VARIoT IoT vulnerabilities database

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. Multiple IBM Informix products are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following: IBM Informix Client Software Development Kit (CSDK) 3.5 IBM Informix Connect 3.x Other products that use the Setnet32 3.50.0.13752 utility may also be vulnerable. Sun VirtualBox is prone to a local privilege-escalation vulnerability. Successful exploits will completely compromise affected computers. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: IBM Informix Products Setnet32 Utility ".nfx" Processing Buffer Overflow SECUNIA ADVISORY ID: SA36949 VERIFY ADVISORY: http://secunia.com/advisories/36949/ DESCRIPTION: bruiser has discovered a vulnerability in IBM Informix Client Software Development Kit (CSDK) and IBM Informix Connect, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the processing of ".nfx" files. This can be exploited to cause a stack-based buffer overflow when an ".nfx" file having e.g. an overly long "HostList" entry is opened. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in setnet32.exe version 3.50.0.13752 included in IBM Informix CSDK version 3.50. Other versions may also be affected. SOLUTION: Do not open untrusted ".nfx" files. PROVIDED AND/OR DISCOVERED BY: Nine:Situations:Group::bruiser ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_ibm_setnet32.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . SOLUTION: Update to version 3.0.8. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thomas Biege of SUSE Linux. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201001-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VirtualBox: Multiple vulnerabilities Date: January 13, 2010 Bugs: #288836, #294678 ID: 201001-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation. Background ========== The VirtualBox family provides powerful x86 virtualization products. ------------------------------------------------------------------- Description =========== Thomas Biege of SUSE discovered multiple vulnerabilities: * A shell metacharacter injection in popen() (CVE-2009-3692) and a possible buffer overflow in strncpy() in the VBoxNetAdpCtl configuration tool. * An unspecified vulnerability in VirtualBox Guest Additions (CVE-2009-3940). A guest OS local user could cause a Denial of Service (memory consumption) on the guest OS via unknown vectors. Workaround ========== There is no known workaround at this time. Resolution ========== All users of the binary version of VirtualBox should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-bin-3.0.12" All users of the Open Source version of VirtualBox should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-ose-3.0.12" All users of the binary VirtualBox Guest Additions should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-guest-additions-3.0.12" All users of the Open Source VirtualBox Guest Additions should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-ose-additions-3.0.12" References ========== [ 1 ] CVE-2009-3692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3692 [ 2 ] CVE-2009-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3940 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201001-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. VMware Fusion is prone to a denial-of-service vulnerability caused by an unspecified integer-overflow issue. An attacker can exploit this issue to crash the affected system, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. This issue affects versions prior to Fusion 2.0.6 build 196839. Users of the main operating system can use unknown parameters to cause a denial of service attack on the main operating system. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: VMware Fusion Denial of Service and Privilege Escalation SECUNIA ADVISORY ID: SA36928 VERIFY ADVISORY: http://secunia.com/advisories/36928/ DESCRIPTION: Two vulnerabilities have been reported in VMware Fusion, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. The vulnerabilities are reported in version 2.0.5 and prior. SOLUTION: Update to version 2.0.6 build 196839. ORIGINAL ADVISORY: VMSA-2009-0013: http://lists.vmware.com/pipermail/security-announce/2009/000066.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0013 Synopsis: VMware Fusion resolves two security issues Issue date: 2009-10-01 Updated on: 2009-10-01 (initial release of advisory) CVE numbers: CVE-2009-3281 CVE-2009-3282 - ------------------------------------------------------------------------ 1. Relevant releases VMware Fusion 2.0.5 and earlier. 3. Problem Description VMware Fusion is a product that allows you to seamlessly run your favorite Windows applications on any Intel-based Mac. a. Kernel code execution vulnerability An file permission problem in the vmx86 kernel extension allows for executing arbitrary code in the host system kernel context by an unprivileged user on the host system. VMware would like to thank Neil Kettle of Convergent Network Solutions for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3281 to this issue. b. VMware would like to thank Neil Kettle of Convergent Network Solutions for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3282 to this issue. To remediate the above issues update your product using the table below. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x Windows not affected Workstation 6.5.x Linux not affected Player 2.5.x Windows not affected Player 2.5.x Linux not affected ACE 2.5.x any not affected Server any any not affected Fusion any Mac OS/X Fusion 2.0.6 build 196839 ESXi any ESXi not affected ESX any ESX not affected 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009 md5sum: d35490aa8caa92e21339c95c77314b2f sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26 VMware Fusion 2.0.6 (for Intel-based Macs): Download including only VMware Fusion software md5sum: 2e8d39defdffed224c4bab4218cc6659 sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3282 - ------------------------------------------------------------------------ 6. Change log 2009-10-01 VMSA-2009-0013 Initial security advisory after release of Fusion 2.0.6 on 2009-10-01 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFKxYtnS2KysvBH1xkRAgZjAJ9xF6r9OKjHc4iayvPz0VEiLf2T6QCfdglG 7vvN45BLtMo4BuHfCGRGHo4= =y8E6 -----END PGP SIGNATURE-----

The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. VMware Fusion is prone to a privilege-escalation vulnerability caused by an unspecified file-permission problem. An attacker can exploit this issue to run arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. This issue affects versions prior to Fusion 2.0.6 build 196839. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: VMware Fusion Denial of Service and Privilege Escalation SECUNIA ADVISORY ID: SA36928 VERIFY ADVISORY: http://secunia.com/advisories/36928/ DESCRIPTION: Two vulnerabilities have been reported in VMware Fusion, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. The vulnerabilities are reported in version 2.0.5 and prior. SOLUTION: Update to version 2.0.6 build 196839. ORIGINAL ADVISORY: VMSA-2009-0013: http://lists.vmware.com/pipermail/security-announce/2009/000066.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0013 Synopsis: VMware Fusion resolves two security issues Issue date: 2009-10-01 Updated on: 2009-10-01 (initial release of advisory) CVE numbers: CVE-2009-3281 CVE-2009-3282 - ------------------------------------------------------------------------ 1. Relevant releases VMware Fusion 2.0.5 and earlier. 3. Problem Description VMware Fusion is a product that allows you to seamlessly run your favorite Windows applications on any Intel-based Mac. a. VMware would like to thank Neil Kettle of Convergent Network Solutions for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3281 to this issue. b. Kernel denial of service vulnerability An integer overflow vulnerability in the vmx86 kernel extension allows for a denial of service of the host by an unprivileged user on the host system. VMware would like to thank Neil Kettle of Convergent Network Solutions for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3282 to this issue. To remediate the above issues update your product using the table below. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x Windows not affected Workstation 6.5.x Linux not affected Player 2.5.x Windows not affected Player 2.5.x Linux not affected ACE 2.5.x any not affected Server any any not affected Fusion any Mac OS/X Fusion 2.0.6 build 196839 ESXi any ESXi not affected ESX any ESX not affected 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009 md5sum: d35490aa8caa92e21339c95c77314b2f sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26 VMware Fusion 2.0.6 (for Intel-based Macs): Download including only VMware Fusion software md5sum: 2e8d39defdffed224c4bab4218cc6659 sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3282 - ------------------------------------------------------------------------ 6. Change log 2009-10-01 VMSA-2009-0013 Initial security advisory after release of Fusion 2.0.6 on 2009-10-01 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFKxYtnS2KysvBH1xkRAgZjAJ9xF6r9OKjHc4iayvPz0VEiLf2T6QCfdglG 7vvN45BLtMo4BuHfCGRGHo4= =y8E6 -----END PGP SIGNATURE-----

The Linksys WRT54GC is a small wireless router from Cisco. The diagnostics.cgi script of the WRT54GC router failed to properly validate the HTTP request submitted by the user. The remote attacker could inject arbitrary script code or cause a denial of service by including malicious ping_address and raceroute_address parameters in the request. Other attacks are also possible. This issue affects Linksys WRT54GC running firmware 1.01.5 and 1.00.7. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Linksys WRT54GC Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA36921 VERIFY ADVISORY: http://secunia.com/advisories/36921/ DESCRIPTION: VenturoLab Team has reported a vulnerability in Linksys WRT54GC, which can be exploited by malicious people to conduct cross-site request forgery attacks. The diagnostics.cgi script allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. The vulnerability is reported in firmware version 1.01.5 and 1.00.7. Other versions may also be affected. SOLUTION: Do not visit other websites while being logged-in to the Linksys administration interface. PROVIDED AND/OR DISCOVERED BY: VenturoLab Team ORIGINAL ADVISORY: http://venturolab.pl/index.php/2009/09/30/opis-bledu-w-routerze-linksys-wrt54gc/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Linksys WRT54GC is a small wireless router from Cisco.  The diagnostics.cgi script of the WRT54GC router does not properly verify the HTTP request submitted by the user. A remote attacker can inject arbitrary script code or cause a denial of service by including malicious ping_address and raceroute_address parameters in the request.

Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy's multiple product KeyHelp.ocx controls fail to properly handle user-committed input, allowing attackers to perform stack-based buffer overflow attacks that can execute arbitrary code in the context of the application. KeyWorks KeyHelp Module is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successful exploits will compromise the application and the computer. Failed attacks will cause denial-of-service conditions. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: KeyWorks KeyHelp ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA36905 VERIFY ADVISORY: http://secunia.com/advisories/36905/ DESCRIPTION: pyrokinesis has discovered a vulnerability in the KeyWorks KeyHelp ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the KeyHelp.KeyCtrl.1 ActiveX control (KeyHelp.ocx). This can be exploited to cause a stack-based buffer overflow via an overly long argument passed to the "JumpMappedID()" or "JumpURL()" method. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in KeyHelp.ocx version 1.2.3120.0. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Nine:Situations:Group::pyrokinesis ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_emc_keyhelp.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: GE Intelligent Platforms Multiple Products KeyHelp ActiveX Control Two Vulnerabilities SECUNIA ADVISORY ID: SA49728 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49728/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49728 RELEASE DATE: 2012-06-29 DISCUSS ADVISORY: http://secunia.com/advisories/49728/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49728/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49728 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in multiple GE Intelligent Platforms products, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are reported in the following products: * Proficy Historian versions 4.5, 4.0, 3.5, and 3.1 * Proficy HMI/SCADA \x96 iFIX versions 5.1 and 5.0 * Proficy Pulse version 1.0 * Proficy Batch Execution version 5.6 * SI7 I/O Driver versions 7.20 through 7.42 SOLUTION: Apply patch (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Andrea Micalizzi aka rgod via ZDI

The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SSL A vulnerability that impersonates a server exists. The problem is CVE-2009-2408 And related issues.An attacker can create any arbitrary certificate through a certificate issued by a regular certificate authority. SSL There is a possibility of impersonating a server. The BlackBerry Device Software browser is prone to a weakness that may cause affected users to trust malicious sites. This issue may potentially lead to other attacks, because users may operate under a false sense of security. This issue affects all versions prior to BlackBerry Device Software 4.5.0.173, 4.6.0.303, 4.6.1.309, 4.7.0.179, and 4.7.1.57. NOTE: This issue affects all built-in browsers installed on BlackBerry devices: BlackBerry Browser Internet Browser WAP Browser Wi-Fi (Hotspot) Browser. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: BlackBerry Devices Insufficient Certificate Warning Security Issue SECUNIA ADVISORY ID: SA36875 VERIFY ADVISORY: http://secunia.com/advisories/36875/ DESCRIPTION: A security issue has been reported in BlackBerry Device Software, which can be exploited by malicious people to potentially conduct spoofing attacks. The security issue is caused due to the dialog box displayed by the browser when a mismatched certificate is detected not showing e.g. NULL ('\0') characters. This can be exploited to potentially trick a user into ignoring the warning dialog box and accept a spoofed certificate containing special characters in the Common Name field. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mobile Security Lab and CESG. ORIGINAL ADVISORY: http://www.blackberry.com/btsc/viewContent.do?externalId=KB19552 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159. Cisco Application Control Engine (ACE) XML Gateway is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that can aid in further attacks. This issue is being tracked by Cisco Bug CSCtb82159. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. The weakness is caused due to error messages generated as responses to unsupported HTTP requests including a client's normally hidden, internal IP address. This can be exploited to disclose the IP address of e.g. an internal load balancer via e.g. an OPTIONS HTTP request. SOLUTION: The weakness will reportedly be fixed in system software version 6.1, expected to be available in November 2009. Remove IP addresses from outgoing HTTP error messages by using a web proxy. PROVIDED AND/OR DISCOVERED BY: nitr\xd8us (Alejandro Hernandez H.), CubilFelino Security Research Lab ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20090925-axg.shtml CubilFelino Security Research Lab: http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104. Cisco IOS Is H.323 Insufficient packet processing, causing service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCsz38104 It is a problem.Cleverly crafted H.323 Service disruption due to packets (DoS) There is a possibility of being put into a state. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsz38104. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate the vulnerability apart from disabling H.323 if the device that is running Cisco IOS Software does not need to run H.323 for VoIP services. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products ================= Vulnerable Products +------------------ Cisco devices that are running affected Cisco IOS Software versions that are configured to process H.323 messages are affected by this vulnerability. H.323 is not enabled by default. To determine the Cisco IOS Software device is running H.323 services use the "show process cpu | include 323" command, as shown in the following example: Router#show process cpu | include 323 249 16000 3 5333 0.00% 0.00% 0.00% 0 CCH323_CT 250 0 1 0 0.00% 0.00% 0.00% 0 CCH323_DNS Router# Note: Only H.323 listening port TCP 1720 is affected. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- Cisco IOS XE and Cisco IOS XR Software are not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details ======= H.323 is the ITU standard for real-time multimedia communications and conferencing over packet-based (IP) networks. A subset of the H.323 standard is H.225.0, a standard used for call signalling protocols and media stream packetization over IP networks. A TCP three-way handshake is needed to exploit this vulnerability. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsz38104 - Crafted H323 packets may cause device to reload CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability described in this document may cause the affected device to reload. The issue could be exploited repeatedly to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Releases | | | |------------+---------------------------------------+--------------| | 12.2 | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.2B | | | | | Releases up to and including 12.2(4) | 12.4(23b) | | | B8 are not vulnerable. | | |------------+---------------------------------------+--------------| | 12.2BC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2BW | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.2BX | | | | | Releases up to and including 12.2(15) | 12.4(23b) | | | BX are not vulnerable. | | |------------+---------------------------------------+--------------| | 12.2BY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2BZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2CX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2CY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2CZ | Vulnerable; migrate to 12.2SB | 12.2(33)SB7 | |------------+---------------------------------------+--------------| | 12.2DA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2DD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2DX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2EW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2EWA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2EX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2EY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2EZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2FX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2FY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2FZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IRA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IRB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IRC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXH | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2JA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2JK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2MB | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Releases up to and including 12.2(15) | | | | MC1 are not vulnerable. | 12.4(25b) | | 12.2MC | | | | | Releases 12.2(15)MC2b and later are | 12.4(23b) | | | not vulnerable; first fixed in 12.4 | | |------------+---------------------------------------+--------------| | 12.2S | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SBC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SCA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SCB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SED | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SGA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SM | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SO | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SRA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SRB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SRC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SRD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2STE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SV | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SVA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SVC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SVD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SVE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXH | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXI | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.2T | | | | | Releases up to and including 12.2(8) | 12.4(23b) | | | T10 are not vulnerable. | | |------------+---------------------------------------+--------------| | 12.2TPC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XH | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XI | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XM | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XNA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XNB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XNC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XND | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XO | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XS | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XT | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XV | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YG | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2YH | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2YJ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | 12.2YK | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2YL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.2YM | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2YN | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | 12.2YO | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YP | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YS | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2YT | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2YU | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | Releases prior to 12.2(11)YV1 are | | | 12.2YV | vulnerable, release 12.2(11)YV1 and | | | | later are not vulnerable | | |------------+---------------------------------------+--------------| | 12.2YW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZB | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2ZC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2ZD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.2ZE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.2ZF | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | 12.2ZG | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.2ZH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2ZJ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2ZL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2ZP | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | 12.2ZU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZYA | Not Vulnerable | | |------------+---------------------------------------+--------------| | Affected | | Recommended | | 12.3-Based | First Fixed Release | Release | | Releases | | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3 | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3B | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | 12.3BC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3BW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3EU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JEA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JEB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JEC | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Releases up to and including 12.3(2) | | | | JK3 are not vulnerable. | 12.4(25b) | | 12.3JK | | | | | Releases 12.3(8)JK1 and later are not | 12.4(23b) | | | vulnerable; first fixed in 12.4 | | |------------+---------------------------------------+--------------| | 12.3JL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JX | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3T | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | 12.3TPC | Releases up to and including 12.3(4) | | | | TPC11a are not vulnerable. | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3VA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | Releases prior to 12.3(2)XA7 are | 12.4(25b) | | 12.3XA | vulnerable, release 12.3(2)XA7 and | | | | later are not vulnerable; first fixed | 12.4(23b) | | | in 12.4 | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.3XB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.3XF | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | Note: Releases prior to 12.3(7)XI11 | 12.2(33)SB7 | | 12.3XI | are vulnerable, release 12.3(7)XI11 | | | | and later are not vulnerable; | 12.2(31)SB16 | |------------+---------------------------------------+--------------| | 12.3XJ | Vulnerable; migrate to any release in | 12.4(15)T10 | | | 12.4XN | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XL | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XR | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | 12.3XS | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | Vulnerable; first fixed in 12.4T | 12.4(20)T4 | | | | | | 12.3XU | Releases up to and including 12.3(8) | 12.4(22)T3 | | | XU1 are not vulnerable. | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | Vulnerable; migrate to any release in | 12.4(15)XR7 | | 12.3XW | 12.4XR | | | | | 12.4(22)XR | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XY | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XZ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | 12.3YA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YD | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; migrate to any release in | 12.4(15)XR7 | | 12.3YF | 12.4XR | | | | | 12.4(22)XR | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YG | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.3YH | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YI | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | Releases prior to 12.3(11)YK3 are | 12.4(20)T4 | | | vulnerable, release 12.3(11)YK3 and | | | 12.3YK | later are not vulnerable; first fixed | 12.4(22)T3 | | | in 12.4T | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YM | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YQ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | Vulnerable; first fixed in 12.4T | 12.4(20)T4 | | | | | | 12.3YS | Releases up to and including 12.3(11) | 12.4(22)T3 | | | YS1 are not vulnerable. | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YU | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)XR7 | | 12.3YX | Vulnerable; migrate to 12.4XR | | | | | 12.4(22)XR | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.3YZ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3ZA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | Affected | | Recommended | | 12.4-Based | First Fixed Release | Release | | Releases | | | |------------+---------------------------------------+--------------| | | 12.4(25b) | 12.4(25b) | | 12.4 | | | | | 12.4(23b) | 12.4(23b) | |------------+---------------------------------------+--------------| | 12.4GC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JMA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JMB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4MD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4MDA | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Releases prior to 12.4(19)MR3 are | | | 12.4MR | vulnerable, release 12.4(19)MR3 and | | | | later are not vulnerable | | |------------+---------------------------------------+--------------| | 12.4SW | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | 12.4(15)T10 | | | | | 12.4(20)T4 | | | 12.4(20)T4 | | | 12.4T | | 12.4(22)T3 | | | 12.4(22)T2 | | | | | 12.4(24)T2; | | | 12.4(24)T1 | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XB | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XC | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XD | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XE | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4XF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XG | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XJ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4XK | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.4XL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | Vulnerable; first fixed in 12.4T | 12.4(20)T4 | | | | | | 12.4XM | Releases up to and including 12.4(15) | 12.4(22)T3 | | | XM are not vulnerable. | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4XN | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.4XP | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | 12.4XQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XR | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.4XV | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XW | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XY | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XZ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4YA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4YB | 12.4(22)YB4 | 12.4(22)YB4 | |------------+---------------------------------------+--------------| | 12.4YD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4YE | Not Vulnerable | | +-------------------------------------------------------------------+ Note: No Cisco IOS-XE Software or Cisco IOS Software Modularity releases are affected by this vulnerability. Workarounds =========== There are no workarounds to mitigate the vulnerability apart from disabling H.323 if the Cisco IOS device does not need to run H.323 for VoIP services. Affected devices that must run H.323 are vulnerable, and there are not any specific configurations that can be used to protect them. Applying access lists on interfaces that should not accept H.323 traffic and putting firewalls in strategic locations may greatly reduce exposure until an upgrade can be performed. Cisco provides Solution Reference Network Design (SRND) guides to help design and deploy networking solutions, which can be found at http://www.cisco.com/go/srnd Voice Security best practices are covered in the Cisco Unified Communications SRND Based on Cisco Unified Communications Manager 6.x at: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/security.html Below is an example of an access list to block H.323 management traffic from anywhere but a permitted network. In this example, the permitted network is 172.16.0.0/16. !