BugZero | Cisco BugID CSCvo12057 - DHCPRelay does not consume DHCP Offer packet with ...

Cisco - Defect ID: CSCvo12057

DHCPRelay does not consume DHCP Offer packet with Unicast flag

Cisco - Defect ID: CSCvo12057

DHCPRelay does not consume DHCP Offer packet with Unicast flag

Last updated on 2/14/2024

Overall: 88.0

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 6.96.9

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 88.0

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 6.96.9

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

When DHCPRelay is configured on FTD and the DHCP client sends a DHCP Discovery message with the Broadcast flag set to 0 (Unicast) the DHCP Offer is not consumed properly by the FTD. The result is that the DHCP Offer is not sent by the DHCPRelay to the DHCP Client. FTD capture on DHCP Server-facing interface in case of a working scenario (DHCP Broadcast flag set to 1): FTD# show cap CAPO 1: 19:56:11.936017 192.0.2.1.67 > 203.0.113.1.67: udp 305 <-- DHCP Discover 2: 19:56:11.936551 203.0.113.1.67 > 192.0.2.1.67: udp 300 <-- DHCP Offer 3: 19:56:11.937207 192.0.2.1.67 > 203.0.113.1.67: udp 317 <-- DHCP Request 4: 19:56:11.937573 203.0.113.1.67 > 192.0.2.1.67: udp 300 <-- DHCP ACK The packet trace shows: FTD# show cap CAPO trace | i output-interface output-interface: INSIDE output-interface: INSIDE FTD capture on DHCP Server-facing interface in case of a non-working scenario (DHCP Broadcast flag set to 0 (Unicast)): FTD# show cap CAPO 1: 20:02:09.853486 192.0.2.1.67 > 203.0.113.1.67: udp 305 <-- DHCP Discover 2: 20:02:09.854036 203.0.113.1.67 > 192.0.2.1.67: udp 300 <-- DHCP Offer 3: 20:02:13.854737 192.0.2.1.67 > 203.0.113.1.67: udp 305 <-- DHCP Discover 4: 20:02:13.855271 203.0.113.1.67 > 192.0.2.1.67: udp 300 <-- DHCP Offer 5: 20:02:36.163748 192.0.2.1.67 > 203.0.113.1.67: udp 305 <-- DHCP Discover 6: 20:02:36.164191 203.0.113.1.67 > 192.0.2.1.67: udp 300 <-- DHCP Offer 7: 20:02:39.914610 192.0.2.1.67 > 203.0.113.1.67: udp 305 <-- DHCP Discover 8: 20:02:39.915129 203.0.113.1.67 > 192.0.2.1.67: udp 300 <-- DHCP Offer The trace shows: FTD5555# show cap CAPO trace | i output-interface output-interface: NP Identity Ifc output-interface: OUTSIDE output-interface: OUTSIDE output-interface: OUTSIDE In some cases after multiple DHCP Discovery messages the DHCP Client manages to get the DHCP Offer

Conditions

DHCP Unicast flag is set

Workaround

N/A

Further Problem Description

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvo12057

DHCPRelay does not consume DHCP Offer packet with Unicast flag

Cisco - Defect ID: CSCvo12057

DHCPRelay does not consume DHCP Offer packet with Unicast flag

Last updated on 2/14/2024

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?