VARIoT IoT vulnerabilities database

The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. ZyXEL P-330W is a wireless broadband router. A vulnerability exists in the UPnP IGD installation enablement of the ZyXEL P-330W's Pseudo ICS UPnP software. This vulnerability is related to the \"external forwarding\" vulnerability. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA52035 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035 RELEASE DATE: 2013-01-31 DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52035/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52035 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device. 1) Multiple vulnerabilities are caused due to a bundled version of libupnp. For more information: SA51949 2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates. PROVIDED AND/OR DISCOVERED BY: 2) Rapid7 ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at: http://www.kb.cert.org/vuls/id/922681 Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. There are vulnerabilities in the Edimax Edimax EdiLinux UPnP IGD installation enablement. An attacker can exploit this issue to gain unauthorized access to scan the internal host or proxy internet traffic through an affected device. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA52035 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035 RELEASE DATE: 2013-01-31 DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52035/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52035 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device. 1) Multiple vulnerabilities are caused due to a bundled version of libupnp. For more information: SA51949 2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates. PROVIDED AND/OR DISCOVERED BY: 2) Rapid7 ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at: http://www.kb.cert.org/vuls/id/922681 Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. Apache HTTP Server is prone to an information disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive information. The three CVE ids denote slightly different variants of the same issue. Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. This could allow a remote attacker using cross site scripting to steal authentication cookies. For the oldstable distribution (lenny), these problems have been fixed in version apache2 2.2.9-10+lenny12. For the stable distribution (squeeze), these problems have been fixed in version apache2 2.2.16-6+squeeze6 For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-1. For the unstable distribution (sid), these problems have been fixed in version 2.2.22-1. We recommend that you upgrade your apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny7. In the stable distribution, apache2-mpm-itk has the same version number as apache2. ========================================================================== Ubuntu Security Notice USN-1259-1 November 11, 2011 apache2, apache2-mpm-itk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Multiple vulnerabilities and a regression were fixed in the Apache HTTP server. (CVE-2011-3368) Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. (CVE-2011-3348) Samuel Montosa discovered that the ITK Multi-Processing Module for Apache did not properly handle certain configuration sections that specify NiceValue but not AssignUserID, preventing Apache from dropping privileges correctly. This issue only affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1176) USN 1199-1 fixed a vulnerability in the byterange filter of Apache. The upstream patch introduced a regression in Apache when handling specific byte range requests. Original advisory details: A flaw was discovered in the byterange filter in Apache. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: apache2.2-bin 2.2.20-1ubuntu1.1 Ubuntu 11.04: apache2-mpm-itk 2.2.17-1ubuntu1.4 apache2.2-bin 2.2.17-1ubuntu1.4 Ubuntu 10.10: apache2-mpm-itk 2.2.16-1ubuntu3.4 apache2.2-bin 2.2.16-1ubuntu3.4 Ubuntu 10.04 LTS: apache2-mpm-itk 2.2.14-5ubuntu8.7 apache2.2-bin 2.2.14-5ubuntu8.7 Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.22 In general, a standard system update will make all the necessary changes. This version of Apache is principally a security and bug fix release, including the following significant security fixes: * SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. * SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. * SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. * SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. * SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. * SECURITY: CVE-2012-0053 (cve.mitre.org) Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. The Apache HTTP Project thanks halfdog, Context Information Security Ltd, Prutha Parikh of Qualys, and Norman Hippert for bringing these issues to the attention of the security team. We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade. Apache HTTP Server 2.2.22 is available for download from: http://httpd.apache.org/download.cgi Please see the CHANGES_2.2 file, linked from the download page, for a full list of changes. A condensed list, CHANGES_2.2.22 includes only those changes introduced since the prior 2.2 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available: http://httpd.apache.org/security/vulnerabilities_22.html This release includes the Apache Portable Runtime (APR) version 1.4.5 and APR Utility Library (APR-util) version 1.4.2, bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv version 1.2.1) must all be updated to ensure binary compatibility and address many known security and platform bugs. APR-util version 1.4 represents a minor version upgrade from earlier httpd source distributions, which previously included version 1.3. Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced since 2.0 please see: http://httpd.apache.org/docs/2.2/new_features_2_2.html This release builds on and extends the Apache 2.0 API. Modules written for Apache 2.0 will need to be recompiled in order to run with Apache 2.2, and require minimal or no source code changes. http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING When upgrading or installing this version of Apache, please bear in mind that if you intend to use Apache with one of the threaded MPMs (other than the Prefork MPM), you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03231301 Version: 1 HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-03-27 Last Updated: 2012-03-27 Potential Security Impact: Remote unauthorized disclosure of information, unauthorized modification, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS). References: CVE-2012-0053, CVE-2012-0031, CVE-2012-0021, CVE-2011-4317, CVE-2011-3607, CVE-2011-3368 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided a hotfix to resolve the vulnerabilities. The SSRT100772 hotfix is available by contacting the normal HP Services support channel. MANUAL ACTIONS: Yes - NonUpdate Install the hotfix for SSRT100772. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS (for HP-UX) For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN,fr=B.07.50.00 action: install the hotfix for SSRT100772 END AFFECTED VERSIONS (for HP-UX) HISTORY Version:1 (rev.1) - 27 March 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. PR 52256. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security and bug fix update Advisory ID: RHSA-2011:1392-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1392.html Issue date: 2011-10-20 CVE Names: CVE-2011-3368 ===================================================================== 1. Summary: Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) Red Hat would like to thank Context Information Security for reporting this issue. This update also fixes the following bug: * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736593, BZ#736594) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 736593 - httpd: RHSA-2011:1245 regressions [rhel-5] 736594 - httpd: RHSA-2011:1245 regressions [rhel-4] 740045 - CVE-2011-3368 httpd: reverse web proxy vulnerability 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm ppc: httpd-2.0.52-49.ent.ppc.rpm httpd-debuginfo-2.0.52-49.ent.ppc.rpm httpd-devel-2.0.52-49.ent.ppc.rpm httpd-manual-2.0.52-49.ent.ppc.rpm httpd-suexec-2.0.52-49.ent.ppc.rpm mod_ssl-2.0.52-49.ent.ppc.rpm s390: httpd-2.0.52-49.ent.s390.rpm httpd-debuginfo-2.0.52-49.ent.s390.rpm httpd-devel-2.0.52-49.ent.s390.rpm httpd-manual-2.0.52-49.ent.s390.rpm httpd-suexec-2.0.52-49.ent.s390.rpm mod_ssl-2.0.52-49.ent.s390.rpm s390x: httpd-2.0.52-49.ent.s390x.rpm httpd-debuginfo-2.0.52-49.ent.s390x.rpm httpd-devel-2.0.52-49.ent.s390x.rpm httpd-manual-2.0.52-49.ent.s390x.rpm httpd-suexec-2.0.52-49.ent.s390x.rpm mod_ssl-2.0.52-49.ent.s390x.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-49.ent.src.rpm i386: httpd-2.0.52-49.ent.i386.rpm httpd-debuginfo-2.0.52-49.ent.i386.rpm httpd-devel-2.0.52-49.ent.i386.rpm httpd-manual-2.0.52-49.ent.i386.rpm httpd-suexec-2.0.52-49.ent.i386.rpm mod_ssl-2.0.52-49.ent.i386.rpm ia64: httpd-2.0.52-49.ent.ia64.rpm httpd-debuginfo-2.0.52-49.ent.ia64.rpm httpd-devel-2.0.52-49.ent.ia64.rpm httpd-manual-2.0.52-49.ent.ia64.rpm httpd-suexec-2.0.52-49.ent.ia64.rpm mod_ssl-2.0.52-49.ent.ia64.rpm x86_64: httpd-2.0.52-49.ent.x86_64.rpm httpd-debuginfo-2.0.52-49.ent.x86_64.rpm httpd-devel-2.0.52-49.ent.x86_64.rpm httpd-manual-2.0.52-49.ent.x86_64.rpm httpd-suexec-2.0.52-49.ent.x86_64.rpm mod_ssl-2.0.52-49.ent.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm i386: httpd-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm mod_ssl-2.2.3-53.el5_7.3.i386.rpm x86_64: httpd-2.2.3-53.el5_7.3.x86_64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm mod_ssl-2.2.3-53.el5_7.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm i386: httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-manual-2.2.3-53.el5_7.3.i386.rpm x86_64: httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.x86_64.rpm httpd-manual-2.2.3-53.el5_7.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-53.el5_7.3.src.rpm i386: httpd-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-manual-2.2.3-53.el5_7.3.i386.rpm mod_ssl-2.2.3-53.el5_7.3.i386.rpm ia64: httpd-2.2.3-53.el5_7.3.ia64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ia64.rpm httpd-devel-2.2.3-53.el5_7.3.ia64.rpm httpd-manual-2.2.3-53.el5_7.3.ia64.rpm mod_ssl-2.2.3-53.el5_7.3.ia64.rpm ppc: httpd-2.2.3-53.el5_7.3.ppc.