--- Permit access from any IP address in the 172.16.0.0/16 !--- network to anywhere on port 1720. access-list 101 permit tcp 172.16.0.0 0.0.255.255 any eq 1720 !--- Permit access from anywhere to a host in the !--- 172.16.0.0/26 network on port 1720. access-list 101 permit tcp any 172.16.0.0 0.0.255.255 eq 1720 !--- Deny all traffic from port 1720. access-list 101 deny tcp any eq 1720 any !--- Deny all traffic to port 1720. access-list 101 deny tcp any any eq 1720 !--- Permit all other traffic. access-list 101 permit ip any any Alternatively, you can use the "call service stop forced" command under the "voice service voip" mode, as shown in the following example: voice service voip h323 call service stop forced Additional mitigations that can be deployed on Cisco devices within the network are available in the companion document "Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Denial of Service Vulnerabilities in Cisco Unified Communications Manager and Cisco IOS Software", which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20090923-voice.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2009-September-23 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKukGL86n/Gc8U/uARAg57AJ9RtkzXFDXBhVYa/uszbYnplu2nhgCeJmtM vims3xWW7vcpqLkfphuJWzs= =eh5W -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error exists in the login section of the Extension Mobility feature of the Cisco Unified CME (Communications Manager Express) component. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. Successful exploitation may allow execution of arbitrary code. 2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established. Successful exploitation requires that the IKE certificate based authentication method is used. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets. Successful exploitation requires that the device is configured for PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP tunnels, and Cisco Express Forwarding. 4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies. 5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets. 6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload. For more information: SA36836 7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces). 8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists. 9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP inspection feature. This can be exploited to reload a device via a specially crafted SIP transit packet. 10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. 2) Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel, aka Bug IDs CSCsh97579 and CSCsq31776. Cisco IOS Is IP Tunneling function, and Cisco Express Forwarding Service disruption when function is enabled (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCsh97579 and CSCsq31776 It is a problem.Service disruption due to illegal packets (DoS) There is a possibility of being put into a state. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCsh97579, CSCsq31776, and CSCsx70889. Cisco has released free software updates that address this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. The Cisco IOS Point to Point Tunneling Protocol (PPTP) feature creates GRE tunnels that are transparent to the user. Therefore systems configured for PPTP are also vulnerable. The Cisco multicast Virtual Private Network (MVPN) feature also creates GRE tunnels that are transparent to the user, however MVPN configurations are not vulnerable, unless there are other tunnels that are configured explicitly. Vulnerable Products +------------------ A Cisco IOS device that is explicitly configured for a tunnel will have a configuration similar to the following in the output of "show running-config": interface tunnel0 ip address [IP-address] tunnel source [Tunnel-Source] tunnel destination [Tunnel Destination] An alternative method to identify devices that are configured for tunnels is to use the "show interfaces" command. A sample output is provided below: Router#show interfaces | include Tunnel Tunnel0 is up, line protocol is down Hardware is Tunnel [...] Tunnel protocol/transport GRE/IP !-- output truncated A Cisco IOS device that is configured for Cisco Express Forwarding will display the forwarding table in the output of "show ip cef" output, as in the following example: Router#show ip cef Prefix Next Hop Interface 0.0.0.0/0 10.48.64.1 Ethernet0/0 0.0.0.0/32 receive .... To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco 7200 series device running Cisco IOS Software release 12.3(19) with an installed image name of C7200-JS-M: 7200#show version Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-JS-M), Version 12.3(19), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Thu 11-May-06 22:37 by evmiller !-- output truncated The following example identifies a Cisco 7300 series device running Cisco IOS Software release 12.3(22) with an installed image name of C7301-P-M: 7301# show version Cisco Internetwork Operating System Software IOS (tm) 7301 Software (C7301-P-M), Version 12.3(22), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by cisco Systems, Inc. Compiled Wed 24-Jan-07 20:26 by ccai !-- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- Cisco IOS XR Software is not affected. Cisco IOS XE Software is not affected. IPsec and Dynamic Multipoint VPN (DMVPN) configurations that are protected by IPsec are not affected. MVPN configurations are not affected. Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) tunnels are not affected. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= A tunnel protocol encapsulates a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link between internetworking devices over an IP network. It improves network performance and scalability for networks with high and dynamic traffic patterns. Please note that using PPTP creates GRE tunnels that are transparent to the end user so devices configured for PPTP are vulnerable if they are configured on an affected software version. Using MVPN also creates GRE tunnels that are transparent to the end user. However MVPN configurations are not vulnerable. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsh97579 - switching bad packet tunnel to tunnel crashes router CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsq31776 - ip tunnels regression test can crash the router CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx70889 - Systems configured for tunnels reload after receiving malformed packets CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may result in the reload of an affected system, causing a DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0 | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0DA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.0DB | | | | | Releases up to and including 12.0(1) | 12.4(23b) | | | DB are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0DC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | 12.0(32)S14; Available on | 12.0(33)S5 | | | 25-SEP-2009 | | | 12.0S | | 12.0(32)S14; | | | 12.0(33)S5 | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.0(33)S5 | | | | | | 12.0SC | Vulnerable; first fixed in 12.0S | 12.0(32)S14; | | | | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.0(33)S5 | | | | | | 12.0SL | Vulnerable; first fixed in 12.0S | 12.0(32)S14; | | | | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0SP | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.0(33)S5 | | | | | | 12.0ST | Vulnerable; first fixed in 12.0S | 12.0(32)S14; | | | | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.0(33)S5 | | | | | | 12.0SX | Vulnerable; first fixed in 12.0S | 12.0(32)S14; | | | | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | 12.0(32)SY9a | 12.0(32)SY9a | | | | | | 12.0SY | 12.0(32)SY10; Available on | 12.0(32)SY10; | | | 25-SEP-2009 | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.0(33)S5 | | | | | | 12.0SZ | Vulnerable; first fixed in 12.0S | 12.0(32)S14; | | | | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0T | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.0W | | | | | Releases up to and including 12.0 | 12.4(23b) | | | (16)W5(21c) are not vulnerable. | | |------------+--------------------------------------+---------------| | | Releases prior to 12.0(5)WC3b are | | | 12.0WC | vulnerable, release 12.0(5)WC3b and | | | | later are not vulnerable | | |------------+--------------------------------------+---------------| | 12.0WT | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.0XF | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Releases prior to 12.0(4)XI2 are | 12.4(25b) | | 12.0XI | vulnerable, release 12.0(4)XI2 and | | | | later are not vulnerable; first | 12.4(23b) | | | fixed in 12.4 | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XJ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XL | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XM | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XN | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.0XR | | | | | Releases up to and including 12.0(6) | 12.4(23b) | | | XR are not vulnerable. | | |------------+--------------------------------------+---------------| | 12.0XS | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XT | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XV | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1 | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1AA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.1AX | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Releases up to and including 12.1 | 12.2(50)SE3 | | | (13)AY are not vulnerable. | | | 12.1AY | | 12.2(52)SE; | | | Releases 12.1(22)AY1 and later are | Available on | | | not vulnerable; first fixed in | 13-OCT-2009 | | | 12.2SE | | |------------+--------------------------------------+---------------| | 12.1AZ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1CX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1DA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1DB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1DC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.1E | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | Releases up to and including 12.1(4) | | | | EA1c are not vulnerable. | | | 12.1EA | | 12.2(50)SE3 | | | Releases 12.1(22)EA11 and later are | | | | not vulnerable; first fixed in | | | | 12.2SE | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.1EB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.2(33)SCB4 | | 12.1EC | Vulnerable; first fixed in 12.3BC | | | | | 12.3(21a)BC9 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.1EO | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.2(31)SGA11 | | 12.1EU | Vulnerable; first fixed in 12.2SG | | | | | 12.2(50)SG4 | |------------+--------------------------------------+---------------| | 12.1EV | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1EW | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1EX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.1EY | Releases up to and including 12.1(1) | | | | EY are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1EZ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1GA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1GB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1T | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XF | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XI | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XJ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XL | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XM | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XP | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XR | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.1XS | | | | | Releases up to and including 12.1(1) | 12.4(23b) | | | XS are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XT | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XU | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XV | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XW | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.1XY | | | | | Releases up to and including 12.1(4) | 12.4(23b) | | | XY are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XZ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Releases prior to 12.1(5)YE6 are | 12.4(25b) | | 12.1YE | vulnerable, release 12.1(5)YE6 and | | | | later are not vulnerable; first | 12.4(23b) | | | fixed in 12.4 | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YF | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.1YI | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.1YJ | Not Vulnerable | | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2 | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2B | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2BC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2BW | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2BX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2BY | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2BZ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2CX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2CY | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2CZ | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2DA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2DD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2DX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(31)SGA11 | | 12.2EW | Vulnerable; first fixed in 12.2SG | | | | | 12.2(50)SG4 | |------------+--------------------------------------+---------------| | | | 12.2(31)SGA11 | | 12.2EWA | Vulnerable; first fixed in 12.2SG | | | | | 12.2(50)SG4 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2EX | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(46)EY are | 12.2(50)SE3 | | | vulnerable, release 12.2(46)EY and | | | 12.2EY | later are not vulnerable; first | 12.2(52)SE; | | | fixed in 12.2SE | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2EZ | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | 12.2FX | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2FY | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2FZ | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | 12.2IRA | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | 12.2IRB | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IRC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXF | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXG | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXH | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2JA | Releases up to and including 12.2 | | | | (13)JA4 are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2JK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2MB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2MC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2S | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | 12.2(31)SB16 | | | | | | | 12.2SB | 12.2(33)SB6 | 12.2(33)SB7 | | | | | | | 12.2(28)SB14; Available on | | | | 20-OCT-2009 | | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2SBC | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | 12.2SCA | Vulnerable; first fixed in 12.2SCB | 12.2(33)SCB4 | |------------+--------------------------------------+---------------| | 12.2SCB | 12.2(33)SCB4 | 12.2(33)SCB4 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | 12.2(50)SE2 | | | 12.2SE | | 12.2(52)SE; | | | 12.2(52)SE; Available on 13-OCT-2009 | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SEA | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SEB | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SEC | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SED | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SEE | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(25)SEF2 are | 12.2(50)SE3 | | | vulnerable, release 12.2(25)SEF2 and | | | 12.2SEF | later are not vulnerable; first | 12.2(52)SE; | | | fixed in 12.2SE | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(25)SEG4 are | 12.2(50)SE3 | | | vulnerable, release 12.2(25)SEG4 and | | | 12.2SEG | later are not vulnerable; first | 12.2(52)SE; | | | fixed in 12.2SE | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | 12.2(50)SG4 | | | 12.2SG | | 12.2(50)SG4 | | | 12.2(53)SG | | |------------+--------------------------------------+---------------| | 12.2SGA | 12.2(31)SGA11 | 12.2(31)SGA11 | |------------+--------------------------------------+---------------| | 12.2SL | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SM | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SO | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SQ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2SRA | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | 12.2SRB | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | 12.2SRC | 12.2(33)SRC5; Available on | 12.2(33)SRD3 | | | 29-OCT-2009 | | |------------+--------------------------------------+---------------| | 12.2SRD | 12.2(33)SRD2 | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2STE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2SU | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SV | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SVA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SVC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SVD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SVE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.2SW | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2SX | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2SXA | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2SXB | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2SXD | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2SXE | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | 12.2(18)SXF17; Available on | 12.2(18) | | | 30-SEP-2009 | SXF17; | | 12.2SXF | | Available on | | | Please see IOS Software Modularity | 30-SEP-2009 | | | Patch | | |------------+--------------------------------------+---------------| | | 12.2(33)SXH6; Available on | | | | 30-OCT-2009 | 12.2(33)SXH6; | | 12.2SXH | | Available on | | | Please see IOS Software Modularity | 30-OCT-2009 | | | Patch | | |------------+--------------------------------------+---------------| | 12.2SXI | 12.2(33)SXI2 | 12.2(33)SXI2a | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2SY | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2SZ | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2T | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2TPC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.2XA | | | | | Releases up to and including 12.2(1) | 12.4(23b) | | | XA are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XF | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XI | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XJ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XL | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XM | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.2XNA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XNB | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XNC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XND | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.2(31)SGA11 | | 12.2XO | Vulnerable; first fixed in 12.2SG | | | | | 12.2(50)SG4 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XR | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XS | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XT | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XU | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XV | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XW | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2YA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YF | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YG | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YH | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YJ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YK | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2YM | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YN | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YO | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.2YP | | | | | Releases up to and including 12.2(8) | 12.4(23b) | | | YP are not vulnerable. | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YQ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YR | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2YS | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YT | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YU | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YV | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YW | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YX | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YY | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YZ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2ZA | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2ZE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2ZF | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2ZG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2ZH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZJ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZP | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.2(33)SXH6; | | 12.2ZU | Vulnerable; first fixed in 12.2SXH | Available on | | | | 30-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2ZX | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZY | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2ZYA | 12.2(18)ZYA2 | | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.3-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3 | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3B | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.3BC | 12.3(21a)BC9 | 12.3(21a)BC9 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3BW | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.3EU | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3JA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3JEA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3JEB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3JEC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3JK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3JL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.3JX | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3T | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3TPC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3VA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3XB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3XF | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.3XI | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | | 12.4(15)XR7 | | 12.3XJ | Vulnerable; first fixed in 12.4XR | | | | | 12.4(22)XR | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(20)T4 | | | | | | | | 12.4(22)T3 | | 12.3XL | Vulnerable; first fixed in 12.4T | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XR | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XS | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3XU | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)XR7 | | 12.3XW | Vulnerable; first fixed in 12.4XR | | | | | 12.4(22)XR | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XY | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XZ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3YA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YD | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)XR7 | | 12.3YF | Vulnerable; first fixed in 12.4XR | | | | | 12.4(22)XR | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YG | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YH | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YI | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YJ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YK | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YM | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YQ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YS | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YU | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)XR7 | | 12.3YX | Vulnerable; first fixed in 12.4XR | | | | | 12.4(22)XR | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3YZ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3ZA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.4-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | 12.4(23b) | 12.4(25b) | | 12.4 | | | | | 12.4(25b) | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.4GC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JA | 12.4(13d)JA | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JDA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JDC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JDD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JK | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JMA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JMB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.4JX | Vulnerable; first fixed in 12.4JA | | |------------+--------------------------------------+---------------| | | | 12.4(11)MD9 | | | | | | 12.4MD | 12.4(11)MD9 | 12.4(15)MD3 | | | | | | | | 12.4(22)MD1 | |------------+--------------------------------------+---------------| | 12.4MDA | 12.4(22)MDA1 | 12.4(22)MDA1 | |------------+--------------------------------------+---------------| | | Releases prior to 12.4(19)MR3 are | | | 12.4MR | vulnerable, release 12.4(19)MR3 and | 12.4(19)MR3 | | | later are not vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4SW | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | 12.4(15)T10 | | | | | 12.4(20)T4 | | | 12.4(20)T4 | | | 12.4T | | 12.4(22)T3 | | | 12.4(22)T2 | | | | | 12.4(24)T2; | | | 12.4(24)T2;Available on 23-OCT-2009 | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XB | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XC | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XD | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XE | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XF | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XG | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XJ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XK | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4XL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XM | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4XN | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4XP | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XQ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | 12.4(22)XR | 12.4(15)XR7 | | 12.4XR | | | | | 12.4(15)XR6 | 12.4(22)XR | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4XV | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XW | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XY | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XZ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4YA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | 12.4YB | 12.4(22)YB4 | 12.4(22)YB4 | |------------+--------------------------------------+---------------| | 12.4YD | 12.4(22)YD1 | 12.4(22)YD1 | |------------+--------------------------------------+---------------| | 12.4YE | 12.4(22)YE1 | 12.4(22)YE1 | +-------------------------------------------------------------------+ Cisco IOS Software Modularity - Maintenance Packs +------------------------------------------------ Customers who are using Cisco IOS Software Modularity can apply the respective maintenance packs. More information on Cisco IOS Software Modularity can be found at the following link: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_bulletin0900aecd80313e15.html The Maintenance Packs listed below can be downloaded at: http://www.cisco.com/go/pn Cisco IOS Software Modularity Maintenance Pack for 12.2SXF +--------------------------------------------------------- +-------------------------------------------------------------------+ | Cisco IOS Software Release | Solution Maintenance Pack(MP) | |-------------------------------+-----------------------------------| | 12.2(18)SXF11 | MP002 | |-------------------------------+-----------------------------------| | 12.2(18)SXF13 | MP001 | |-------------------------------+-----------------------------------| | 12.2(18)SXF14 | MP001 | |-------------------------------+-----------------------------------| | 12.2(18)SXF15 | MP001 | |-------------------------------+-----------------------------------| | 12.2(18)SXF16 | MP001 | +-------------------------------------------------------------------+ Cisco IOS Software Modularity Maintenance Pack for 12.2SXH +-------------------------------------------------------------------+ | Cisco IOS Software Release | Solution Maintenance Pack(MP) | |-------------------------------+-----------------------------------| | 12.2(33)SXH3 | MP003 | |-------------------------------+-----------------------------------| | 12.2(33)SXH4 | MP002 | |-------------------------------+-----------------------------------| | 12.2(33)SXH5 | MP001 | +-------------------------------------------------------------------+ Workarounds =========== Disabling Cisco Express Forwarding will mitigate this vulnerability. It can be disabled in two ways: Disabling Cisco Express Forwarding Globally +------------------------------------------ Cisco Express Forwarding can be globally disabled by using the "no ip cef" global configuration command. Disabling Cisco Express Forwarding on Tunnel Interfaces +------------------------------------------------------ Cisco Express Forwarding can also be disabled on individual tunnel interfaces. To be effective, it must be disabled on all tunnel interfaces configured on an affected device. Cisco Express Forwarding can be disabled on individual interfaces as shown in the following example: interface Tunnel [interface-ID] no ip route-cache cef Note: Disabling Cisco Express Forwarding may have significant performance impact and is not recommended. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090923-tunnels.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found internally. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-Sept-23 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD4DBQFKukGg86n/Gc8U/uARAjwOAJ0QiF6I23ZEDO/8uTK+i/pHtT7e+ACTBUn9 CciG6YUGAERIKR0YMq0gcQ== =nkdE -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error exists in the login section of the Extension Mobility feature of the Cisco Unified CME (Communications Manager Express) component. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. Successful exploitation may allow execution of arbitrary code. 2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established. Successful exploitation requires that the IKE certificate based authentication method is used. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets. 4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies. 5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets. Successful exploitation requires that H.323 is enabled (disabled by default). 6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload. For more information: SA36836 7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces). 8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists. 9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP inspection feature. This can be exploited to reload a device via a specially crafted SIP transit packet. 10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. 2) Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889. The problem is Bug ID : CSCsx70889 It is a problem.Service disruption due to illegal packets (DoS) There is a possibility of being put into a state. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCsh97579, CSCsq31776, and CSCsx70889. Cisco has released free software updates that address this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. The Cisco IOS Point to Point Tunneling Protocol (PPTP) feature creates GRE tunnels that are transparent to the user. Therefore systems configured for PPTP are also vulnerable. The Cisco multicast Virtual Private Network (MVPN) feature also creates GRE tunnels that are transparent to the user, however MVPN configurations are not vulnerable, unless there are other tunnels that are configured explicitly. Vulnerable Products +------------------ A Cisco IOS device that is explicitly configured for a tunnel will have a configuration similar to the following in the output of "show running-config": interface tunnel0 ip address [IP-address] tunnel source [Tunnel-Source] tunnel destination [Tunnel Destination] An alternative method to identify devices that are configured for tunnels is to use the "show interfaces" command. A sample output is provided below: Router#show interfaces | include Tunnel Tunnel0 is up, line protocol is down Hardware is Tunnel [...] Tunnel protocol/transport GRE/IP !-- output truncated A Cisco IOS device that is configured for Cisco Express Forwarding will display the forwarding table in the output of "show ip cef" output, as in the following example: Router#show ip cef Prefix Next Hop Interface 0.0.0.0/0 10.48.64.1 Ethernet0/0 0.0.0.0/32 receive .... To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco 7200 series device running Cisco IOS Software release 12.3(19) with an installed image name of C7200-JS-M: 7200#show version Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-JS-M), Version 12.3(19), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Thu 11-May-06 22:37 by evmiller !-- output truncated The following example identifies a Cisco 7300 series device running Cisco IOS Software release 12.3(22) with an installed image name of C7301-P-M: 7301# show version Cisco Internetwork Operating System Software IOS (tm) 7301 Software (C7301-P-M), Version 12.3(22), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by cisco Systems, Inc. Compiled Wed 24-Jan-07 20:26 by ccai !-- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- Cisco IOS XR Software is not affected. Cisco IOS XE Software is not affected. IPsec and Dynamic Multipoint VPN (DMVPN) configurations that are protected by IPsec are not affected. MVPN configurations are not affected. Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) tunnels are not affected. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= A tunnel protocol encapsulates a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link between internetworking devices over an IP network. It improves network performance and scalability for networks with high and dynamic traffic patterns. Please note that using PPTP creates GRE tunnels that are transparent to the end user so devices configured for PPTP are vulnerable if they are configured on an affected software version. Using MVPN also creates GRE tunnels that are transparent to the end user. However MVPN configurations are not vulnerable. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsh97579 - switching bad packet tunnel to tunnel crashes router CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsq31776 - ip tunnels regression test can crash the router CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx70889 - Systems configured for tunnels reload after receiving malformed packets CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may result in the reload of an affected system, causing a DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0 | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0DA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.0DB | | | | | Releases up to and including 12.0(1) | 12.4(23b) | | | DB are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0DC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | 12.0(32)S14; Available on | 12.0(33)S5 | | | 25-SEP-2009 | | | 12.0S | | 12.0(32)S14; | | | 12.0(33)S5 | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.0(33)S5 | | | | | | 12.0SC | Vulnerable; first fixed in 12.0S | 12.0(32)S14; | | | | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.0(33)S5 | | | | | | 12.0SL | Vulnerable; first fixed in 12.0S | 12.0(32)S14; | | | | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0SP | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.0(33)S5 | | | | | | 12.0ST | Vulnerable; first fixed in 12.0S | 12.0(32)S14; | | | | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.0(33)S5 | | | | | | 12.0SX | Vulnerable; first fixed in 12.0S | 12.0(32)S14; | | | | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | 12.0(32)SY9a | 12.0(32)SY9a | | | | | | 12.0SY | 12.0(32)SY10; Available on | 12.0(32)SY10; | | | 25-SEP-2009 | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.0(33)S5 | | | | | | 12.0SZ | Vulnerable; first fixed in 12.0S | 12.0(32)S14; | | | | Available on | | | | 25-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0T | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.0W | | | | | Releases up to and including 12.0 | 12.4(23b) | | | (16)W5(21c) are not vulnerable. | | |------------+--------------------------------------+---------------| | | Releases prior to 12.0(5)WC3b are | | | 12.0WC | vulnerable, release 12.0(5)WC3b and | | | | later are not vulnerable | | |------------+--------------------------------------+---------------| | 12.0WT | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.0XF | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Releases prior to 12.0(4)XI2 are | 12.4(25b) | | 12.0XI | vulnerable, release 12.0(4)XI2 and | | | | later are not vulnerable; first | 12.4(23b) | | | fixed in 12.4 | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XJ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XL | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XM | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XN | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.0XR | | | | | Releases up to and including 12.0(6) | 12.4(23b) | | | XR are not vulnerable. | | |------------+--------------------------------------+---------------| | 12.0XS | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XT | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.0XV | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1 | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1AA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.1AX | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Releases up to and including 12.1 | 12.2(50)SE3 | | | (13)AY are not vulnerable. | | | 12.1AY | | 12.2(52)SE; | | | Releases 12.1(22)AY1 and later are | Available on | | | not vulnerable; first fixed in | 13-OCT-2009 | | | 12.2SE | | |------------+--------------------------------------+---------------| | 12.1AZ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1CX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1DA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1DB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1DC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.1E | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | Releases up to and including 12.1(4) | | | | EA1c are not vulnerable. | | | 12.1EA | | 12.2(50)SE3 | | | Releases 12.1(22)EA11 and later are | | | | not vulnerable; first fixed in | | | | 12.2SE | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.1EB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.2(33)SCB4 | | 12.1EC | Vulnerable; first fixed in 12.3BC | | | | | 12.3(21a)BC9 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.1EO | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.2(31)SGA11 | | 12.1EU | Vulnerable; first fixed in 12.2SG | | | | | 12.2(50)SG4 | |------------+--------------------------------------+---------------| | 12.1EV | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1EW | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1EX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.1EY | Releases up to and including 12.1(1) | | | | EY are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1EZ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1GA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1GB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1T | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XF | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XI | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XJ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XL | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XM | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XP | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XR | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.1XS | | | | | Releases up to and including 12.1(1) | 12.4(23b) | | | XS are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XT | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XU | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XV | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XW | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.1XY | | | | | Releases up to and including 12.1(4) | 12.4(23b) | | | XY are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1XZ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Releases prior to 12.1(5)YE6 are | 12.4(25b) | | 12.1YE | vulnerable, release 12.1(5)YE6 and | | | | later are not vulnerable; first | 12.4(23b) | | | fixed in 12.4 | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YF | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.1YH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.1YI | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.1YJ | Not Vulnerable | | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2 | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2B | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2BC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2BW | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2BX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2BY | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2BZ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2CX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2CY | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2CZ | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2DA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2DD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2DX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(31)SGA11 | | 12.2EW | Vulnerable; first fixed in 12.2SG | | | | | 12.2(50)SG4 | |------------+--------------------------------------+---------------| | | | 12.2(31)SGA11 | | 12.2EWA | Vulnerable; first fixed in 12.2SG | | | | | 12.2(50)SG4 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2EX | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(46)EY are | 12.2(50)SE3 | | | vulnerable, release 12.2(46)EY and | | | 12.2EY | later are not vulnerable; first | 12.2(52)SE; | | | fixed in 12.2SE | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2EZ | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | 12.2FX | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2FY | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2FZ | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | 12.2IRA | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | 12.2IRB | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IRC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXF | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXG | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXH | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2JA | Releases up to and including 12.2 | | | | (13)JA4 are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2JK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2MB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2MC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2S | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | 12.2(31)SB16 | | | | | | | 12.2SB | 12.2(33)SB6 | 12.2(33)SB7 | | | | | | | 12.2(28)SB14; Available on | | | | 20-OCT-2009 | | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2SBC | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | 12.2SCA | Vulnerable; first fixed in 12.2SCB | 12.2(33)SCB4 | |------------+--------------------------------------+---------------| | 12.2SCB | 12.2(33)SCB4 | 12.2(33)SCB4 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | 12.2(50)SE2 | | | 12.2SE | | 12.2(52)SE; | | | 12.2(52)SE; Available on 13-OCT-2009 | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SEA | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SEB | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SEC | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SED | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SEE | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(25)SEF2 are | 12.2(50)SE3 | | | vulnerable, release 12.2(25)SEF2 and | | | 12.2SEF | later are not vulnerable; first | 12.2(52)SE; | | | fixed in 12.2SE | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(25)SEG4 are | 12.2(50)SE3 | | | vulnerable, release 12.2(25)SEG4 and | | | 12.2SEG | later are not vulnerable; first | 12.2(52)SE; | | | fixed in 12.2SE | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | 12.2(50)SG4 | | | 12.2SG | | 12.2(50)SG4 | | | 12.2(53)SG | | |------------+--------------------------------------+---------------| | 12.2SGA | 12.2(31)SGA11 | 12.2(31)SGA11 | |------------+--------------------------------------+---------------| | 12.2SL | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SM | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SO | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SQ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2SRA | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | 12.2SRB | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | 12.2SRC | 12.2(33)SRC5; Available on | 12.2(33)SRD3 | | | 29-OCT-2009 | | |------------+--------------------------------------+---------------| | 12.2SRD | 12.2(33)SRD2 | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2STE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2SU | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SV | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SVA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SVC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SVD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SVE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.2SW | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2SX | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2SXA | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2SXB | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2SXD | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2SXE | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | 12.2(18)SXF17; Available on | 12.2(18) | | | 30-SEP-2009 | SXF17; | | 12.2SXF | | Available on | | | Please see IOS Software Modularity | 30-SEP-2009 | | | Patch | | |------------+--------------------------------------+---------------| | | 12.2(33)SXH6; Available on | | | | 30-OCT-2009 | 12.2(33)SXH6; | | 12.2SXH | | Available on | | | Please see IOS Software Modularity | 30-OCT-2009 | | | Patch | | |------------+--------------------------------------+---------------| | 12.2SXI | 12.2(33)SXI2 | 12.2(33)SXI2a | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2SY | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2SZ | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2T | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2TPC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.2XA | | | | | Releases up to and including 12.2(1) | 12.4(23b) | | | XA are not vulnerable. | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XB | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XF | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XI | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XJ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XL | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XM | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.2XNA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XNB | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XNC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XND | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.2(31)SGA11 | | 12.2XO | Vulnerable; first fixed in 12.2SG | | | | | 12.2(50)SG4 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XR | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XS | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XT | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XU | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XV | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2XW | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2YA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YF | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YG | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YH | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YJ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YK | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2YM | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YN | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YO | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.2YP | | | | | Releases up to and including 12.2(8) | 12.4(23b) | | | YP are not vulnerable. | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YQ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YR | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2YS | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YT | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YU | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YV | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YW | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YX | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YY | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YZ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.2(18) | | 12.2ZA | Vulnerable; first fixed in 12.2SXF | SXF17; | | | | Available on | | | | 30-SEP-2009 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2ZE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2ZF | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2ZG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.2ZH | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZJ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZP | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.2(33)SXH6; | | 12.2ZU | Vulnerable; first fixed in 12.2SXH | Available on | | | | 30-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.2ZX | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZY | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2ZYA | 12.2(18)ZYA2 | | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.3-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3 | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3B | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.3BC | 12.3(21a)BC9 | 12.3(21a)BC9 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3BW | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.3EU | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3JA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3JEA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3JEB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3JEC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3JK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3JL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.3JX | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3T | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3TPC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3VA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3XB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XC | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XE | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3XF | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.2(31)SB16 | | 12.3XI | Vulnerable; first fixed in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | | | 12.4(15)XR7 | | 12.3XJ | Vulnerable; first fixed in 12.4XR | | | | | 12.4(22)XR | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XK | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(20)T4 | | | | | | | | 12.4(22)T3 | | 12.3XL | Vulnerable; first fixed in 12.4T | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XR | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XS | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3XU | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)XR7 | | 12.3XW | Vulnerable; first fixed in 12.4XR | | | | | 12.4(22)XR | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XY | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3XZ | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(25b) | | 12.3YA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YD | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)XR7 | | 12.3YF | Vulnerable; first fixed in 12.4XR | | | | | 12.4(22)XR | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YG | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YH | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YI | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YJ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YK | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YM | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YQ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YS | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YU | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)XR7 | | 12.3YX | Vulnerable; first fixed in 12.4XR | | | | | 12.4(22)XR | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3YZ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3ZA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.4-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | 12.4(23b) | 12.4(25b) | | 12.4 | | | | | 12.4(25b) | 12.4(23b) | |------------+--------------------------------------+---------------| | 12.4GC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JA | 12.4(13d)JA | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JDA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JDC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JDD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JK | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JMA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4JMB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.4JX | Vulnerable; first fixed in 12.4JA | | |------------+--------------------------------------+---------------| | | | 12.4(11)MD9 | | | | | | 12.4MD | 12.4(11)MD9 | 12.4(15)MD3 | | | | | | | | 12.4(22)MD1 | |------------+--------------------------------------+---------------| | 12.4MDA | 12.4(22)MDA1 | 12.4(22)MDA1 | |------------+--------------------------------------+---------------| | | Releases prior to 12.4(19)MR3 are | | | 12.4MR | vulnerable, release 12.4(19)MR3 and | 12.4(19)MR3 | | | later are not vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4SW | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | 12.4(15)T10 | | | | | 12.4(20)T4 | | | 12.4(20)T4 | | | 12.4T | | 12.4(22)T3 | | | 12.4(22)T2 | | | | | 12.4(24)T2; | | | 12.4(24)T2;Available on 23-OCT-2009 | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XB | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XC | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XD | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XE | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XF | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XG | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XJ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XK | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4XL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XM | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4XN | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4XP | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XQ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | 12.4(22)XR | 12.4(15)XR7 | | 12.4XR | | | | | 12.4(15)XR6 | 12.4(22)XR | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4XV | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XW | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XY | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XZ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4YA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | 12.4YB | 12.4(22)YB4 | 12.4(22)YB4 | |------------+--------------------------------------+---------------| | 12.4YD | 12.4(22)YD1 | 12.4(22)YD1 | |------------+--------------------------------------+---------------| | 12.4YE | 12.4(22)YE1 | 12.4(22)YE1 | +-------------------------------------------------------------------+ Cisco IOS Software Modularity - Maintenance Packs +------------------------------------------------ Customers who are using Cisco IOS Software Modularity can apply the respective maintenance packs. More information on Cisco IOS Software Modularity can be found at the following link: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_bulletin0900aecd80313e15.html The Maintenance Packs listed below can be downloaded at: http://www.cisco.com/go/pn Cisco IOS Software Modularity Maintenance Pack for 12.2SXF +--------------------------------------------------------- +-------------------------------------------------------------------+ | Cisco IOS Software Release | Solution Maintenance Pack(MP) | |-------------------------------+-----------------------------------| | 12.2(18)SXF11 | MP002 | |-------------------------------+-----------------------------------| | 12.2(18)SXF13 | MP001 | |-------------------------------+-----------------------------------| | 12.2(18)SXF14 | MP001 | |-------------------------------+-----------------------------------| | 12.2(18)SXF15 | MP001 | |-------------------------------+-----------------------------------| | 12.2(18)SXF16 | MP001 | +-------------------------------------------------------------------+ Cisco IOS Software Modularity Maintenance Pack for 12.2SXH +-------------------------------------------------------------------+ | Cisco IOS Software Release | Solution Maintenance Pack(MP) | |-------------------------------+-----------------------------------| | 12.2(33)SXH3 | MP003 | |-------------------------------+-----------------------------------| | 12.2(33)SXH4 | MP002 | |-------------------------------+-----------------------------------| | 12.2(33)SXH5 | MP001 | +-------------------------------------------------------------------+ Workarounds =========== Disabling Cisco Express Forwarding will mitigate this vulnerability. It can be disabled in two ways: Disabling Cisco Express Forwarding Globally +------------------------------------------ Cisco Express Forwarding can be globally disabled by using the "no ip cef" global configuration command. Disabling Cisco Express Forwarding on Tunnel Interfaces +------------------------------------------------------ Cisco Express Forwarding can also be disabled on individual tunnel interfaces. To be effective, it must be disabled on all tunnel interfaces configured on an affected device. Cisco Express Forwarding can be disabled on individual interfaces as shown in the following example: interface Tunnel [interface-ID] no ip route-cache cef Note: Disabling Cisco Express Forwarding may have significant performance impact and is not recommended. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090923-tunnels.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found internally. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-Sept-23 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD4DBQFKukGg86n/Gc8U/uARAjwOAJ0QiF6I23ZEDO/8uTK+i/pHtT7e+ACTBUn9 CciG6YUGAERIKR0YMq0gcQ== =nkdE -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error exists in the login section of the Extension Mobility feature of the Cisco Unified CME (Communications Manager Express) component. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. Successful exploitation may allow execution of arbitrary code. 2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established. Successful exploitation requires that the IKE certificate based authentication method is used. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets. 4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies. 5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets. Successful exploitation requires that H.323 is enabled (disabled by default). 6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload. For more information: SA36836 7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces). 8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists. 9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP inspection feature. This can be exploited to reload a device via a specially crafted SIP transit packet. 10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. 2) Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. Cisco IOS is prone to a remote authentication-bypass vulnerability. Successfully exploiting this issue allows remote attackers to gain access to vulnerable devices without requiring successful authentication. This issue is being tracked by Cisco bug ID CSCsy15227. The username for the initial connection is the same. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Ten of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright \xa9) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih <output truncated> The following example shows a product that is running Cisco IOS Software release 12.4(20)T with an image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright \xa9) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team <output truncated> Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html. The following example identifies firewall authentication proxy services using the ip auth-proxy under the proxy rule name example_auth_proxy_name: Router#show running-config <output truncated> ! ! Set up the aaa new model to use the authentication proxy. ! aaa authorization auth-proxy default group ! ! Apply a name to the authentication proxy configuration rule. ! ip auth-proxy name example_auth_proxy_name http ! ! Apply the authentication proxy rule at an interface. ! interface e0 ip auth-proxy example_auth_proxy_name ! <output truncated> The following example identifies firewall authentication proxy services running for HTTP under the proxy rule name example_auth_proxy_name, using the ip admission commands. This is the same configuration as Web Authentication: Router#show running-config <output truncated> ! ! Set up the aaa new model to use the authentication proxy. ! aaa authorization auth-proxy default group ! ! Apply a name to the authentication proxy configuration rule. ! ip admission name example_auth_proxy_name proxy http inactivity-time 60 ! ! Apply the authentication proxy rule at an interface. ! interface FastEthernet0/1 ip admission example_auth_proxy_name ! <output truncated> The following example identifies a device configured with the consent feature under the consent rule name example_consent_rule: Router#show running-config <output truncated> ! ! Apply a name to the consent configuration rule. ! ip admission name example_consent_rule consent ! ! Apply the consent rule at an interface. With the authentication proxy feature, users can log in to the network or access the Internet via HTTP, and their specific access profiles are automatically retrieved and applied from a CiscoSecure ACS, or other RADIUS or TACACS+ authentication server. The user profiles are active only when there is active traffic from the authenticated users. Web Authentication feature leverages the underlying authentication proxy feature. The consent feature for Cisco IOS routers enables organizations to provide temporary Internet and corporate access to end users through their wired and wireless networks by presenting a consent webpage. The consent feature can be used with or without requesting a username and password, but still leverages the underlying authentication proxy feature. At least one successfully authenticated session or accepted consent session must exist for the vulnerability to be exposed. When this occurs, the RADIUS or TACACS+ server will show subsequent users as authenticated, all with the same username as the initial connection if performing authentication, regardless of the authentication information provided by the user and whether it was defined on the AAA server, and regardless of whether the password was correct. This vulnerability is caused by a race condition in the code, and several conditions outside the control of a malicious user and must be met before this vulnerability could be exploited. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsy15227 - Cisco IOS Software Authentication Proxy Vulnerability CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may result in an unauthenticated and unauthorized user bypassing the authentication proxy services offered in Cisco IOS Authentication Proxy for HTTP(S) and/or bypassing the consent accept webpage. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerability at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | 12.0 | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0DA | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Releases up to and including 12.0(4) | | | | DB are not vulnerable. | 12.4(23b) | | 12.0DB | | | | | Releases 12.0(7)DB and later are not | 12.4(25b) | | | vulnerable; first fixed in 12.4 | | |------------+--------------------------------------+---------------| | | Releases up to and including 12.0(3) | | | | DC1 are not vulnerable. | 12.4(23b) | | 12.0DC | | | | | Releases 12.0(7)DC and later are not | 12.4(25b) | | | vulnerable; first fixed in 12.4 | | |------------+--------------------------------------+---------------| | 12.0S | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0SC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0SL | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0SP | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0ST | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0SX | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0SY | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0SZ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(23b) | | 12.0T | | | | | Releases up to and including 12.0(4) | 12.4(25b) | | | T1 are not vulnerable. | | |------------+--------------------------------------+---------------| | 12.0W | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Releases prior to 12.0(5)WC4 are | | | 12.0WC | vulnerable, release 12.0(5)WC4 and | | | | later are not vulnerable | | |------------+--------------------------------------+---------------| | 12.0WT | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XB | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XD | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(23b) | | 12.0XE | | | | | Releases up to and including 12.0(5) | 12.4(25b) | | | XE are not vulnerable. | | |------------+--------------------------------------+---------------| | 12.0XF | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XG | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XH | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XI | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XJ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.0XK | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.0XL | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XM | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XN | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XQ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(23b) | | 12.0XR | | | | | Releases up to and including 12.0(6) | 12.4(25b) | | | XR are not vulnerable. | | |------------+--------------------------------------+---------------| | 12.0XS | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XT | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.0XV | Not Vulnerable | | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1 | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.1AA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1AX | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Releases up to and including 12.1 | 12.2(50)SE3 | | | (13)AY are not vulnerable. | | | 12.1AY | | 12.2(52)SE; | | | Releases 12.1(22)AY1 and later are | Available on | | | not vulnerable; first fixed in | 13-OCT-2009 | | | 12.2SE | | |------------+--------------------------------------+---------------| | 12.1AZ | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1CX | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1DA | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Releases up to and including 12.1(3) | | | | DB1 are not vulnerable. | 12.4(23b) | | 12.1DB | | | | | Releases 12.1(4)DB1 and later are | 12.4(25b) | | | not vulnerable; first fixed in 12.4 | | |------------+--------------------------------------+---------------| | | Releases up to and including 12.1(4) | | | | DC are not vulnerable. | 12.4(23b) | | 12.1DC | | | | | Releases 12.1(4)DC2 and later are | 12.4(25b) | | | not vulnerable; first fixed in 12.4 | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.1E | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Releases up to and including 12.1(6) | | | | EA1a are not vulnerable. | 12.2(50)SE3; | | 12.1EA | | Available on | | | Releases 12.1(8)EA1c and later are | 13-OCT-2009 | | | not vulnerable; first fixed in | | | | 12.2SE | | |------------+--------------------------------------+---------------| | 12.1EB | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1EC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1EO | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1EU | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1EV | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1EW | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(23b) | | 12.1EX | | | | | Releases up to and including 12.1(2) | 12.4(25b) | | | EX are not vulnerable. | | |------------+--------------------------------------+---------------| | 12.1EY | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1EZ | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1GA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1GB | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1T | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.1XA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1XB | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1XC | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.1XD | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1XE | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1XF | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1XG | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1XH | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1XI | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1XJ | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | Releases prior to 12.1(3a)XL2 are | 12.4(23b) | | 12.1XL | vulnerable, release 12.1(3a)XL2 and | | | | later are not vulnerable; first | 12.4(25b) | | | fixed in 12.4 | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1XM | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1XP | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.1XQ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1XR | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.1XS | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(23b) | | 12.1XT | | | | | Releases up to and including 12.1(2) | 12.4(25b) | | | XT2 are not vulnerable. | | |------------+--------------------------------------+---------------| | 12.1XU | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1XV | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1XW | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1XX | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1XY | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1XZ | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.1YA | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(23b) | | 12.1YB | | | | | Releases up to and including 12.1(5) | 12.4(25b) | | | YB are not vulnerable. | | |------------+--------------------------------------+---------------| | 12.1YC | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1YD | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | Releases prior to 12.1(5)YE6 are | 12.4(23b) | | 12.1YE | vulnerable, release 12.1(5)YE6 and | | | | later are not vulnerable; first | 12.4(25b) | | | fixed in 12.4 | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.1YF | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.1YH | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.1YI | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.1YJ | Not Vulnerable | | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2 | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(23b) | | 12.2B | | | | | Releases up to and including 12.2(2) | 12.4(25b) | | | B7 are not vulnerable. | | |------------+--------------------------------------+---------------| | 12.2BC | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2BW | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.2BX | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2BY | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2BZ | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2CX | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2CY | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; migrate to any release | 12.2(31)SB16 | | 12.2CZ | in 12.2SB | | | | | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | 12.2DA | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2DD | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.2DX | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2EW | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2EWA | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.2SE | 12.2(50)SE3 | | | | | | 12.2EX | Releases up to and including 12.2 | 12.2(52)SE; | | | (37)EX are not vulnerable. | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.2SE | 12.2(50)SE3 | | | | | | 12.2EY | Releases up to and including 12.2 | 12.2(52)SE; | | | (25)EY4 are not vulnerable. | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | 12.2EZ | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2FX | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2FY | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2FZ | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | 12.2IRA | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | 12.2IRB | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IRC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXF | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXG | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2IXH | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2JA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2JK | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2MB | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2MC | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Note: Releases prior to 12.2(30)S | 12.2(31)SB16 | | 12.2S | are vulnerable, release 12.2(30)S | | | | and later are not vulnerable; | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | 12.2SB | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Note: Releases prior to 12.2(27)SBC3 | 12.2(31)SB16 | | 12.2SBC | are vulnerable, release 12.2(27)SBC3 | | | | and later are not vulnerable; | 12.2(33)SB7 | |------------+--------------------------------------+---------------| | 12.2SCA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2SCB | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | 12.2(50)SE3 | | | 12.2SE | | 12.2(52)SE; | | | 12.2(52)SE; Available on 13-OCT-2009 | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | 12.2SEA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2SEB | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SEC | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SED | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.2(50)SE3 | | | | | | 12.2SEE | Vulnerable; first fixed in 12.2SE | 12.2(52)SE; | | | | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(25)SEF2 are | 12.2(50)SE3 | | | vulnerable, release 12.2(25)SEF2 and | | | 12.2SEF | later are not vulnerable; first | 12.2(52)SE; | | | fixed in 12.2SE | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(25)SEG4 are | 12.2(50)SE3 | | | vulnerable, release 12.2(25)SEG4 and | | | 12.2SEG | later are not vulnerable; first | 12.2(52)SE; | | | fixed in 12.2SE | Available on | | | | 13-OCT-2009 | |------------+--------------------------------------+---------------| | | 12.2(50)SG4 | | | 12.2SG | | 12.2(50)SG4 | | | 12.2(53)SG1; Available on | | | | 07-DEC-2009 | | |------------+--------------------------------------+---------------| | 12.2SGA | 12.2(31)SGA11 | 12.2(31)SGA11 | |------------+--------------------------------------+---------------| | 12.2SL | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2SM | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2SO | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SQ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2SRA | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | 12.2SRB | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+--------------------------------------+---------------| | 12.2SRC | 12.2(33)SRC5; Available on | 12.2(33)SRD3 | | | 29-OCT-2009 | | |------------+--------------------------------------+---------------| | | 12.2(33)SRD2a | | | 12.2SRD | | 12.2(33)SRD3 | | | 12.2(33)SRD3 | | |------------+--------------------------------------+---------------| | 12.2STE | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2SU | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.2SV | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2SVA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2SVC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2SVD | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2SVE | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2SW | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SX | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SXA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SXB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SXD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2SXE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | 12.2(18)SXF17; Available on | 12.2(18) | | | 30-SEP-2009 | SXF17; | | 12.2SXF | | Available on | | | Please see IOS Software Modularity | 30-SEP-2009 | | | Patch | | |------------+--------------------------------------+---------------| | | 12.2(33)SXH6; Available on | | | | 30-OCT-2009 | 12.2(33)SXH6; | | 12.2SXH | | Available on | | | Please see IOS Software Modularity | 30-OCT-2009 | | | Patch | | |------------+--------------------------------------+---------------| | | 12.2(33)SXI2 | | | 12.2SXI | | 12.2(33)SXI2a | | | 12.2(33)SXI2a | | |------------+--------------------------------------+---------------| | 12.2SY | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2SZ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2T | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2TPC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(23b) | | 12.2XA | | | | | Releases up to and including 12.2(1) | 12.4(25b) | | | XA are not vulnerable. | | |------------+--------------------------------------+---------------| | | Vulnerable; first fixed in 12.4 | 12.4(23b) | | 12.2XB | | | | | Releases up to and including 12.2(2) | 12.4(25b) | | | XB1 are not vulnerable. | | |------------+--------------------------------------+---------------| | 12.2XC | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.2XE | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XF | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XH | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.2XI | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XJ | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XK | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XL | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XM | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.2XNA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XNB | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XNC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XND | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.2(31)SGA11 | | 12.2XO | Vulnerable; first fixed in 12.2SG | | | | | 12.2(50)SG4 | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.2XR | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2XS | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XT | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.2XU | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XV | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2XW | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(4)YA8 are | 12.4(23b) | | 12.2YA | vulnerable, release 12.2(4)YA8 and | | | | later are not vulnerable; first | 12.4(25b) | | | fixed in 12.4 | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YB | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2YD | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YE | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YF | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2YG | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YH | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YJ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2YK | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2YM | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YN | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YO | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2YP | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YQ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YR | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2YS | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2YT | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YU | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(11)YV1 are | | | 12.2YV | vulnerable, release 12.2(11)YV1 and | | | | later are not vulnerable | | |------------+--------------------------------------+---------------| | 12.2YW | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YX | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2YY | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2YZ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2ZA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2ZB | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.2ZC | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZD | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2ZE | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2ZF | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.2ZG | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | Releases prior to 12.2(13)ZH6 are | 12.4(23b) | | 12.2ZH | vulnerable, release 12.2(13)ZH6 and | | | | later are not vulnerable; first | 12.4(25b) | | | fixed in 12.4 | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZJ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZL | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | 12.2ZP | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.2(33)SXH6; | | 12.2ZU | Vulnerable; first fixed in 12.2SXH | Available on | | | | 30-OCT-2009 | |------------+--------------------------------------+---------------| | 12.2ZX | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZY | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.2ZYA | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.3-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3 | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3B | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.3BC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3BW | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3EU | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3JA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3JEA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3JEB | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3JEC | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Releases up to and including 12.3(2) | | | | JK3 are not vulnerable. | 12.4(23b) | | 12.3JK | | | | | Releases 12.3(8)JK1 and later are | 12.4(25b) | | | not vulnerable; first fixed in 12.4 | | |------------+--------------------------------------+---------------| | 12.3JL | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3JX | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3T | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3TPC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3VA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3XA | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.3XB | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Releases prior to 12.3(2)XC4 are | 12.4(23b) | | 12.3XC | vulnerable, release 12.3(2)XC4 and | | | | later are not vulnerable; first | 12.4(25b) | | | fixed in 12.4 | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3XD | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3XE | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3XF | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3XG | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.3XI | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3XJ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3XK | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(20)T4 | | | | | | | | 12.4(22)T3 | | 12.3XL | Vulnerable; first fixed in 12.4T | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3XQ | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3XR | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3XS | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.3XU | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3XW | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3XX | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.3XY | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3XZ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(23b) | | 12.3YA | Vulnerable; first fixed in 12.4 | | | | | 12.4(25b) | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YD | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | 12.3YF | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YG | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YH | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YI | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | 12.3YJ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YK | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YM | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | 12.3YQ | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YS | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | 12.3YU | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.3YX | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.3YZ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3ZA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | Affected | | Recommended | | 12.4-Based | First Fixed Release | Release | | Releases | | | |------------+--------------------------------------+---------------| | | 12.4(23a) | 12.4(23b) | | 12.4 | | | | | 12.4(25a) | 12.4(25b) | |------------+--------------------------------------+---------------| | 12.4GC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JDA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JDC | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JDD | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JK | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JL | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JMA | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JMB | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4JX | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4MD | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4MDA | Not Vulnerable | | |------------+--------------------------------------+---------------| | | Releases prior to 12.4(19)MR1 are | | | 12.4MR | vulnerable, release 12.4(19)MR1 and | | | | later are not vulnerable | | |------------+--------------------------------------+---------------| | 12.4SW | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | 12.4(24)T1 | | | | | 12.4(20)T4 | | | 12.4(20)T3 | | | 12.4T | | 12.4(22)T3 | | | 12.4(22)T2 | | | | | 12.4(24)T2; | | | 12.4(15)T9 | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | 12.4XB | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XC | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XD | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XE | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XF | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | 12.4XG | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XJ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XK | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | 12.4XL | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4XM | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4XN | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4XP | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4XQ | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4XR | Not Vulnerable | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | Vulnerable; Contact your support | | | 12.4XV | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XW | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XY | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XZ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4YA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+--------------------------------------+---------------| | 12.4YB | 12.4(22)YB4 | 12.4(22)YB4 | |------------+--------------------------------------+---------------| | 12.4YD | Not Vulnerable | | |------------+--------------------------------------+---------------| | 12.4YE | Not Vulnerable | | +-------------------------------------------------------------------+ Cisco IOS Software Modularity - Maintenance Packs +------------------------------------------------ Customers who are using Cisco IOS Software Modularity can apply the respective maintenance packs. More information on Cisco IOS Software Modularity can be found at the following link: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_bulletin0900aecd80313e15.html The Maintenance Packs listed below can be downloaded at: http://www.cisco.com/go/pn Cisco IOS Software Modularity Maintenance Pack for 12.2SXF +--------------------------------------------------------- +-------------------------------------------------------------------+ | Cisco IOS Software Release | Solution Maintenance Pack(MP) | |-------------------------------+-----------------------------------| | 12.2(18)SXF11 | MP002 | |-------------------------------+-----------------------------------| | 12.2(18)SXF13 | MP001 | |-------------------------------+-----------------------------------| | 12.2(18)SXF14 | MP001 | |-------------------------------+-----------------------------------| | 12.2(18)SXF15 | MP001 | |-------------------------------+-----------------------------------| | 12.2(18)SXF16 | MP001 | +-------------------------------------------------------------------+ Cisco IOS Software Modularity Maintenance Pack for 12.2SXH +--------------------------------------------------------- +-------------------------------------------------------------------+ | Cisco IOS Software Release | Solution Maintenance Pack(MP) | |-------------------------------+-----------------------------------| | 12.2(33)SXH3 | MP003 | |-------------------------------+-----------------------------------| | 12.2(33)SXH4 | MP002 | |-------------------------------+-----------------------------------| | 12.2(33)SXH5 | MP001 | +-------------------------------------------------------------------+ Workarounds =========== There are no workarounds for this vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. The Cisco PSIRT is not aware of malicious exploitation of this vulnerability, although we are aware of some customers who have seen this vulnerability triggered within their infrastructures. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2009-September-23 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKukF886n/Gc8U/uARAterAJ9rtqHnNgutl0dgsYwBYzS0bOsvggCgmfPe enMQhMdVPH6I4eGhvb6jKXg= =9HOM -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36835 VERIFY ADVISORY: http://secunia.com/advisories/36835/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or compromise a vulnerable device. 1) An error exists in the login section of the Extension Mobility feature of the Cisco Unified CME (Communications Manager Express) component. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. Successful exploitation may allow execution of arbitrary code. 2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established. Successful exploitation requires that the IKE certificate based authentication method is used. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets. Successful exploitation requires that the device is configured for PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP tunnels, and Cisco Express Forwarding. 4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies. 5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets. Successful exploitation requires that H.323 is enabled (disabled by default). 6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload. For more information: SA36836 7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces). 9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP inspection feature. This can be exploited to reload a device via a specially crafted SIP transit packet. 10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. 2) Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423. Cisco Unified Communications Manager (CUCM) There is a service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCsz95423 It is a problem.Malformed by a third party SIP Service disruption via message (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause an interruption in voice services, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCsz95423. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cm.shtml Note: Cisco IOS\xae Software is also affected by the vulnerability described in this advisory. A companion advisory for Cisco IOS software is available at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products ================= The vulnerability described in this document applies to the Cisco Unified Communications Manager. The software version can also be determined by running the "show version active" command via the command-line interface. A SIP trunk must be configured for the Cisco Unified CallManager server to begin listening for SIP messages on TCP and UDP port 5060 and TCP/5061. However, in Cisco Unified Communications Manager versions 5.x and later, the use of SIP as a call signaling protocol is enabled by default and cannot be disabled. A companion security advisory for Cisco IOS Software is available at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml Products Confirmed Not Vulnerable +-------------------------------- Cisco Unified CallManager versions 4.x are not affected by this vulnerability. With the exception of Cisco IOS software, no other Cisco products are currently known to be affected by this vulnerability. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, voice-over-IP gateways, and multimedia applications. SIP is a popular signaling protocol that manages voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol is flexible enough to accommodate other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP port 5061) as the underlying transport protocol. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsz95423 - Crafted SIP packet may cause CM process to crash CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability that is described in this advisory could result in a reload of the Cisco Unified Communications Manager process, which may result in the interruption of voice services. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The following table contains the first fixed software release for this vulnerability. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. +---------------------------------------+ | Release | First Fixed Version | |-----------+---------------------------| | 4.x | Not Vulnerable | |-----------+---------------------------| | 5.x | 5.1(3g) | |-----------+---------------------------| | 6.x | 6.1(4) | |-----------+---------------------------| | 7.0.x | 7.0(2a)su1 | |-----------+---------------------------| | 7.1.x | 7.1(2) | +---------------------------------------+ Workarounds =========== There are no workarounds for this vulnerability. It is possible to mitigate this vulnerability by implementing filtering on screening devices and permitting TCP/UDP access to ports 5060 and TCP/5061 only from networks that require SIP access to Cisco Unified Communications Manager servers. Use the following instructions to change the ports from their default values: Step 1 Log into the Cisco Unified CallManager Administration web interface. Step 3 Change the fields SIP Phone Port and SIP Phone Secure Port fields to a non standard port and click Save. SIP Phone Port, which is 5060 by default, refers to the TCP and UDP ports where the Cisco Unified Communications Manager listens for normal SIP messages, and SIP Phone Secure Port, by default 5061, refers to the TCP port where the Cisco Unified Communications Manager listens for SIP over TLS messages. For information on how to restart the service, refer to the "Restarting the Cisco CallManager Service" section of the document at: http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/admin/7_0_1/ccmcfg/b03dpi.html#wp1075124 Additional mitigations that can be deployed on Cisco devices in the network are available in the companion document "Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Denial of Service Vulnerabilities in Cisco Unified Communications Manager and Cisco IOS Software", which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20090923-voice.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2009-September-23 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKukGE86n/Gc8U/uARAp0sAJ9WOsbXB1KzPl36kQRFCcVHLqC9twCgiOQx lBVMS0I0ypD4TW2DBvWPkLM= =1qvW -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. The vulnerability is caused due to an error in the SIP implementation. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cm.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779. Attackers can exploit this issue to execute arbitrary code or to cause denial-of-service conditions. This issue is documented by Cisco Bug ID CSCsq58779. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36835 VERIFY ADVISORY: http://secunia.com/advisories/36835/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or compromise a vulnerable device. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. 2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established. Successful exploitation requires that the IKE certificate based authentication method is used. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets. Successful exploitation requires that the device is configured for PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP tunnels, and Cisco Express Forwarding. 4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies. 5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets. 6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload. For more information: SA36836 7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces). 8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists. 9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP inspection feature. This can be exploited to reload a device via a specially crafted SIP transit packet. 10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. 2) Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Cisco has released free software updates that address this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. logout-profile [logout-profile tag] To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name is displayed in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih <output truncated> The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team <output truncated> Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html . Cisco IOS XR is not affected. Cisco IOS XE is not affected. Cisco Unified Communications Manager is not affected. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified CME is the call processing component of an enhanced IP telephony solution that is integrated into Cisco IOS. A user login service allows phone users to temporarily access a physical phone other than their own phone and utilize their personal settings, such as directory number, speed-dial lists, and services, that is assigned to their own desk phone. The phone user can make and receive calls on that phone using the same personal directory number as is on their own desk phone. Such packets can only come from registered phone IP addresses in the form of HTTP requests. If the auto-registration feature is enabled, an attacker can register its IP address and subsequently send a crafted payload to exploit this vulnerability. The auto-registration feature is enabled by default. More information on auto-registration can be found at the following link: http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/command/reference/cme_a1ht.html#wp1031242. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsq58779 - Vulnerability in Extension Mobility Feature CVSS Base Score - 7.6 Access Vector - Network Access Complexity - High Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 6.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of this vulnerability may result in the execution of arbitrary code or a Denial of Service (DoS) condition on an affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major Release | Availability of Repaired Releases | |----------------------+--------------------------------------------| | Affected 12.0-Based | First Fixed | Recommended Release | | Releases | Release | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases. | |-------------------------------------------------------------------| | Affected 12.1-Based | First Fixed | Recommended Release | | Releases | Release | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases. | |-------------------------------------------------------------------| | Affected 12.2-Based | First Fixed | Recommended Release | | Releases | Release | | |-------------------------------------------------------------------| | There are no affected 12.2 based releases. | |-------------------------------------------------------------------| | Affected 12.3-Based | First Fixed | Recommended Release | | Releases | Release | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases. | |-------------------------------------------------------------------| | Affected 12.4-Based | First Fixed | Recommended Release | | Releases | Release | | |----------------------+---------------+----------------------------| | 12.4 | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4GC | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4JA | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4JDA | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4JDC | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4JDD | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4JK | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4JL | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4JMA | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4JMB | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4JX | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4MD | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4MDA | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4MR | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4SW | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4T | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XA | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XB | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XC | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XD | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XE | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XF | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XG | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XJ | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XK | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XL | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XM | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XN | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XP | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XQ | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XR | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XT | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4XV | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | | | 12.4(20)T4 | | | | | | 12.4XW | 12.4(11)XW8 | 12.4(22)T3 | | | | | | | | 12.4(24)T2; Available on | | | | 23-OCT-2009 | |----------------------+---------------+----------------------------| | | | 12.4(20)T4 | | | | | | 12.4XY | 12.4(15)XY4 | 12.4(22)T3 | | | | | | | | 12.4(24)T2; Available on | | | | 23-OCT-2009 | |----------------------+---------------+----------------------------| | | | 12.4(20)T4 | | | | | | 12.4XZ | 12.4(15)XZ1 | 12.4(22)T3 | | | | | | | | 12.4(24)T2; Available on | | | | 23-OCT-2009 | |----------------------+---------------+----------------------------| | | | 12.4(20)T4 | | | | | | 12.4YA | 12.4(20)YA1 | 12.4(22)T3 | | | | | | | | 12.4(24)T2; Available on | | | | 23-OCT-2009 | |----------------------+---------------+----------------------------| | 12.4YB | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4YD | Not | | | | Vulnerable | | |----------------------+---------------+----------------------------| | 12.4YE | Not | | | | Vulnerable | | +-------------------------------------------------------------------+ Workarounds =========== There are no workarounds to mitigate this vulnerability, other than disabling Extension Mobility. However, auto-registration can be disabled to make exploitation more difficult. Auto-registration can be disabled by the following command: telephony-service no auto-reg-ephone Before disabling auto-registration, all phone MAC addresses need to be explicitly defined on the Cisco Unified CME. Otherwise phones will not be able to register. More information on auto-registration can be found at the following link: http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/command/reference/cme_a1ht.html#wp1031242 Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090923-cme.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found internally. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2009-September-23 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKukGH86n/Gc8U/uARAgunAJ90YNHlxpf2v1OEz8qFEo7oqmNAqACfbq6X iHSiDV5CevynZQRrKe+sRiU= =Fp40 -----END PGP SIGNATURE-----

Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP transit packet, aka Bug ID CSCsr18691. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsr18691. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products ================= This vulnerability affects a limited number of Cisco IOS Software releases. Consult the "Software Versions and Fixes" section of this advisory for the details of affected releases. Vulnerable Products +------------------ To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright \xa9) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih <output truncated> The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright \xa9) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team <output truncated> Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html The device is vulnerable if the configuration has either a layer 3 or layer 7 SIP application-specific policy configured, and these policies are applied to any firewall zone. To determine whether the device is running a vulnerable configuration, log in to the device and issue the command line interface (CLI) command "show policy-map type inspect zone-pair | include atch: access|protocol sip". If the output contains "Match: protocol sip", the device is vulnerable. If the output contains "Match: access-group number", then the device is only vulnerable "if", the referenced access list permits the SIP protocol (UDP port 5060, or TCP ports 5060 and 5061). The following example shows a vulnerable device configured with Cisco IOS Zone-Based Policy Firewall SIP inspection: Router#show policy-map type inspect zone-pair | include atch: access|protocol sip Match: protocol sip Router# The following example shows a vulnerable device configured with SIP inspection by way of an applied access list: Router#show policy-map type inspect zone-pair | include atch: access|protocol sip Match: access-group 102 Router# Router#show access-list 102 Extended IP access list 102 10 permit udp any any eq 5060 20 permit tcp any any eq 5060 30 permit tcp any any eq 5061 Router# A device that is not configured for SIP inspection or does not support this configuration will return either a blank line or an error message. Products confirmed not vulnerable include: * Cisco PIX 500 Series Firewall * Cisco ASA 5500 Series Adaptive Security Appliance * Firewall Services Module (FWSM) for Catalyst 6500 Series Switches and 7600 Series Routers * Virtual Firewall (VFW) application on the multiservice blade (MSB) on the Cisco XR 12000 Series Router * Cisco ACE Application Control Engine Module * Cisco IOS devices NOT configured with Cisco IOS Zone-Based Policy Firewall SIP inspection. * Cisco IOS devices configured with legacy Cisco IOS Firewall Support for SIP (CBAC) * Cisco IOS XE Software * Cisco IOS XR Software Details ======= Firewalls are networking devices that control access to the network assets of an organization. Firewalls are often positioned at the entrance points into networks. Cisco IOS software provides a set of security features that enable you to configure a simple or elaborate firewall policy, according to your particular requirements. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsr18691 - Cisco IOS Software Zone-Based Policy Firewall CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may result in a reload of the affected device. Repeated exploit attempts may result in a sustained DoS attack. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major Release | Availability of Repaired Releases | |-----------------+-------------------------------------------------| | Affected | | | | 12.0-Based | First Fixed Release | Recommended Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases | |-------------------------------------------------------------------| | Affected | | | | 12.1-Based | First Fixed Release | Recommended Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | | | | 12.2-Based | First Fixed Release | Recommended Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.2 based releases | |-------------------------------------------------------------------| | Affected | | | | 12.3-Based | First Fixed Release | Recommended Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | | | | 12.4-Based | First Fixed Release | Recommended Release | | Releases | | | |-----------------+---------------------------+---------------------| | 12.4 | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4GC | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4JA | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4JDA | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4JDC | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4JDD | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4JK | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4JL | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4JMA | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4JMB | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4JX | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4MD | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4MDA | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4MR | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4SW | Not Vulnerable | | |-----------------+---------------------------+---------------------| | | Releases prior to 12.4 | 12.4(20)T4 | | | (20)T are not vulnerable; | | | | | 12.4(22)T3 | | 12.4T | 12.4(20)T2 | | | | | 12.4(24)T2; | | | 12.4(22)T1 | Available on | | | | 23-OCT-2009 | | | 12.4(24)T | | |-----------------+---------------------------+---------------------| | 12.4XA | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XB | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XC | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XD | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XE | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XF | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XG | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XJ | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XK | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XL | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XM | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XN | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XP | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XQ | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XR | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XT | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XV | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XW | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4XY | Not Vulnerable | | |-----------------+---------------------------+---------------------| | | | 12.4(20)T4 | | | | | | | Vulnerable; first fixed | 12.4(22)T3 | | 12.4XZ | in 12.4T | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |-----------------+---------------------------+---------------------| | | | 12.4(22)T3 | | | Vulnerable; first fixed | | | 12.4YA | in 12.4T | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |-----------------+---------------------------+---------------------| | | | 12.4(22)YB4 | | | | | | 12.4YB | 12.4(22)YB4 | 12.4(22)YB5; | | | | Available on | | | | 19-OCT-2009 | |-----------------+---------------------------+---------------------| | 12.4YD | Not Vulnerable | | |-----------------+---------------------------+---------------------| | 12.4YE | Not Vulnerable | | +-------------------------------------------------------------------+ Workarounds =========== The only workaround for this vulnerability is to disable Cisco IOS zone-based policy firewall SIP inspection in the affected device's configuration. Disabling SIP inspection will allow the rest of the firewall features to continue to function until a software upgrade can be implemented. All other firewall features will continue to perform normally. Disabling SIP Inspection will vary depending on the implementation of the SIP inspection firewall. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered by Cisco internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2009-September-23 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKukGO86n/Gc8U/uARAiwEAKCXGG7xSxS+kMllVPDdOacuAZV9vACfcVVG 3Lm0u0kNPpfW4oxa9PNOUA8= =f0Hj -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36835 VERIFY ADVISORY: http://secunia.com/advisories/36835/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or compromise a vulnerable device. 1) An error exists in the login section of the Extension Mobility feature of the Cisco Unified CME (Communications Manager Express) component. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. Successful exploitation may allow execution of arbitrary code. 2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established. Successful exploitation requires that the IKE certificate based authentication method is used. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. Successful exploitation requires that the device is configured for PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP tunnels, and Cisco Express Forwarding. 4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies. 5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets. Successful exploitation requires that H.323 is enabled (disabled by default). 6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload. For more information: SA36836 7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces). 8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists. This can be exploited to reload a device via a specially crafted SIP transit packet. 10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. 2) Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997. The problem is Bug ID : CSCsy07555 and CSCee72997 Problem.A crafted request could cause a denial of service (DoS) May be in a state. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to consume all available Phase 1 security associations, which may prevent new IPSec sessions from being established. This issue is being tracked by Cisco Bug IDs CSCsy07555 and CSCee72997. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36835 VERIFY ADVISORY: http://secunia.com/advisories/36835/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or compromise a vulnerable device. 1) An error exists in the login section of the Extension Mobility feature of the Cisco Unified CME (Communications Manager Express) component. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. Successful exploitation may allow execution of arbitrary code. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets. Successful exploitation requires that the device is configured for PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP tunnels, and Cisco Express Forwarding. 4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies. 5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets. Successful exploitation requires that H.323 is enabled (disabled by default). 6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload. For more information: SA36836 7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces). 8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists. 9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP inspection feature. This can be exploited to reload a device via a specially crafted SIP transit packet. 10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability Advisory ID: cisco-sa-20090923-ipsec Revision 1.0 For Public Release 2009 September 23 +--------------------------------------------------------------------- Summary ======= Cisco IOS\xae devices that are configured for Internet Key Exchange (IKE) protocol and certificate based authentication are vulnerable to a resource exhaustion attack. Cisco has released free software updates that address this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products ================= Cisco IOS devices that are configured for IKE and certificate based authentication are affected. Vulnerable Products +------------------ IKE is enabled by default if IPsec is used. Cisco IOS devices that are configured for IKE will listen on UDP port 500, UDP port 4500 if the device is configured for NAT Traversal (NAT-T), or UDP ports 848 or 4848 if the device is configured for Group Domain of Interpretation (GDOI). The following outputs show a router that is listening on UDP port 500: Router#show ip sockets Proto Remote Port Local Port In Out Stat TTY OutputIF .... 17 --listen-- 192.168.66.129 500 0 0 11 0 .... Or Router-#show udp Proto Remote Port Local Port In Out Stat TTY OutputIF 17 --listen-- 192.0.2.1 500 0 0 1011 0 17(v6) --listen-- --any-- 500 0 0 20011 0 Router# IKE configurations that are performing certificate based authentication will display "Rivest-Shamir-Adleman Signature" as the authentication method in the output of the "show crypto isakmp policy" command. This output is shown in the following example: Router#show crypto isakmp policy Global IKE policy Default protection suite encryption algorithm: DES - Data Encryption Standard (56 bit keys). hash algorithm: Secure Hash Standard authentication method: Rivest-Shamir-Adleman Signature Diffie-Hellman group: #1 (768 bit) lifetime: 86400 seconds, no volume limit To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco 6500 Series device that is running Cisco IOS Software release 12.2(18)SXF7 with an installed image name of s72033_rp-IPSERVICESK9_WAN-M: Router#show version Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(18)SXF7, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright \xa9) 1986-2006 by cisco Systems, Inc. Compiled Thu 23-Nov-06 06:42 by kellythw <output truncated> Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- Cisco IOS XR Software is not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details ======= IPsec is an IP security feature that provides robust authentication and encryption of IP packets. IKE is a key management protocol standard that is used in conjunction with the IPsec standard. IKE is a hybrid protocol that implements the Oakley and SKEME key exchanges inside the Internet Security Association and Key Management Protocol (ISAKMP) framework. (ISAKMP, Oakley, and SKEME are security protocols that are implemented by IKE.). Administrators can view Phase 1 SAs that are allocated as a result of exploitation by issuing the "show crypto isakmp sa" command. The following example displays sample output for this command: Router#show crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id slot status 10.48.66.77 10.48.66.6 MM_KEY_EXCH 1004 ACTIVE 10.48.66.77 10.48.66.6 MM_KEY_EXCH 1003 ACTIVE 10.48.66.77 10.48.66.6 MM_KEY_EXCH 1002 ACTIVE .... Any allocated SA can be de-allocated up manually by using the "clear crypto isakmp <conn-ID>" command. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsy07555 - P1 SA stuck in KEY_EXCH forever CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCee72997 - P1 SA stuck in KEY_EXCH forever CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of this vulnerability may result in the allocation of all available Phase 1 SAs, which may prevent new IPsec sessions from being established. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Releases | | | |------------+---------------------------------------+--------------| | 12.2 | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2B | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2BC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2BW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2BX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2BY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2BZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2CX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2CY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2CZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2DA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2DD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2DX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2EW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2EWA | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Releases prior to 12.2(44)EX are | 12.2(50)SE3 | | | vulnerable, release 12.2(44)EX and | | | 12.2EX | later are not vulnerable; migrate to | 12.2(52)SE; | | | any release in 12.2SEG | Available on | | | | 13-OCT-2009 | |------------+---------------------------------------+--------------| | 12.2EY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2EZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2FX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2FY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2FZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IRA | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+---------------------------------------+--------------| | 12.2IRB | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.2IRC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | 12.2IXA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2IXH | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2JA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2JK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2MB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2MC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2S | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.2(31)SB16 | | 12.2SB | 12.2(33)SB6 | | | | | 12.2(33)SB7 | |------------+---------------------------------------+--------------| | 12.2SBC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SCA | Vulnerable; first fixed in 12.2SCB | 12.2(33)SCB4 | |------------+---------------------------------------+--------------| | 12.2SCB | 12.2(33)SCB4 | 12.2(33)SCB4 | |------------+---------------------------------------+--------------| | | | 12.2(50)SE3 | | | 12.2(50)SE3 | | | 12.2SE | | 12.2(52)SE; | | | 12.2(52)SE; Available on 13-OCT-2009 | Available on | | | | 13-OCT-2009 | |------------+---------------------------------------+--------------| | 12.2SEA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SED | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SEG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SGA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SM | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SO | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SRA | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+---------------------------------------+--------------| | 12.2SRB | Vulnerable; first fixed in 12.2SRD | 12.2(33)SRD3 | |------------+---------------------------------------+--------------| | 12.2SRC | 12.2(33)SRC5; Available on | 12.2(33)SRD3 | | | 29-OCT-2009 | | |------------+---------------------------------------+--------------| | | 12.2(33)SRD3 | | | 12.2SRD | | 12.2(33)SRD3 | | | 12.2(33)SRD2a | | |------------+---------------------------------------+--------------| | 12.2STE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SV | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SVA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SVC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SVD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SVE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SXF | Not Vulnerable | | |------------+---------------------------------------+--------------| | | 12.2(33)SXH6; Available on | 12.2(33) | | | 30-OCT-2009 | SXH6; | | 12.2SXH | | Available on | | | Please see IOS Software Modularity | 30-OCT-2009 | | | Patch | | |------------+---------------------------------------+--------------| | 12.2SXI | 12.2(33)SXI2a | 12.2(33) | | | | SXI2a | |------------+---------------------------------------+--------------| | 12.2SY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2SZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2T | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2TPC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XH | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XI | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XM | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XNA | Please see Cisco IOS-XE Software | | | | Availability | | |------------+---------------------------------------+--------------| | 12.2XNB | Please see Cisco IOS-XE Software | | | | Availability | | |------------+---------------------------------------+--------------| | 12.2XNC | Please see Cisco IOS-XE Software | | | | Availability | | |------------+---------------------------------------+--------------| | 12.2XND | Please see Cisco IOS-XE Software | | | | Availability | | |------------+---------------------------------------+--------------| | 12.2XO | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XS | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XT | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XV | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2XW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YH | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YM | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YN | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YO | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YP | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YS | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YT | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YV | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2YZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZH | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZP | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.2ZYA | Not Vulnerable | | |------------+---------------------------------------+--------------| | Affected | | Recommended | | 12.3-Based | First Fixed Release | Release | | Releases | | | |------------+---------------------------------------+--------------| | 12.3 | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3B | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3BC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3BW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3EU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JEA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JEB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JEC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JX | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; first fixed in 12.4 | 12.4(25b) | | 12.3T | | | | | Releases up to and including 12.3(8) | 12.4(23b) | | | T11 are not vulnerable. | | |------------+---------------------------------------+--------------| | 12.3TPC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3VA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XI | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XK | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(20)T4 | | | | | | | | 12.4(22)T3 | | 12.3XL | Vulnerable; first fixed in 12.4T | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.3XQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XR | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XS | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | 12.3XU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XW | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3XX | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | 12.3XY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(25b) | | 12.3YA | Vulnerable; first fixed in 12.4 | | | | | 12.4(23b) | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YD | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | Vulnerable; migrate to any release in | 12.4(15)XR7 | | 12.3YF | 12.4XN | | | | | 12.4(22)XR | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YG | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YH | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YI | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.3YJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YK | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.3YM | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YQ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YS | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YU | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | Vulnerable; migrate to any release in | 12.4(15)XR7 | | 12.3YX | 12.4XN | | | | | 12.4(22)XR | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.3YZ | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | 12.3ZA | Not Vulnerable | | |------------+---------------------------------------+--------------| | Affected | | Recommended | | 12.4-Based | First Fixed Release | Release | | Releases | | | |------------+---------------------------------------+--------------| | | Releases prior to 12.4(7) are | 12.4(25b) | | 12.4 | vulnerable; Releases 12.4(7a) and | | | | later are not vulnerable. | 12.4(23b) | |------------+---------------------------------------+--------------| | 12.4GC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JMA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JMB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4MD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4MDA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4MR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4SW | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | 12.4(4)T8 | 12.4(20)T4 | | | | | | 12.4T | 12.4(9)T | 12.4(22)T3 | | | | | | | 12.4(6)T1 | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XB | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XC | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XD | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4XE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XM | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XN | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XP | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XT | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XV | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4YA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4YB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4YD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4YE | Not Vulnerable | | +-------------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +-------------------------------------------------------------------+ | Cisco IOS XE Software Release | First Fixed Release | |---------------------------------------+---------------------------| | 2.1.x | 2.3.0t | |---------------------------------------+---------------------------| | 2.2.x | 2.3.0t | |---------------------------------------+---------------------------| | 2.3.x | Not Vulnerable | |---------------------------------------+---------------------------| | 2.4.x | Not Vulnerable | +-------------------------------------------------------------------+ Cisco IOS Software Modularity - Maintenance Packs +------------------------------------------------ Customers who are using Cisco IOS Software Modularity can apply the respective maintenance packs. More information on Cisco IOS Software Modularity can be found at the following link: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_bulletin0900aecd80313e15.html The Maintenance Packs listed below can be downloaded at: http://www.cisco.com/go/pn Cisco IOS Software Modularity Maintenance Pack for 12.2SXH +--------------------------------------------------------- +-------------------------------------------------------------------+ | Cisco IOS Software Release | Solution Maintenance Pack(MP) | |-------------------------------+-----------------------------------| | 12.2(33)SXH3 | MP003 | |-------------------------------+-----------------------------------| | 12.2(33)SXH4 | MP002 | |-------------------------------+-----------------------------------| | 12.2(33)SXH5 | MP001 | +-------------------------------------------------------------------+ Workarounds =========== There are no workarounds for this vulnerability. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090923-ipsec.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by a customer. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2009-September-23 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKukGS86n/Gc8U/uARAra6AJ0TewwCLaVWd9M++iaztx1+pEWi6QCfdP8l OST6ldrzEu8BBhfiZe0wApg= =9J0c -----END PGP SIGNATURE-----

Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948. Cisco IOS Is NTPv4 Insufficient packet processing, causing service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCsu24505 and CSCsv75948 It is a problem.Cleverly crafted NTPv4 Service disruption due to packets (DoS) There is a possibility of being put into a state. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCsu24505 and CSCsv75948. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability Advisory ID: cisco-sa-20090923-ntp Revision 1.0 For Public Release 2009 September 23 +--------------------------------------------------------------------- Summary ======= Cisco IOS\xae Software with support for Network Time Protocol (NTP) version (v4) contains a vulnerability processing specific NTP packets that will result in a reload of the device. This results in a remote denial of service (DoS) condition on the affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products ================= Vulnerable Products +------------------ Cisco IOS Software devices are vulnerable if they support NTPv4 and are configured for NTP operations. NTP is not enabled in Cisco IOS Software by default. To see if a device supports NTPv4, log into the device and via configuration mode of the command line interface (CLI), enter the command "ntp peer 127.0.0.1 version ?". If the output has the number "4" as an option, then the device supports NTPv4. The following example identifies a Cisco device that is running a Cisco IOS Software release that does support NTPv4: Router#configure terminal Router(config)#ntp peer 127.0.0.1 version ? <2-4> NTP version number The following example identifies a Cisco device that is running a Cisco IOS Software release that does not support NTPv4: Router(config)#ntp peer 127.0.0.1 version ? <1-3> NTP version number To see if a device is configured with NTP, log into the device and issue the CLI command "show running-config | include ntp". If the output returns either of the following commands listed then the device is vulnerable: ntp master <any following commands> ntp peer <any following commands> ntp server <any following commands> ntp broadcast client ntp multicast client The following example identifies a Cisco device that is configured with NTP: router#show running-config | include ntp ntp peer 192.168.0.12 The following example identifies a Cisco device that is not configured with NTP: router#show running-config | include ntp router# To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright \xa9) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih <output truncated> The following example shows a product that is running Cisco IOS Software release 12.4(20)T with an image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright \xa9) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team <output truncated> Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- The following products and features are not affected by this vulnerability: * Cisco IOS Software devices without support for NTPv4 * Cisco IOS Software devices configured with only Simple NTP (SNTP) feature * Cisco IOS XE Software * Cisco IOS XR Software No other Cisco products are currently known to be affected by this vulnerability. Details ======= The Network Time Protocol (NTP) is a protocol designed to time-synchronize a network of machines. NTP runs over UDP, which in turn runs over IP. NTPv3 is documented in RFC1305 leavingcisco.com . NTPv4 is a significant revision of the NTP standard, and is the current development version, but has not been formalized into an RFC at the time of publication of this advisory. NTPv4 is currently documented in draft-ietf-ntp-ntpv4-proto-11 leavingcisco.com When a Cisco IOS Software device supporting NTPv4 receives a specific NTP packet it will crash while creating the NTP reply packet. The NTP packet can be sent from any remote device, and does not require authentication. Cisco IOS devices supporting NTPv4 and configured with NTP peer authentication are still vulnerable. The device does not have to be explicitly configured for NTPv4 peers. For example a device configured with all NTP peers being explicitly labeled as version 2 would still be vulnerable, as shown in the following example: Router#show running-config | include ntp ntp peer 192.168.0.254 version 2 ntp peer 192.168.0.1 version 2 Router# For further information on the Cisco implementation of NTP, consult the configuration guide "Cisco IOS and NX-OS Software - Performing Basic System Management" at the following link: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_basic_sys_manage.html#wp1001170 This vulnerability is documented in the following Cisco Bug IDs: CSCsu24505 and CSCsv75948 and has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-2869. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsu24505, CSCsv75948 - Cisco IOS Software NTP Packet Vulnerability CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may result in a reload of the device. The vulnerability could be repeatedly exploited to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.2 based releases | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.3-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.4-Based | First Fixed Release | Release | | Releases | | | |------------+---------------------------------------+--------------| | 12.4 | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4GC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JMA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JMB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JX | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Releases prior to 12.4(22)MD are not | | | 12.4MD | vulnerable, vulnerability was first | 12.4(22)MD1 | | | introduced in 12.4(22)MD, first fixed | | | | in 12.4(22)MD1. | | |------------+---------------------------------------+--------------| | 12.4MDA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4MR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4SW | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Releases prior to 12.4(20)T are not | | | | vulnerable. | | | | | 12.4(20)T4 | | | 12.4(20)T and 12.4(20)T1 are | | | | vulnerable, vulnerability is first | 12.4(22)T3 | | 12.4T | fixed in 12.4(20)T2. | | | | | 12.4(24)T2; | | | 12.4(22)T is vulnerable, | Available on | | | vulnerability is first fixed in 12.4 | 23-OCT-2009 | | | (22)T1 | | | | | | | | 12.4(24)T is not vulnerable. | | |------------+---------------------------------------+--------------| | 12.4XA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XM | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XN | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XP | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XT | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XV | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XY | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(20)T4 | | | | | | | | 12.4(22)T3 | | 12.4XZ | Vulnerable; first fixed in 12.4T | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(20)T4 | | | | | | | | 12.4(22)T3 | | 12.4YA | Vulnerable; first fixed in 12.4T | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4YB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4YD | 12.4(22)YD1 | 12.4(22)YD1 | |------------+---------------------------------------+--------------| | 12.4YE | 12.4(22)YE1 | 12.4(22)YE1 | +-------------------------------------------------------------------+ Workarounds =========== There are no workarounds other than disabling NTP on the device. The following mitigations have been identified for this vulnerability; only packets destined for any configured IP address on the device can exploit this vulnerability. Transit traffic will not exploit this vulnerability. Note: NTP peer authentication is not a workaround and is still a vulnerable configuration. NTP Access Group +--------------- Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat access control lists (ACLs) that permit communication to these ports from trusted IP addresses. Unicast Reverse Path Forwarding (Unicast RPF) should be considered to be used in conjunction to offer a better mitigation solution. !--- Configure trusted peers for allowed access access-list 1 permit 171.70.173.55 !--- Apply ACE to the NTP configuration ntp access-group 1 For additional information on NTP access control groups, consult the document titled "Performing Basic System Management" at the following link: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_basic_sys_manage.html#wp1034942 Infrastructure Access Control Lists +---------------------------------- warning Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. Unicast RPF should be considered to be used in conjunction to offer a better mitigation solution. Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the border of networks. Infrastructure ACLs (iACLs) are a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for this specific vulnerability. The iACL example below should be included as part of the deployed infrastructure access-list, which will help protect all devices with IP addresses in the infrastructure IP address range: !--- !--- Feature: Network Time Protocol (NTP) !--- access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD INFRASTRUCTURE_ADDRESSES WILDCARD eq 123 !--- Note: If the router is acting as a NTP broadcast client !--- via the interface command "ntp broadcast client" !--- then broadcast and directed broadcasts must be !--- filtered as well. The following example covers !--- an infrastructure address space of 192.168.0.X access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD host 192.168.0.255 eq ntp access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD host 255.255.255.255 eq ntp !--- Note: If the router is acting as a NTP multicast client !--- via the interface command "ntp multicast client" !--- then multicast IP packets to the mutlicast group must !--- be filtered as well. The following example covers !--- a NTP multicast group of 239.0.0.1 (Default is !--- 224.0.1.1) access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD host 239.0.0.1 eq ntp !--- Deny NTP traffic from all other sources destined !--- to infrastructure addresses. access-list 150 deny udp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 123 !--- Permit/deny all other Layer 3 and Layer 4 traffic in !--- accordance with existing security policies and !--- configurations. Permit all other traffic to transit the !--- device. access-list 150 permit ip any any !--- Apply access-list to all interfaces (only one example !--- shown) interface fastEthernet 2/0 ip access-group 150 in The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists and is available at the following link: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml Control Plane Policing +--------------------- Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. Unicast RPF should be considered to be used in conjunction to offer a better mitigation solution. Control Plane Policing (CoPP) can be used to block untrusted UDP traffic to the device. CoPP can be configured on a device to help protect the management and control planes and minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic that is sent to infrastructure devices in accordance with existing security policies and configurations. The CoPP example below should be included as part of the deployed CoPP, which will help protect all devices with IP addresses in the infrastructure IP address range. !--- Feature: Network Time Protocol (NTP) access-list 150 deny udp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 123 !--- Deny NTP traffic from all other sources destined !--- to the device control plane. access-list 150 permit udp any any eq 123 !--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and !--- Layer4 traffic in accordance with existing security policies !--- and configurations for traffic that is authorized to be sent !--- to infrastructure devices !--- Create a Class-Map for traffic to be policed by !--- the CoPP feature class-map match-all drop-udp-class match access-group 150 !--- Create a Policy-Map that will be applied to the !--- Control-Plane of the device. policy-map drop-udp-traffic class drop-udp-class drop !--- Apply the Policy-Map to the !--- Control-Plane of the device control-plane service-policy input drop-udp-traffic In the above CoPP example, the access control list entries (ACEs) that match the potential exploit packets with the "permit" action result in these packets being discarded by the policy-map "drop" function, while packets that match the "deny" action (not shown) are not affected by the policy-map drop function. Please note that the policy-map syntax is different in the 12.2S and 12.0S Cisco IOS Software trains: policy-map drop-udp-traffic class drop-udp-class police 32000 1500 1500 conform-action drop exceed-action drop Additional information on the configuration and use of the CoPP feature can be found in the documents, "Control Plane Policing Implementation Best Practices" and "Cisco IOS Software Releases 12.2 S - Control Plane Policing" at the following links: http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html and http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered by Cisco when handling customer support calls. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2009-September-23 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKukGW86n/Gc8U/uARAjmYAJ0f6SVZp7qLXI0HFG5I0cYzxtFfAACeIvG2 juvYatuemQrQUj8hfg2v0lQ= =KnSP -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36835 VERIFY ADVISORY: http://secunia.com/advisories/36835/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or compromise a vulnerable device. 1) An error exists in the login section of the Extension Mobility feature of the Cisco Unified CME (Communications Manager Express) component. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. Successful exploitation may allow execution of arbitrary code. 2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established. Successful exploitation requires that the IKE certificate based authentication method is used. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets. Successful exploitation requires that the device is configured for PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP tunnels, and Cisco Express Forwarding. 4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies. 5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets. Successful exploitation requires that H.323 is enabled (disabled by default). 6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload. For more information: SA36836 7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces). 8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists. 9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP inspection feature. This can be exploited to reload a device via a specially crafted SIP transit packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. 2) Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880. The problem is Bug ID : CSCsx25880 It is a problem.Cleverly crafted SIP Service disruption by message (DoS) There is a possibility of being put into a state. Cisco IOS is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to crash and reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCsx25880. Cisco has released free software updates that address this vulnerability. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products ================= This vulnerability only affects devices running Cisco IOS Software with SIP voice services enabled. It provides a network-to-network interface point for billing, security, call admission control, quality of service, and signaling interworking. An example of an affected configuration is as follows: voice service voip allow-connections from-type to to-type ... ! Recent versions of Cisco IOS Software do not process SIP messages by default. Creating a dial peer by issuing the command "dial-peer voice" will start the SIP processes, causing the Cisco IOS device to process SIP messages. In addition, several features within Cisco Unified Communications Manager Express, such as ePhones, once configured will also automatically start the SIP process, which will cause the device to start processing SIP messages. An example of an affected configuration is as follows: dial-peer voice <Voice dial-peer tag> voip ... ! In addition to inspecting the Cisco IOS device configuration for a dial-peer command that causes the device to process SIP messages, administrators can also use the command show processes | include SIP to determine whether Cisco IOS Software is running the processes that handle SIP messages. In the following example, the presence of the processes CCSIP_UDP_SOCKET or CCSIP_TCP_SOCKET indicates that the Cisco IOS device is processing SIP messages: Router#show processes | include SIP 149 Mwe 40F48254 4 1 400023108/24000 0 CCSIP_UDP_SOCKET 150 Mwe 40F48034 4 1 400023388/24000 0 CCSIP_TCP_SOCKET warning Warning: Since there are several ways a device running Cisco IOS Software can start processing SIP messages, it is recommended that the "show processes | include SIP" command be used to determine whether the device is processing SIP messages instead of relying on the presence of specific configuration commands. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- The SIP Application Layer Gateway (ALG), which is used by the Cisco IOS NAT and firewall features of Cisco IOS Software, is not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details ======= SIP is a popular signaling protocol that is used to manage voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol has the flexibility to accommodate other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or TLS (TCP port 5061) as the underlying transport protocol. It provides a network-to-network interface point for billing, security, call admission control, quality of service, and signaling interworking. This vulnerability is triggered by processing a series of crafted SIP messages. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsx25880 - Crafted SIP packet may cause device reload CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability described in this document may result in a reload of the device. The issue could be repeatedly exploited to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.2 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.3-Based | First Fixed Release | Release | | Releases | | | |------------+---------------------------------------+--------------| | 12.3 | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3B | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3BC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3BW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3EU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JEA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JEB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JEC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3JX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3T | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3TPC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3VA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XI | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XS | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XY | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3XZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YH | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YI | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | Releases prior to 12.3(11)YK3 are | 12.4(20)T4 | | | vulnerable, release 12.3(11)YK3 and | | | 12.3YK | later are not vulnerable; first fixed | 12.4(22)T3 | | | in 12.4T | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.3YM | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | Vulnerable; first fixed in 12.4T | 12.4(20)T4 | | | | | | 12.3YS | Releases up to and including 12.3(11) | 12.4(22)T3 | | | YS1 are not vulnerable. | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.3YT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.3YU | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3YZ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.3ZA | Not Vulnerable | | |------------+---------------------------------------+--------------| | Affected | | Recommended | | 12.4-Based | First Fixed Release | Release | | Releases | | | |------------+---------------------------------------+--------------| | 12.4 | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4GC | 12.4(24)GC1 | | |------------+---------------------------------------+--------------| | 12.4JA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JMA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JMB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JX | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4MD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4MDA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4MR | 12.4(19)MR3 | 12.4(19)MR3 | |------------+---------------------------------------+--------------| | 12.4SW | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | 12.4(24)T1 | | | | | 12.4(20)T4 | | | 12.4(15)T10 | | | 12.4T | | 12.4(22)T3 | | | 12.4(20)T3 | | | | | 12.4(24)T2; | | | 12.4(22)T2 | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XB | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XC | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XD | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XE | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4XF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XG | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XJ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4XK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XL | 12.4(15)XL5 | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | Vulnerable; first fixed in 12.4T | 12.4(20)T4 | | | | | | 12.4XM | Releases up to and including 12.4(15) | 12.4(22)T3 | | | XM are not vulnerable. | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4XN | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.4XP | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | 12.4XQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XR | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XT | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.4XV | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XW | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XY | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4XZ | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(15)T10 | | | | | | | | 12.4(20)T4 | | | | | | 12.4YA | Vulnerable; first fixed in 12.4T | 12.4(22)T3 | | | | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4YB | 12.4(22)YB1 | 12.4(22)YB4 | |------------+---------------------------------------+--------------| | 12.4YD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4YE | Not Vulnerable | | +-------------------------------------------------------------------+ Note: No Cisco IOS-XE or Cisco IOS Software Modularity releases are affected by this vulnerability. Workarounds =========== If the affected Cisco IOS device requires SIP for VoIP services, SIP cannot be disabled, and therefore, no workarounds are available. Users are advised to apply mitigation techniques to help limit exposure to the vulnerability. Mitigation consists of allowing only legitimate devices to connect to the routers. To increase effectiveness, the mitigation must be coupled with anti-spoofing measures on the network edge. This action is required because SIP can use UDP as the transport protocol. Some versions of Cisco IOS Software allow administrators to accomplish this with the following commands: sip-ua no transport udp no transport tcp no transport tcp tls Warning: When applying this workaround to devices that are processing Media Gateway Control Protocol (MGCP) or H.323 calls, the device will not stop SIP processing while active calls are being processed. Under these circumstances, this workaround should be implemented during a maintenance window when active calls can be briefly stopped. The "show udp connections", "show tcp brief all", and "show processes | include SIP" commands can be used to confirm that the SIP UDP and TCP ports are closed after applying this workaround. Depending on the Cisco IOS Software version in use, the output of "show ip sockets" still showed UDP port 5060 open, but sending something to that port caused the SIP process to emit the following message: *Feb 2 11:36:47.691: sip_udp_sock_process_read: SIP UDP Listener is DISABLED Control Plane Policing +--------------------- For devices that need to offer SIP services it is possible to use Control Plane Policing (CoPP) to block SIP traffic to the device from untrusted sources. CoPP may be configured on a device to protect the management and control planes to minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic sent to infrastructure devices in accordance with existing security policies and configurations. The following example can be adapted to the network !-- The 192.168.1.0/24 network and the 172.16.1.1 host are trusted. !-- Everything else is not trusted. The following access list is used !-- to determine what traffic needs to be dropped by a control plane !-- policy (the CoPP feature.) If the access list matches (permit) !-- then traffic will be dropped and if the access list does not !-- match (deny) then traffic will be processed by the router. access-list 100 deny udp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5061 access-list 100 deny udp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5061 access-list 100 permit udp any any eq 5060 access-list 100 permit tcp any any eq 5060 access-list 100 permit tcp any any eq 5061 !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4 !-- traffic in accordance with existing security policies and !-- configurations for traffic that is authorized to be sent !-- to infrastructure devices. !-- Create a Class-Map for traffic to be policed by !-- the CoPP feature. class-map match-all drop-sip-class match access-group 100 !-- Create a Policy-Map that will be applied to the !-- Control-Plane of the device. policy-map drop-sip-traffic class drop-sip-class drop !-- Apply the Policy-Map to the Control-Plane of the !-- device. control-plane service-policy input drop-sip-traffic Warning: Because SIP can use UDP as a transport protocol, it is possible to easily spoof the IP address of the sender, which may defeat access control lists that permit communication to these ports from trusted IP addresses. In the above CoPP example, the access control entries (ACEs) that match the potential exploit packets with the "permit" action result in these packets being discarded by the policy-map "drop" function, while packets that match the "deny" action (not shown) are not affected by the policy-map drop function. Additional information on the configuration and use of the CoPP feature can be found at: http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html and http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2009-September-23 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKukGZ86n/Gc8U/uARAh54AJ4jQJCLVMauxJXj00WMu822+kH1TQCfTzA6 2++Xtx6BvyycWfoy75Zjtx0= =nUyE -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. Successful exploitation may allow execution of arbitrary code. 2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established. Successful exploitation requires that the IKE certificate based authentication method is used. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets. Successful exploitation requires that the device is configured for PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP tunnels, and Cisco Express Forwarding. 4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies. 5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets. Successful exploitation requires that H.323 is enabled (disabled by default). For more information: SA36836 7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces). 8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists. This can be exploited to reload a device via a specially crafted SIP transit packet. 10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. 2) Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002. The problem is Bug ID : CSCsq24002 It is a problem.Interfering with service operations due to cleverly crafted encrypted packets (DoS) There is a possibility of being put into a state. