CVE-2014-7997

Vulnerability

The DHCP implementation in Cisco IOS on Aironet access points fails to properly handle error conditions when short leases are used and lease-renewal attempts are unsuccessful. This triggers a transition into a recovery state intended for network-interface restart but results in a full device restart. The vulnerability is identified by Bug ID CSCtn16281 and affects Cisco IOS on Aironet APs; specific versions are detailed in the Cisco advisory [1].

Exploitation

An attacker with network access can send DHCP messages that cause lease-renewal failures. No authentication is required. By repeatedly triggering this condition, the attacker can force the device into the faulty recovery state, leading to multiple restarts.

Impact

Successful exploitation causes the access point to perform a full restart, resulting in denial of service. The device becomes temporarily unavailable until the reboot completes, disrupting network connectivity for clients.

Mitigation

Cisco has published a security advisory [1] that includes information on fixed software releases. Users should upgrade to the appropriate version as indicated in the advisory. No workarounds are documented. If no fix is applied, devices remain vulnerable.