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ppc.rpm httpd-debuginfo-2.2.3-53.el5_7.3.ppc64.rpm httpd-devel-2.2.3-53.el5_7.3.ppc.rpm httpd-devel-2.2.3-53.el5_7.3.ppc64.rpm httpd-manual-2.2.3-53.el5_7.3.ppc.rpm mod_ssl-2.2.3-53.el5_7.3.ppc.rpm s390x: httpd-2.2.3-53.el5_7.3.s390x.rpm httpd-debuginfo-2.2.3-53.el5_7.3.s390.rpm httpd-debuginfo-2.2.3-53.el5_7.3.s390x.rpm httpd-devel-2.2.3-53.el5_7.3.s390.rpm httpd-devel-2.2.3-53.el5_7.3.s390x.rpm httpd-manual-2.2.3-53.el5_7.3.s390x.rpm mod_ssl-2.2.3-53.el5_7.3.s390x.rpm x86_64: httpd-2.2.3-53.el5_7.3.x86_64.rpm httpd-debuginfo-2.2.3-53.el5_7.3.i386.rpm httpd-debuginfo-2.2.3-53.el5_7.3.x86_64.rpm httpd-devel-2.2.3-53.el5_7.3.i386.rpm httpd-devel-2.2.3-53.el5_7.3.x86_64.rpm httpd-manual-2.2.3-53.el5_7.3.x86_64.rpm mod_ssl-2.2.3-53.el5_7.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3368.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1245.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOoFxkXlSAg2UNWIIRAl1kAJ94ZNoM1fzZzwHexpMMIAyHsGsB8wCgvD5v qZVZrYEbxzHisIh4Yznj+ro= =yulh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier

Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font.". Google Chrome Used in Webkit Is SVG Insufficient operation of text due to improper handling of text (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. plural Apple Product Webkit A similar vulnerability exists for. Detail is Apple See vendor information for.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, and bypass the same-origin policy; other attacks may also be possible. Versions prior to Chrome 14.0.835.202 are vulnerable. Google Chrome is a web browser developed by Google (Google). These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue is addressed through an improved domain name validity check. This issue does not affect OS X systems. CVE-ID CVE-2012-0640 : nshah WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3, Windows 7, Vista, XP SP2 or later Impact: HTTP authentication credentials may be inadvertently disclosed to another site Description: If a site uses HTTP authentication and redirects to another site, the authentication credentials may be sent to the other site. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48288 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48288/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48288 RELEASE DATE: 2012-03-09 DISCUSS ADVISORY: http://secunia.com/advisories/48288/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48288/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48288 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device. 1) An error within the CFNetwork component when handling URLs can be exploited to disclose sensitive information by tricking the user into visiting a malicious website. 3) A logic error within the kernel does not properly handle debug system calls and can be exploited to bypass the sandbox restrictions. 4) An integer overflow error within the libresolv library when handling DNS resource records can be exploited to corrupt heap memory. 9) A cross-origin error in the WebKit component can be exploited to bypass the same-origin policy and disclose a cookie by tricking the user into visiting a malicious website. 10) An error within the WebKit component when handling drag-and-drop actions can be exploited to conduct cross-site scripting attacks. 11) Multiple unspecified errors within the WebKit component can be exploited to conduct cross-site scripting attacks. 12) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit. SOLUTION: Apply iOS 5.1 Software Update. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Erling Ellingsen, Facebook. 2, 8) pod2g. 3) 2012 iOS Jailbreak Dream Team. 5) Roland Kohler, the German Federal Ministry of Economics and Technology. 6) Eric Melville, American Express. 9) Sergey Glazunov. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5192 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-03-07-2 iOS 5.1 Software Update iOS 5.1 Software Update is now available and addresses the following: CFNetwork Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. CVE-ID CVE-2012-0641 : Erling Ellingsen of Facebook HFS Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Mounting a maliciously crafted disk image may lead to a device shutdown or arbitrary code execution Description: An integer underflow existed with the handling of HFS catalog files. CVE-ID CVE-2012-0642 : pod2g Kernel Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. CVE-ID CVE-2012-0643 : 2012 iOS Jailbreak Dream Team libresolv Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Applications that use the libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive Passcode Lock Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A person with physical access to the device may be able to bypass the screen lock Description: A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen. CVE-ID CVE-2012-0644 : Roland Kohler of the German Federal Ministry of Economics and Technology