—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Cisco IOS XE Software DHCP Snooping Denial of Service vulnerability

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

Cisco IOS XE Software in Catalyst 9000 Series Switches

Overview

A vulnerability has been reported in DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service (DoS) condition.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper handling of BOOTP packets on Cisco Catalyst 9000 Series Switches. An attacker could exploit this vulnerability by sending BOOTP request packets to an affected device.

Successful exploitation of this vulnerability could allow the attacker to forward BOOTP packets from one VLAN to another, resulting in BOOTP VLAN leakage and potentially leading to high CPU utilization.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootp-WuBhNBxA

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootp-WuBhNBxA

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootp-WuBhNBxA

CVE Name

CVE-2026-20084

 

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnOg24ACgkQ3jCgcSdc

ys/Z9xAAnzqgDJyhPI2kHdo/bVgJLLc8rVu+I0vIsz4ag2udbg33eqaUa4dju9lq

4LfCFEq+lpDnjn9Bf/r/FKHHqB0zJlY7Wleg21MueOn3WsqAAhq+HFIIJtS8RIdF

keoZp32vE/G0cm9frVY6EZuYfUp38tsPw+8l9bhrfDLmoQb6XJR9nMHNi/fJnWn2

lXwi4hTSLzLyBkBWZCmkG1BVRbZJ2Mvoj07ooiDsIuWjwSc0/aOfYLWlzEEwdEwT

KJ315a3uDkKBsMN4E1+8cGD6oFg21U2g8K6JG12XE2La3BxEmjCYLrg+rRErKpCz

nUYEHeSrnpGse3v3S01k9gvfVhRCRPclGziAoeMrkuZJKnO7hduHR1kgts8GnZfP

/bqSwtkn4zOqSRQoECkCkcH4mEnaRSUng363xXgC6rwFBq06c8VZdVL+NcS4ekUV

h3WKD8uh4bu5oIr+AmYbMjeK0KUaR/vsI50kstGqGfRKUT9ziyS0uTVhKroSOV3x

gEkp4PM6xsM5wDZ/A91JlosnxNrD1xfN6PISTsckEti3iNxMKINzJI9ZJqATInRi

SE3OP5UJpexenBC4075gP9uFQVRIHBdnxZ3K3Vn8cDJdoICGhsmWIXKv9SXgFsC1

+JBDXwz/LwrbsXJal3woK4l2MryCwPW2SJn/VfG3sfsqcgRo+8c=

=omD0

—–END PGP SIGNATURE—–