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsq24002.http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&amp;bugId=CSCsq24002. Cisco has released free software updates that address this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products ================= Vulnerable Products +------------------ Devices running affected versions of Cisco IOS Software are susceptible if configured with any of the following features: * Secure Socket Layer (SSL) Virtual Private Network (VPN) * Secure Shell (SSH) * Internet Key Exchange (IKE) Encrypted Nonces Note: Other SSL/HTTPS related features than WebVPN and SSL VPN are not affected by this vulnerability. To determine whether SSLVPN is enabled on a device, log in to the device and issue the command-line interface (CLI) command "show running-config | include webvpn". If the device returns any output then SSLVPN is configured and the device may be vulnerable. Vulnerable configurations vary depending on whether the device is supporting Cisco IOS WebVPN (introduced in Release 12.3(14)T) or Cisco IOS SSLVPNs (introduced in Release 12.4(6)T). The following methods describe how to confirm if the device is vulnerable: If the output from "show running-config | include webvpn" contains "webvpn enable" then the device is configured with the original Cisco IOS WebVPN. The only way to determine whether the device is vulnerable is to examine the output of "show running-config" to confirm that webvpn is enabled via the command "webvpn enable" and that a "ssl trustpoint" has been configured. The following example shows a vulnerable device configured with Cisco IOS WebVPN: webvpn enable ! webvpn ssl trustpoint TP-self-signed-29742012 If the output from "show running-config | include webvpn" contains "webvpn gateway <word>" then the device is supporting the Cisco IOS SSLVPN feature. A device is vulnerable if it has the "inservice" command in at least one of the "webvpn gateway" sections. The following example shows a vulnerable device configured with Cisco IOS SSLVPN: Router# show running | section webvpn webvpn gateway Gateway ip address 10.1.1.1 port 443 ssl trustpoint Gateway-TP inservice ! Router# A device that supports the Cisco IOS SSLVPN is not vulnerable if it has no "webvpn gateways" configured or all the configured "webvpn gateways" contain the "no inservice" webvpn gateway command. To determine if SSH is enabled use the "show ip ssh" command, as shown in the following example: Router#show ip ssh SSH Enabled - version 1.99 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 1024 bits To determine if the IKE encrypted nonces feature is enabled, use the "show running-config | include rsa-encr" command as follows: Router#show running-config | inc rsa-encr authentication rsa-encr To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- The Cisco ASA 5500 Series Adaptive Security Appliances are not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details ======= A Cisco IOS device that is configured for SSLVPN or SSH may reload when it receives a specially crafted TCP packet on TCP port 443 (SSLVPN) or TCP port 22 (SSH). Completion of the three-way handshake to the associated TCP port number of these features is required for the vulnerability to be successfully exploited; however, authentication is not required. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsq24002 - Crafted Encrypted packet may cause device reload CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability described in this document may result in a reload of the device. The issue could be repeatedly exploited to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Releases | | | |------------+----------------------------------------+-------------| | 12.2 | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2B | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2BC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2BW | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2BX | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2BY | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2BZ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2CX | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2CY | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2CZ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2DA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2DD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2DX | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2EW | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2EWA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2EX | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2EY | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2EZ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2FX | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2FY | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2FZ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IRA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IRB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IRC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IXA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IXB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IXC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IXD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IXE | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IXF | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IXG | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2IXH | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2JA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2JK | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2MB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2MC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2S | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SBC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SCA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SCB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SE | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SEA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SEB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SEC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SED | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SEE | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SEF | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SEG | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SG | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SGA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SL | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SM | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SO | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SQ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SRA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SRB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SRC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SRD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2STE | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SU | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SV | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SVA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SVC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SVD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SVE | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SW | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SX | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SXA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SXB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SXD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SXE | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SXF | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SXH | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SXI | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SY | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2SZ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2T | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2TPC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XE | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XF | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XG | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XH | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XI | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XJ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XK | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XL | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XM | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XNA | Please see Cisco IOS-XE Software | | | | Availability | | |------------+----------------------------------------+-------------| | 12.2XNB | Please see Cisco IOS-XE Software | | | | Availability | | |------------+----------------------------------------+-------------| | 12.2XNC | Please see Cisco IOS-XE Software | | | | Availability | | |------------+----------------------------------------+-------------| | 12.2XND | Please see Cisco IOS-XE Software | | | | Availability | | |------------+----------------------------------------+-------------| | 12.2XO | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XQ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XR | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XS | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XT | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XU | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XV | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2XW | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YE | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YF | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YG | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YH | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YJ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YK | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YL | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YM | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YN | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YO | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YP | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YQ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YR | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YS | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YT | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YU | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YV | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YW | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YX | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YY | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2YZ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZE | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZF | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZG | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZH | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZJ | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZL | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZP | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZU | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZX | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZY | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.2ZYA | Not Vulnerable | | |------------+----------------------------------------+-------------| | Affected | | Recommended | | 12.3-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.4-Based | First Fixed Release | Release | | Releases | | | |------------+----------------------------------------+-------------| | 12.4 | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4GC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4JA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4JDA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4JDC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4JDD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4JK | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4JL | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4JMA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4JMB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4JX | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4MD | 12.4(15)MD3 | 12.4(15)MD3 | |------------+----------------------------------------+-------------| | 12.4MDA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4MR | 12.4(19)MR3 | 12.4(19)MR3 | |------------+----------------------------------------+-------------| | | | 12.4(15)T10 | | 12.4SW | Vulnerable; first fixed in 12.4T | | | | | 12.4(20)T4 | |------------+----------------------------------------+-------------| | | 12.4(22)T2 | | | | | 12.4(15)T10 | | 12.4T | 12.4(20)T3 | | | | | 12.4(20)T4 | | | 12.4(24)T | | |------------+----------------------------------------+-------------| | 12.4XA | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4XB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4XC | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4XD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4XE | Not Vulnerable | | |------------+----------------------------------------+-------------| | | | 12.4(15)T10 | | 12.4XF | Vulnerable; first fixed in 12.4T | | | | | 12.4(20)T4 | |------------+----------------------------------------+-------------| | 12.4XG | Not Vulnerable | | |------------+----------------------------------------+-------------| | | | 12.4(15)T10 | | 12.4XJ | Vulnerable; first fixed in 12.4T | | | | | 12.4(20)T4 | |------------+----------------------------------------+-------------| | | | 12.4(15)T10 | | 12.4XK | Vulnerable; first fixed in 12.4T | | | | | 12.4(20)T4 | |------------+----------------------------------------+-------------| | 12.4XL | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4XM | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4XN | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4XP | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4XQ | 12.4(15)XQ3 | 12.4(15)T10 | |------------+----------------------------------------+-------------| | | | 12.4(15)XR7 | | 12.4XR | 12.4(15)XR5 | | | | | 12.4(22)XR | |------------+----------------------------------------+-------------| | 12.4XT | Not Vulnerable | | |------------+----------------------------------------+-------------| | | Vulnerable; Contact your support | | | 12.4XV | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+----------------------------------------+-------------| | | | 12.4(15)T10 | | 12.4XW | Vulnerable; first fixed in 12.4T | | | | | 12.4(20)T4 | |------------+----------------------------------------+-------------| | | | 12.4(15)T10 | | 12.4XY | Vulnerable; first fixed in 12.4T | | | | | 12.4(20)T4 | |------------+----------------------------------------+-------------| | | | 12.4(15)T10 | | 12.4XZ | Vulnerable; first fixed in 12.4T | | | | | 12.4(20)T4 | |------------+----------------------------------------+-------------| | | | 12.4(15)T10 | | 12.4YA | Vulnerable; first fixed in 12.4T | | | | | 12.4(20)T4 | |------------+----------------------------------------+-------------| | 12.4YB | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4YD | Not Vulnerable | | |------------+----------------------------------------+-------------| | 12.4YE | Not Vulnerable | | +-------------------------------------------------------------------+ Note: No Cisco IOS Software Modularity releases are affected by this vulnerability. Cisco IOS XE Software +-------------------------------------------------------------------+ | IOS XE Release | First Fixed Release | |----------------------------+--------------------------------------| | 2.1.x | Not Vulnerable | |----------------------------+--------------------------------------| | 2.2.x | Not Vulnerable | |----------------------------+--------------------------------------| | 2.3.x | 2.3.2 | |----------------------------+--------------------------------------| | 2.4.x | Not Vulnerable | +-------------------------------------------------------------------+ Workarounds =========== There are no available workarounds other than disabling the affected features and protecting SSH access with the use of VTY access control lists. Use the "no webvpn enable" command to disable SSL VPN use. For Cisco IOS the SSH server can be disabled by applying the command "crypto key zeroize rsa" while in configuration mode. The SSH server is enabled automatically upon generating an RSA key pair. Zeroing the RSA keys is the only way to completely disable the SSH server. Access to the SSH server on Cisco IOS Software may also be disabled by removing SSH as a valid transport protocol. This action can be done by reapplying the transport input command with 'ssh' removed from the list of permitted transports on vty lines while in configuration mode. For example: line vty 0 4 transport input telnet end If SSH server functionality is desired, access to the server can be restricted to specific source IP addresses or blocked entirely through the use of Access Control Lists (ACLs) on the vty lines as shown in the following URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html#xtocid14 More information on configuring ACLs can be found on Cisco's public website: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml The following is an example of a vty access-list: access-list 2 permit 10.1.1.0 0.0.0.255 access-list 2 deny any line vty 0 4 access-class 2 in In the previous example, only the 10.1.1.0/24 network is allowed to SSH to the Cisco IOS device. To disable IKE encrypted nonces use the "no authentication rsa-encr" command under an ISAKMP policy, as shown in the following example: crypto isakmp policy no authentication rsa-encr Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2009-September-23 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKukGd86n/Gc8U/uARAltxAJsHsWKROOB5Ph8mcFs+ZUIYygRoEgCePeZX A9ezksakGzQynAYZbBjJ+uE= =n8Uh -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error exists in the login section of the Extension Mobility feature of the Cisco Unified CME (Communications Manager Express) component. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. Successful exploitation may allow execution of arbitrary code. 2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established. Successful exploitation requires that the IKE certificate based authentication method is used. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets. Successful exploitation requires that the device is configured for PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP tunnels, and Cisco Express Forwarding. 4) An error in the implementation of the Object Groups for ACLs feature can be exploited to bypass access control policies. Successful exploitation requires that H.323 is enabled (disabled by default). 6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload. 8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists. 9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP inspection feature. This can be exploited to reload a device via a specially crafted SIP transit packet. 10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. 2) Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252. The problem is Bug ID : CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122 and CSCsu50252 It is a problem.A well-crafted request can circumvent access restrictions. Cisco IOS is prone to a security-bypass vulnerability. This issue is documented by the following Cisco Bug IDs: CSCsx07114 CSCsu70214 CSCsw47076 CSCsv48603 CSCsy54122 CSCsu50252. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability other than disabling the Object Groups for ACLs feature. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Ten of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products ================= Vulnerable Products +------------------ Any Cisco device configured with ACLs using the object group feature and running an affected Cisco IOS software version is affected by this vulnerability. Note: The Object Groups for ACLs feature was introduced in Cisco IOS software version 12.4(20)T. To verify whether object groups are configured in a Cisco IOS device, use the "show object-group" command in user EXEC or privileged EXEC mode. The following example displays a sample output from the "show object-group" command when object groups are configured: Router# show object-group Network object group my_host_group host 172.18.104.123 Service object group my_allowed_services tcp eq www tcp eq 443 Alternatively, administrators can also use the "show running config | include ^ (permit|deny) .*object-group" command to verify whether object groups are configured, as shown in the following example: Router#show running-config | include ^ (permit|deny) .*object-group permit object-group my_allowed_services host 10.10.1.1 host 10.20.1.1 permit tcp any object-group my_host_group eq 22 To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Products Confirmed Not Vulnerable +-------------------------------- Cisco devices that are not configured with object groups are not vulnerable. No other Cisco products are currently known to be affected by this vulnerability. Details ======= In Cisco IOS Software an object group can contain a single object (such as a single IP address, network, or subnet) or multiple objects (such as a combination of multiple IP addresses, networks, or subnets). In an ACL that is based on an object group, administrators can create a single access control entry (ACE) that uses an object group name instead of creating many ACEs, which each would require a different IP address. A similar object group, such as a protocol port group, can be extended to limit access to a set of applications for a user group to a server group. Note: The Object Groups for ACLs feature was introduced in Cisco IOS software version 12.4(20)T. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, CSCsu50252 - Object-group Access Control List Bypass CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Parital Integrity Impact - None Availability Impact - none CVSS Temporal Score - 3.6 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may allow an attacker to access resources that should be protected by the Cisco IOS device. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.3-Based | First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases. | |-------------------------------------------------------------------| | Affected | | Recommended | | 12.4-Based | First Fixed Release | Release | | Releases | | | |------------+---------------------------------------+--------------| | 12.4 | Not Vulnerable | | |------------+---------------------------------------+--------------| | | Vulnerable; Contact your support | | | 12.4GC | organization per the instructions in | | | | Obtaining Fixed Software section of | | | | this advisory | | |------------+---------------------------------------+--------------| | 12.4JA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JDD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JMA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JMB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4JX | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(11)MD9 | | | | | | 12.4MD | 12.4(22)MD1 | 12.4(15)MD3 | | | | | | | | 12.4(22)MD1 | |------------+---------------------------------------+--------------| | 12.4MDA | 12.4(22)MDA1 | 12.4(22)MDA1 | |------------+---------------------------------------+--------------| | 12.4MR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4SW | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(20)T4 | | | 12.4(22)T2 | | | | | 12.4(22)T3 | | 12.4T | 12.4(20)T4 | | | | | 12.4(24)T2; | | | 12.4(24)T1 | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4XA | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XB | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XC | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XD | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XE | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XF | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XG | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XJ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XK | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XL | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XM | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XN | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XP | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XQ | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XR | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XT | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XV | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XW | Not Vulnerable | | |------------+---------------------------------------+--------------| | 12.4XY | Not Vulnerable | | |------------+---------------------------------------+--------------| | | | 12.4(20)T4 | | | | | | | | 12.4(22)T3 | | 12.4XZ | Vulnerable; first fixed in 12.4T | | | | | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | | | 12.4(22)T3 | | | | | | 12.4YA | Vulnerable; first fixed in 12.4T | 12.4(24)T2; | | | | Available on | | | | 23-OCT-2009 | |------------+---------------------------------------+--------------| | 12.4YB | 12.4(22)YB4 | 12.4(22)YB4 | |------------+---------------------------------------+--------------| | 12.4YD | 12.4(22)YD1 | 12.4(22)YD1 | |------------+---------------------------------------+--------------| | 12.4YE | 12.4(22)YE1 | 12.4(22)YE1 | |------------+---------------------------------------+--------------| | 12.4YG | Not Vulnerable | | +-------------------------------------------------------------------+ Note: No Cisco IOS-XE or Cisco IOS Software Modularity releases are affected by this vulnerability. Workarounds =========== There are no workarounds for this vulnerability other than disabling the Object Groups for ACLs feature. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2009-September-23 | public | | | | release | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFKukF586n/Gc8U/uARAuXEAJ99dU6Wi1fZMY1yNgedSCx4/+0p8wCeOSKF HmMwzq017QkqDzBFo/JH6DQ= =XJAG -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Cisco IOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36835 VERIFY ADVISORY: http://secunia.com/advisories/36835/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or compromise a vulnerable device. 1) An error exists in the login section of the Extension Mobility feature of the Cisco Unified CME (Communications Manager Express) component. This can be exploited to cause a buffer overflow via specially crafted HTTP requests. Successful exploitation may allow execution of arbitrary code. 2) An error in the IKE implementation can be exploited to allocate all available Phase 1 SAs and prevent new IPSec sessions from being established. Successful exploitation requires that the IKE certificate based authentication method is used. 3) Multiple errors exist in the IP tunnelling implementation when switching network packets. These can be exploited to trigger a device reload via specially crafted packets. Successful exploitation requires that the device is configured for PPTP, GRE, IPinIP, Generic Packet Tunneling in IPv6, or IPv6 over IP tunnels, and Cisco Express Forwarding. 5) An error in the H.323 implementation can be exploited to trigger a device reload via specially crafted TCP packets. Successful exploitation requires that H.323 is enabled (disabled by default). 6) An error in the SIP implementation related to the Cisco Unified Border Element feature can be exploited to trigger a device reload. For more information: SA36836 7) An error in the SSLVPN, SSH, and IKE Encrypted Nonces features can be exploited to reload a device via specially crafted packets sent to TCP ports 22 (for SSH) or 443 (for SSLVPN), or UDP ports 500 and 4500 (for IKE Encrypted Nonces). 8) A race condition error exists in the Authentication Proxy for HTTP(S), Web Authentication, and consent features. This can be exploited to bypass the authentication proxy services and the consent accept web page if a successfully authenticated session or accepted consent session exists. 9) An error exists in the Cisco IOS Zone-Based Policy Firewall SIP inspection feature. This can be exploited to reload a device via a specially crafted SIP transit packet. 10) An error exists in the NTPv4 implementation while creating NTP reply packets. This can be exploited to trigger a device reload via a specially crafted NTP packet. SOLUTION: Update to a fixed version (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3-10) Reported by the vendor. 2) Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml OTHER REFERENCES: SA36836: http://secunia.com/advisories/36836/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------