Safari Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Web page visits may be recorded in browser history even when Private Browsing is active Description: Safari's Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active. CVE-ID CVE-2012-0585 : Eric Melville of American Express Siri Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: An attacker with physical access to a locked phone could get access to frontmost email message Description: A design issue existed in Siri's lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen. CVE-ID CVE-2012-0645 VPN Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A maliciously crafted system configuration file may lead to arbitrary code execution with system privileges Description: A format string vulnerability existed in the handling of racoon configuration files. CVE-ID CVE-2012-0646 : pod2g WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of cookies Description: A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins. CVE-ID CVE-2011-3887 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack Description: A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins. CVE-ID CVE-2012-0590 : Adam Barth of Google Chrome Security Team WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: Multiple cross-origin issues existed in WebKit. CVE-ID CVE-2011-3881 : Sergey Glazunov CVE-2012-0586 : Sergey Glazunov CVE-2012-0587 : Sergey Glazunov CVE-2012-0588 : Jochen Eisinger of Google Chrome Team CVE-2012-0589 : Alan Austin of polyvore.com WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. CVE-ID CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-2833 : Apple CVE-2011-2846 : Arthur Gerkis, miaubiz CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense VCP CVE-2011-2857 : miaubiz CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2867 : Dirk Schulze CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2877 : miaubiz CVE-2011-3885 : miaubiz CVE-2011-3888 : miaubiz CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative CVE-2011-3908 : Aki Helin of OUSPG CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2012-0591 : miaubiz, and Martin Barbella CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day Initiative CVE-2012-0593 : Lei Zhang of the Chromium development community CVE-2012-0594 : Adam Klein of the Chromium development community CVE-2012-0595 : Apple CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0597 : miaubiz CVE-2012-0598 : Sergey Glazunov CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google Chrome, miaubiz, Aki Helin of OUSPG, Apple CVE-2012-0601 : Apple CVE-2012-0602 : Apple CVE-2012-0603 : Apple CVE-2012-0604 : Apple CVE-2012-0605 : Apple CVE-2012-0606 : Apple CVE-2012-0607 : Apple CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer CVE-2012-0611 : Martin Barbella using AddressSanitizer CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer CVE-2012-0615 : Martin Barbella using AddressSanitizer CVE-2012-0616 : miaubiz CVE-2012-0617 : Martin Barbella using AddressSanitizer CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0621 : Martin Barbella using AddressSanitizer CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome Security Team CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0624 : Martin Barbella using AddressSanitizer CVE-2012-0625 : Martin Barbella CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0627 : Apple CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2012-0630 : Sergio Villar Senin of Igalia CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using AddressSanitizer CVE-2012-0633 : Apple CVE-2012-0635 : Julien Chaffraix of the Chromium development community, Martin Barbella using AddressSanitizer Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "5.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPV6M3AAoJEGnF2JsdZQeef/cIAKBSn0czLzJO9fu6ZyjLRvxq 4pIZgfyEVGBzpn+9IeiGFTkkVf+bOsA+Q3RlcsG5g0RlbyFgnuWu59HHsnkrElbM bCfnnTF5eYZX/3fnLzxpX7BUsEona3nf1gHfR24OeEn36C8rZ6rZJfMLqCJNNZGY RDSga1oeMN/AbgZuR9sYKudkE0GOmkLZfR2G4WXmrU+JncR6XoROUwoJBPhg8z90 HAxgDEbduuLLOSe7CHLS3apbh0L2tmxPCWpiBmEMg6PTlFF0HhJQJ0wusrUc8nX6 7TDsAho73wCOpChzBGQeemc6+UEN2uDmUgwVkN6n4D/qN1u6E+d3coUXOlb8hIY= =qPeE -----END PGP SIGNATURE-----

The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs: CSCtd10712 CSCso02147 CSCti98219 CSCti48483 CSCtj04672 CSCth11006. For more information: SA46179 The vulnerabilities are reported in version 3.1.xSG. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20110928-nat Revision 1.0 For Public Release 2011 Sep 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols: * NetMeeting Directory (Lightweight Directory Access Protocol, LDAP) * Session Initiation Protocol (Multiple vulnerabilities) * H.323 protocol All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= Vulnerable Products +------------------ Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for NAT and contain support for one or more of the following features: * NetMeeting Directory NAT (LDAP on TCP port 389) * NAT for Session Initiation Protocol (SIP) * NAT for H.323 The preferred method to verify whether NAT is enabled on a Cisco IOS device is to log in to the device and issue the "show ip nat statistics" command. If NAT is active the sections Outside interfaces and Inside interfaces will each include at least one interface. The following example shows a device on which the NAT feature is active: Router#show ip nat statistics Total translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: Serial0 Inside interfaces: Ethernet1 Hits: 135 Misses: 5 Expired translations: 2 Dynamic mappings: -- Inside Source access-list 1 pool mypool refcount 2 pool mypool: netmask 255.255.255.0 start 192.168.10.1 end 192.168.10.254 type generic, total addresses 14, allocated 2 (14%), misses 0 Depending on the Cisco IOS Software release, the interface lists can be in the lines following the Outside interfaces and Inside interfaces lines. In releases that support the section filter on show commands, the administrator can determine whether NAT is active by using the "show ip nat statistics | section interfaces" command: Router> show ip nat statistics | section interfaces Outside interfaces: GigabitEthernet0/0 Inside interfaces: GigabitEthernet0/1 Router> Alternatively, to determine whether NAT has been enabled in the Cisco IOS Software configuration, either the "ip nat inside" and "ip nat outside" commands must be present in different interfaces or, in the case of the NAT Virtual Interface, the "ip nat enable" interface command will be present. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= NAT for NetMeeting Directory (LDAP) Vulnerability +------------------------------------------------ LDAP is a protocol for querying and modifying data of directory services implemented in IP networks. NAT for NetMeeting Directory, also known as the Internet Locator Service (ILS), translates LDAP packets on TCP port 389. The inspected port is not configurable. This vulnerability is triggered by malformed transit LDAP traffic that needs to be processed by the NAT for NetMeeting Directory feature. This vulnerability is documented in Cisco bug ID CSCtd10712 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0946. NAT for SIP DoS Vulnerabilities +------------------------------ Four vulnerabilities in the NAT for SIP feature are described in this document: NAT of SIP over TCP vulnerability: Crafted SIP packets on TCP port 5060 could cause unpredictable results, including the reload of the vulnerable device. Translation of SIP over TCP packets will be disabled by default with the fix for this vulnerability. This vulnerability is documented in Cisco bug ID CSCso02147 and has been assigned Common Vulnerabilities and Exposures CVE-2011-3276. Provider edge Multiprotocol Label Switching (MPLS) NAT of SIP over UDP packets DoS vulnerability: A malformed SIP packet on UDP 5060 that transits an MPLS enabled vulnerable device that needs an MPLS tag to be imposed on the malformed packet might reload the device. NAT of crafted SIP over UDP packets DoS vulnerabilities: There are two DoS vulnerabilities related to similar crafted packets on UDP port 5060 that require SIP translation: the first is a vulnerability that will cause the device to reload and the second will cause a memory leak that could lead to a DoS condition, including reload of the vulnerable device. They have been assigned CVE IDs CVE-2011-3278 and CVE-2011-3280. NAT of H.323 Packets DoS Vulnerability +------------------------------------- Transit crafted H.323 packets on TCP port 1720 could cause a reload of the vulnerable device. This vulnerability is documented in Cisco bug ID CSCth11006 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3277. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtd10712 ("NAT LDAP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCso02147 ("NAT of SIP over TCP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti98219 ("Provider-Edge MPLS NAT of SIP over UDP packets Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti48483/CSCtj04672 ("NAT of crafted SIP packets vulnerabilities") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCth11006 ("NAT of H.323 Packets DoS Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities can cause the device to reload or become unresponsive. For the NAT of UDP over SIP vulnerability that corresponds to Cisco bug CSCtj04672, it is also possible that exploitation can cause a memory leak. Repeated exploitation of the memory leak vulnerability can lead to a DoS condition in which the device reloads or becomes unresponsive. Reloading may occur automatically, or the device may require manual intervention to reload. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.1E | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2BX | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2CZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | | | | fixed in Release | | | | 12.2SG | Releases up to and | | 12.2EW | | including 12.2(20)EW4 | | | Releases up to and | are not vulnerable. | | | including 12.2(20)EW4 | | | | are not vulnerable. | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2EWA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | 12.2(55)EX | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | | 12.2(52)EY | | | 12.2EY | | 12.2(58)EY | | | 12.2(52)EY1b | | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2EZ | to any release in | to any release in | | | 15.0SE | 15.0SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FX | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FY | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FZ | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRA | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRB | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRC | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | 12.2(33)IRD1 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | 12.2(33)IRE3 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRF | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXE | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2MRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | 12.2(33)MRB5 | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(30)S are | 12.2(30)S are | | | vulnerable; Releases | vulnerable; Releases | | 12.2S | 12.2(30)S and later | 12.2(30)S and later | | | are not vulnerable. | are not vulnerable. | | | First fixed in | First fixed in | | | Release 12.2SB | Release 12.2SB | |------------+-----------------------+-----------------------| | | 12.2(31)SB20 | 12.2(31)SB2012.2(33) | | 12.2SB | | SB10 | | | 12.2(33)SB10 | | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SBC | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCA | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCB | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | 12.2(33)SCC7 | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | | 12.2(33)SCD6 | | | 12.2SCD | | 12.2(33)SCD6 | | | 12.2(33)SCD7 | | |------------+-----------------------+-----------------------| | 12.2SCE | 12.2(33)SCE1 | 12.2(33)SCE1 | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.2(55)SE2 | 12.2(55)SE3 | | 12.2SE | | | | | 12.2(58)SE | 12.2(58)SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEA | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEB | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEC | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SED | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEE | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEF | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(25)SEG4 are | 12.2(25)SEG4 are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SEG | 12.2(25)SEG4 and | 12.2(25)SEG4 and | | | later are not | later are not | | | vulnerable. First | vulnerable. First | | | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(53)SG4 are | | 12.2SG | 12.2(53)SG4 | vulnerable; Releases | | | | 12.2(53)SG4 and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2SGA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SM | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | 12.2(50)SQ3 | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRB | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRC | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | 12.2(33)SRD6 | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | 12.2(33)SRE3 | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(29b)SV1 are | 12.2(29a)SV are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SV | 12.2(29b)SV1 and | 12.2(29a)SV and later | | | later are not | are not vulnerable. | | | vulnerable. Migrate | Migrate to any | | | to any release in | release in 12.2SVD | | | 12.2SVD | | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SX | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXB | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXD | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXE | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | 12.2(18)SXF17b | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | | 12.2(33)SXH6 | | | 12.2SXH | | 12.2(33)SXH8a | | | 12.2(33)SXH8a | | |------------+-----------------------+-----------------------| | | 12.2(33)SXI2 | | | | | | | 12.2SXI | 12.2(33)SXI2a | 12.2(33)SXI6 | | | | | | | 12.2(33)SXI4a | | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | 12.2(50)SY | 12.2(50)SY | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNA | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNB | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNC | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XND | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNE | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNF | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Releases prior to | | | | 12.2(54)XO are | Releases prior to | | | vulnerable; Releases | 12.2(54)XO are | | 12.2XO | 12.2(54)XO and later | vulnerable; Releases | | | are not vulnerable. | 12.2(54)XO and later | | | First fixed in | are not vulnerable. | | | Release 12.2SG | | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YQ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YS | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YT | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YU | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YV | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YX | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZH | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZU | fixed in Release | fixed in Release | | | 12.2SXH | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZYA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.3 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3BC | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.3BW | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JED | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases up to and | Releases up to and | | | including 12.3(2)JK3 | including 12.3(2)JK3 | | | are not vulnerable. | are not vulnerable. | | 12.3JK | | Releases 12.3(8)JK1 | | | Releases 12.3(8)JK1 | and later are not | | | and later are not | vulnerable. First | | | vulnerable. First | fixed in Release 12.4 | | | fixed in Release 12.4 | | |------------+-----------------------+-----------------------| | 12.3JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3VA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XD | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XG | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XI | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XK | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XL | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3XQ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XR | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XS | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XU | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XZ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YJ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YS | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YU | fixed in Release | fixed in Release | | | 12.4XB | 12.4XB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YX | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3ZA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.4 | 12.4(25f) | 12.4(25f) | |------------+-----------------------+-----------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+-----------------------+-----------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | | to any release in | to any release in | | | 12.4JA | 12.4JA | | 12.4JX | | | | | Releases up to and | Releases up to and | | | including 12.4(21a)JX | including 12.4(21a)JX | | | are not vulnerable. | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4MD | 12.4(24)MD6 on | 12.4(24)MD6 on | | | 28-Oct-11 | 28-Oct-11 | |------------+-----------------------+-----------------------| | 12.4MDA | 12.4(24)MDA7 | 12.4(24)MDA7 | |------------+-----------------------+-----------------------| | 12.4MDB | 12.4(24)MDB3 | 12.4(24)MDB3 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4MRB | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.4(15)T16 | 12.4(15)T16 | | 12.4T | | | | | 12.4(24)T6 | 12.4(24)T6 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XB | 12.4(2)XB12 | 12.4(2)XB12 | |------------+-----------------------+-----------------------| | 12.4XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XD | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XF | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XG | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XM | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XP | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XR | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XW | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XY | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XZ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4YA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 12.4(22)YE6; | 12.4(22)YE6; | | | Available on | Available on | | | 30-SEP-11 | 30-SEP-11 | | 12.4YE | | | | | 12.4(24)YE7; | 12.4(24)YE7; | | | Available on | Available on | | | 17-OCT-11 | 17-OCT-11 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 15.0(1)S4 | 15.0(1)S4 | | | | | | 15.0S | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0SA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0SG | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0XO | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | 15.1(2)EY | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1GC | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | 15.1(4)M2; Available | 15.1(4)M2; Available | | | on 30-SEP-11 | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | 15.1(2)S2 | 15.1(2)S2 | | | | | | | 15.1(3)S | 15.1(3)S | | 15.1S | | | | | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | 15.1(1)T4; Available | 15.1(1)T4; Available | | | on 09-DEC-11 | on 09-DEC-11 | | 15.1T | | | | | 15.1(2)T4 | 15.1(2)T4 | | | | | | | 15.1(3)T2 | 15.1(3)T2 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1XB | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2-based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release | Advisories in the September | | Release | | 2011 Bundled Publication | |---------+-----------------+--------------------------------| | 2.1.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.2.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.3.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.4.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.5.