztp"]

This advisory is part of the March 22, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: March 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-60851"].

-----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJY0qLqZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHldyhAA4AUlw+TdlwzGjw66
a9A1qiAyLXXUNOACKIzHcNZ9vM0nEnYdi9MrS36J/W3bU4etGzgOkJ6oMt2AOU8V
fgykNstP2rcUwn2qiAhL9edrG2iBTG3FVgKaeud/pYobXqHX7U9EgPwxANZkdNez
Xt0cCQCa6ENn8MgVbboCZl2AMXhV7rkI45J1a3ecoN/ooZN71TTo/vtYv8nl4khE
VxRBLNE3sSSNgE0tcnseoH01kjTzGn2lh5e/RJL/F8OMMTg+sg399HGkxlVF/r0Y
4c5dIad5eg3Ra3X1El8s8r0p8YBmFhvBuO64MYzysT4OYNPOw2dMbtAso/b3vpJf
uRkHpOMEPM0Jg+hZBNGyCyUMyipfPmlaUvEIb6o4+vM/uNVwH5qpsgkVXWuCwR64
CR9axg7CJ/LSDoDjWhZIpSUtYNWZxhSFMdOlTZVU9m7idTsQjH1KfQtmqH06uEMc
sZIal21mxlv3QiVD606fT/v4NDiZCVllNeSX8zBBMV95zPS7UJ1DO9qOBuF5bGsX
9jyLJr0RMxdCt5LJlsA8vjm6VbgwDxGR3SttZRQO5QESg3bJ3JxJ+fEujcDZFol6
u89nQqUY3b+tBQOj3hOUYz6ztsA2YDoYae0lD/PQ0KxRbcbweADSKlcPy2JBCQi+
mduV2xoL7F5JFPL/AMjuurgMZy0=
=waSy
-----END PGP SIGNATURE-----