Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios_xe | Cisco | * | 3.8s(.2) (including) |
| Ios_xe | Cisco | 3.7.0s (including) | 3.7.0s (including) |
| Ios_xe | Cisco | 3.7.1s (including) | 3.7.1s (including) |
| Ios_xe | Cisco | 3.7.2s (including) | 3.7.2s (including) |
| Ios_xe | Cisco | 3.8.0s (including) | 3.8.0s (including) |
| Ios_xe | Cisco | 3.8s(.0) (including) | 3.8s(.0) (including) |
| Ios_xe | Cisco | 3.8s(.1) (including) | 3.8s(.1) (including) |