BugZero | Cisco BugID CSCvi60900 - DHCP Leasequery Padding contains previously used d...

Loading...

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

©2025 BugZero. All Rights Reserved.

Privacy Policy Terms of Service

BugZero | Cisco BugID CSCvi60900 - DHCP Leasequery Padding contains previously used d...

ODD
Cisco
CSCvi60900

Cisco - Defect ID: CSCvi60900

DHCP Leasequery Padding contains previously used data

ODD
Cisco
CSCvi60900

Cisco - Defect ID: CSCvi60900

DHCP Leasequery Padding contains previously used data

Last updated on April 25th, 2025

BugZero Risk Score
6.1 Medium

Overall: 6.1

Severity: 6.4

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Bug Details

Description

Symptom

DHCP Leasequery packet Option Padding is not zeros.

Conditions

Cisco UBR8 configured with: cable source-verify dhcp And either: 'ip dhcp relay information option' configured in global configuration or 'ip dhcp relay information option-insert' configured on the interface. The data leaked is in the Leasequery packet which is sent from the dhcp relay to the dhcp server. The data leaked could be data contents in the previous DHCP packets relayed from CMTS to the DHCP server.

Workaround

None.

Further Problem Description

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 3.7: https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Change history

2025-04-25 Added: 16.10.1, 16.10.1a, 16.10.1b, 16.10.1c, 16.10.1d, 16.10.1e, 16.10.1f, 16.10.1g, 16.10.1i, 16.10.1s, 16.10.2, 16.10.3, 16.11.1, 16.11.1a, 16.11.1b, 16.11.1c, 16.11.1s, 16.11.2, 16.12.1, 16.12.1a, 16.12.1c, 16.12.1s, 16.12.1t, 16.12.1w, 16.12.1x, 16.12.1y, 16.12.1z, 16.12.2, 16.12.2a, 16.12.2s, 16.12.2t, 16.12.3, 16.12.3a, 16.12.3s, 16.12.4, 16.12.4a, 16.12.5, 16.12.5a, 16.12.5b, 16.8.1c, 16.8.2, 16.8.3, 16.9.1, 16.9.1a, 16.9.1b, 16.9.1c, 16.9.1d, 16.9.1s, 16.9.2, 16.9.2a, 16.9.2s, 16.9.3, 16.9.3a, 16.9.3h, 16.9.3s, 16.9.4, 16.9.4c, 16.9.5, 16.9.5f, 16.9.6, 16.9.7, 17.1.1, 17.1.1a, 17.1.1s, 17.1.1t, 17.1.2, 17.1.3, 17.2.1, 17.2.1a, 17.2.1r, 17.2.1v, 17.2.2, 17.3.1, 17.3.1a, 17.3.1w, 17.3.1x, 17.3.2, 17.3.2a, 17.3.3, 17.3.3a, 17.4.1, 17.4.1a, 17.4.1b, 3.3.2SE_V150_1_EZ2, 3.3.3SE_V150_1_EZ3, 3.3.4SE_V150_1_EZ4, 3.3.5SE_V150_1_EZ5, 3.6.4E_V152_2_E4, Fuji-16.9.1

Relevant Products

Click on a version to see all relevant bugs

Affected versions:No known affected versions

Fixed versions: 16.10.1, 16.10.1a, 16.10.1b, 16.10.1c, 16.10.1d, 16.10.1e, 16.10.1f, 16.10.1g, 16.10.1i, 16.10.1s, 16.10.2, 16.10.3, 16.11.1, 16.11.1a, 16.11.1b, 16.11.1c, 16.11.1s, 16.11.2, 16.12.1, 16.12.1a, 16.12.1c, 16.12.1s, 16.12.1t, 16.12.1w, 16.12.1x, 16.12.1y, 16.12.1z, 16.12.2, 16.12.2a, 16.12.2s, 16.12.2t, 16.12.3, 16.12.3a, 16.12.3s, 16.12.4, 16.12.4a, 16.12.5, 16.12.5a, 16.12.5b, 16.8.1c, 16.8.2, 16.8.3, 16.9.1, 16.9.1a, 16.9.1b, 16.9.1c, 16.9.1d, 16.9.1s, 16.9.2, 16.9.2a, 16.9.2s, 16.9.3, 16.9.3a, 16.9.3h, 16.9.3s, 16.9.4, 16.9.4c, 16.9.5, 16.9.5f, 16.9.6, 16.9.7, 17.1.1, 17.1.1a, 17.1.1s, 17.1.1t, 17.1.2, 17.1.3, 17.2.1, 17.2.1a, 17.2.1r, 17.2.1v, 17.2.2, 17.3.1, 17.3.1a, 17.3.1w, 17.3.1x, 17.3.2, 17.3.2a, 17.3.3, 17.3.3a, 17.4.1, 17.4.1a, 17.4.1b, 3.3.2SE_V150_1_EZ2, 3.3.3SE_V150_1_EZ3, 3.3.4SE_V150_1_EZ4, 3.3.5SE_V150_1_EZ5, 3.6.4E_V152_2_E4, Fuji-16.9.1

Relevant Products

Click on a version to see all relevant bugs

Affected versions:No known affected versions

Fixed versions: 16.10.1, 16.10.1a, 16.10.1b, 16.10.1c, 16.10.1d, 16.10.1e, 16.10.1f, 16.10.1g, 16.10.1i, 16.10.1s, 16.10.2, 16.10.3, 16.11.1, 16.11.1a, 16.11.1b, 16.11.1c, 16.11.1s, 16.11.2, 16.12.1, 16.12.1a, 16.12.1c, 16.12.1s, 16.12.1t, 16.12.1w, 16.12.1x, 16.12.1y, 16.12.1z, 16.12.2, 16.12.2a, 16.12.2s, 16.12.2t, 16.12.3, 16.12.3a, 16.12.3s, 16.12.4, 16.12.4a, 16.12.5, 16.12.5a, 16.12.5b, 16.8.1c, 16.8.2, 16.8.3, 16.9.1, 16.9.1a, 16.9.1b, 16.9.1c, 16.9.1d, 16.9.1s, 16.9.2, 16.9.2a, 16.9.2s, 16.9.3, 16.9.3a, 16.9.3h, 16.9.3s, 16.9.4, 16.9.4c, 16.9.5, 16.9.5f, 16.9.6, 16.9.7, 17.1.1, 17.1.1a, 17.1.1s, 17.1.1t, 17.1.2, 17.1.3, 17.2.1, 17.2.1a, 17.2.1r, 17.2.1v, 17.2.2, 17.3.1, 17.3.1a, 17.3.1w, 17.3.1x, 17.3.2, 17.3.2a, 17.3.3, 17.3.3a, 17.4.1, 17.4.1a, 17.4.1b, 3.3.2SE_V150_1_EZ2, 3.3.3SE_V150_1_EZ3, 3.3.4SE_V150_1_EZ4, 3.3.5SE_V150_1_EZ5, 3.6.4E_V152_2_E4, Fuji-16.9.1

Top Cisco Defects

No bugs this month

Ready to prevent the next vendor outage?

Links

Original Vendor Announcement

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise