Cisco devices that are running Cisco IOS Software versions that include the Device Sensor feature and at least one interface configured with an IP address are affected by this vulnerability.
For more information about the Device Sensor feature, refer to the Device Sensor Guide
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
To exploit this vulnerability, the attacker may need access to trusted, internal network resources. This access requirement may reduce the likelihood of a successful exploit.
The Device Sensor feature is enabled by default on affected devices. It is possible to mitigate the vulnerability by applying the global configuration command device-sensor filter-spec dhcp exclude all
. This command will filter the Device Sensor feature collection of DHCP packets, and the Device Sensor feature will no longer process or store DHCP information. To confirm that the Device Sensor feature is no longer collecting DHCP data, issue the show device-sensor cache all
command. No DHCP entries should be present in the table.