Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: DHCP Relay Agent can be tricked into snooping unicast DHCP traffic not configured on router (JSA10481)

Back to Search

Juniper Junos OS: DHCP Relay Agent can be tricked into snooping unicast DHCP traffic not configured on router (JSA10481)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
07/01/2011
Created
07/25/2018
Added
05/07/2014
Modified
05/07/2014

Description

The initial implementation of the Junos OS Extended DHCP Relay Agent feature failed to check whether unicast DHCP relay packets were received from trusted, known DHCP servers. The DHCP Relay Agent would simply intercept any unicast DHCP reply packets, if they passed through an interface which has the Extended DHCP Relay Agent enabled. This would in turn cause a DHCP binding and an access-internal route to be installed for the DHCP reply.

Solution(s)

  • juniper-junos-os-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;