Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis=
co Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Ser=
ies Routers Zero Touch Provisioning Denial of Service Vulnerabili=
ty=0D=0A=0D=0AAdvisory ID: cisco-sa-20170322-ztp=0D=0A=0D=0ARevis=
ion: 1.0=0D=0A=0D=0AFor Public Release: 2017 March 22 16:00 GMT=0D=0A=
=0D=0ALast Updated: 2017 March 22 16:00 GMT=0D=0A=0D=0ACVE ID(s):=
 CVE-2017-3859=0D=0A=0D=0ACVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L=
/PR:N/UI:N/S:C/C:N/I:N/A:H=0D=0A=0D=0A+--------------------------=
-------------------------------------------=0D=0A=0D=0ASummary=0D=0A=
=3D=3D=3D=3D=3D=3D=3D=0D=0AA vulnerability in the DHCP code for t=
he Zero Touch Provisioning feature of Cisco ASR 920 Series Aggreg=
ation Services Routers could allow an unauthenticated, remote att=
acker to cause an affected device to reload.=0D=0A=0D=0AThe vulne=
rability is due to a format string vulnerability when processing =
a crafted DHCP packet for Zero Touch Provisioning. An attacker co=
uld exploit this vulnerability by sending a specially crafted DHC=
P packet to an affected device. An exploit could allow the attack=
er to cause the device to reload, resulting in a denial of servic=
e (DoS) condition.=0D=0A=0D=0ACisco has released software updates=
 that address this vulnerability. There are no workarounds that a=
ddress this vulnerability.=0D=0A=0D=0AThis advisory is available =
at the following link:=0D=0Ahttps://tools.cisco.com/security/cent=
er/content/CiscoSecurityAdvisory/cisco-sa-20170322-ztp ["https://=
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis=
co-sa-20170322-ztp"]=0D=0A=0D=0AThis advisory is part of the Marc=
h 22, 2017, release of the Cisco IOS and IOS XE Software Security=
 Advisory Bundled Publication, which includes five Cisco Security=
 Advisories that describe five vulnerabilities. All the vulnerabi=
lities have a Security Impact Rating of High. For a complete list=
 of the advisories and links to them, see Cisco Event Response: M=
arch 2017 Semiannual Cisco IOS and IOS XE Software Security Advis=
ory Bundled Publication ["http://tools.cisco.com/security/center/=
viewErp.x?alertId=3DERP-60851"].=0D=0A=0D=0A-----BEGIN PGP SIGNAT=
URE-----=0D=0A=0D=0AiQKBBAEBAgBrBQJY0qLqZBxDaXNjbyBTeXN0ZW1zIFByb=
2R1Y3QgU2VjdXJpdHkg=0D=0ASW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28g=
UFNJUlQga2V5IDIwMTYtMjAx=0D=0ANykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2=
APcQAkHldyhAA4AUlw+TdlwzGjw66=0D=0Aa9A1qiAyLXXUNOACKIzHcNZ9vM0nEn=
Ydi9MrS36J/W3bU4etGzgOkJ6oMt2AOU8V=0D=0AfgykNstP2rcUwn2qiAhL9edrG=
2iBTG3FVgKaeud/pYobXqHX7U9EgPwxANZkdNez=0D=0AXt0cCQCa6ENn8MgVbboC=
Zl2AMXhV7rkI45J1a3ecoN/ooZN71TTo/vtYv8nl4khE=0D=0AVxRBLNE3sSSNgE0=
tcnseoH01kjTzGn2lh5e/RJL/F8OMMTg+sg399HGkxlVF/r0Y=0D=0A4c5dIad5eg=
3Ra3X1El8s8r0p8YBmFhvBuO64MYzysT4OYNPOw2dMbtAso/b3vpJf=0D=0AuRkHp=
OMEPM0Jg+hZBNGyCyUMyipfPmlaUvEIb6o4+vM/uNVwH5qpsgkVXWuCwR64=0D=0A=
CR9axg7CJ/LSDoDjWhZIpSUtYNWZxhSFMdOlTZVU9m7idTsQjH1KfQtmqH06uEMc=0D=0A=
sZIal21mxlv3QiVD606fT/v4NDiZCVllNeSX8zBBMV95zPS7UJ1DO9qOBuF5bGsX=0D=0A=
9jyLJr0RMxdCt5LJlsA8vjm6VbgwDxGR3SttZRQO5QESg3bJ3JxJ+fEujcDZFol6=0D=0A=
u89nQqUY3b+tBQOj3hOUYz6ztsA2YDoYae0lD/PQ0KxRbcbweADSKlcPy2JBCQi+=0D=0A=
mduV2xoL7F5JFPL/AMjuurgMZy0=3D=0D=0A=3DwaSy=0D=0A-----END PGP SIG=
NATURE-----=0D=0A