Cisco Small Cell DHCP Message Processing Remote Arbitrary Command Execution Vulnerability
Release date:
Updated on:
Affected Systems:
Cisco Small Cell
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68307
CVE (CAN) ID: CVE-2014-3307
Cisco Small Cell technology can integrate 3G and 4G services in Wi-Fi products.
The Cisco Small Cell product is implementing a DHCP client that allows attackers to execute arbitrary commands near unauthenticated physical locations and may have full control over the affected devices. This vulnerability is caused by the failure to correctly parse specially crafted DHCP messages.
<* Source: vendor
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3307
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://tools.cisco.com/security/center/publicationListing.x #~ CiscoSecurityResponse
This article permanently updates the link address: