CVE-2004-1111

Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.

Published: Jan 10, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-1111
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / ios	12.2(14)sz	12.2(14)sz.x
cisco / ios	12.2(18)ew	12.2(18)ew.x
cisco / ios	12.2(18)ewa	12.2(18)ewa.x
cisco / ios	12.2(18)s	12.2(18)s.x
cisco / ios	12.2(18)se	12.2(18)se.x
cisco / ios	12.2(18)sv	12.2(18)sv.x
cisco / ios	12.2(18)sw	12.2(18)sw.x
cisco / ios	12.2(20)ew	12.2(20)ew.x
cisco / multiservice_platform_2650	-	-
cisco / multiservice_platform_2650xm	-	-
cisco / multiservice_platform_2651	-	-
cisco / multiservice_platform_2651xm	-	-
cisco / catalyst_7600	-	-
cisco / 7600_router	-	-
cisco / 7200_router	-	-
cisco / 7500_router	-	-
cisco / 7300_router	-	-

Vulnerability Database

289,697

CVE-2004-1111