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.6.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.1.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | | Vulnerable; | | | 3.1.xSG | migrate to | Vulnerable; migrate to 3.2.0SG | | | 3.2.0SG or | or later | | | later | | |---------+-----------------+--------------------------------| | 3.2.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |---------+-----------------+--------------------------------| | 3.3.xS | Not vulnerable | 3.3.2S | |---------+-----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== It is possible to mitigate the vulnerabilities in this advisory by disabling the translation of embedded IP addresses in the payload of IP packets. Disabling NAT for the different protocols requires different configurations. For some protocols, a single command can be used. Other protocols require individual NAT translation rules be added to the configuration. NAT LDAP Vulnerability Mitigation +--------------------------------- To disable NAT of LDAP, port-based address translation needs to be configured to disable LDAP inspection using the no-payload keyword. This will still allow the NAT of LDAP packets at Layer 3 (non-port specific). Translation of other non-LDAP protocols translation will not be affected. Applications that use embedded IP addresses in LDAP, such as NetMeeting Directory, will be negatively impacted if the embedded IP addresses need to be translated. The following is an example configuration that includes the mitigation for two NAT rules. !-- NAT rule for port TCP/389 to disable IP NAT for LDAP translation !-- Takes precedence over the non-port translation rule. ip nat outside source static tcp 192.168.0.1 389 192.168.1.1 389 no-payload ip nat outside source static tcp 192.168.0.3 389 192.168.1.3 389 no-payload !-- Translation rule for all other protocols ip nat outside source static 192.168.0.1 192.168.1.1 ip nat outside source static 192.168.0.3 192.168.1.3 interface GigabitEthernet0/0 ip nat inside interface GigabitEthernet0/1 ip nat outside Each NAT translation rule in the configuration will need to be updated to include a per-port rule that disables translation of TCP packets on port 389. NAT for SIP over TCP DoS Vulnerability Mitigation +------------------------------------------------ Mitigation for this vulnerability consists of disabling NAT for SIP over the TCP transport by using the "no ip nat service sip tcp port 5060" global configuration command. NAT of Crafted SIP over UDP Packets DoS Vulnerability Mitigation +--------------------------------------------------------------- Mitigation of these vulnerabilities consists of disabling NAT for SIP over the UDP transport by using the "no ip nat service sip udp port 5060" global configuration command. NAT for Crafted H.323 Packets DoS Vulnerability Mitigation +--------------------------------------------------------- Mitigation for this vulnerability consists of disabling NAT for H.323 and H.225.0 using the "no ip nat service h225" global configuration command. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The NAT LDAP vulnerability and the NAT of crafted SIP packets vulnerabilities were found during internal Cisco testing. The NAT SIP/TCP vulnerability, provider edge MPLS NAT of SIP over UDP packets vulnerability, and NAT of H.323 packets DoS vulnerabilities were found during troubleshooting of TAC service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-Sep-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2YACgkQQXnnBKKRMNAOugD/Qr4CA7ZO3CeTOcQnwg+oMx+c NjHD7/tFD6PNnBBJF1IA/jMWm3G+EDQeuwMQ0ijB1QvXEApsX4ZJFNJyMgiFtL5x =B/LS -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka Bug ID CSCti79848. The problem is Bug ID CSCti79848 It is a problem.Service disruption by inducing the creation of a large number of sessions by a third party ( Memory consumption or device crash ) There is a possibility of being put into a state. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCti79848 and CSCto68554. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities Advisory ID: cisco-sa-20110928-zbfw Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= Cisco IOS Software contains two vulnerabilities related to Cisco IOS Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall features. These vulnerabilities are: * Memory leak in Cisco IOS Software * Cisco IOS Software Denial of Service when processing specially crafted HTTP packets Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-zbfw.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. The two vulnerabilities are independent of each other. Details to confirm affected configurations are provided below. To determine if a device is configured with Cisco IOS IPS, log into the device and issue the "show ip ips interfaces" CLI command. If the output shows an IPS rule either in the inbound or outbound direction set, then the device is vulnerable. This example, shows a device with an IPS rule set on Interface Gigabit Ethernet 0/0 in the inbound direction: Router#show ip ips interfaces Interface Configuration Interface GigabitEthernet0/0 Inbound IPS rule is example_ips_rule Outgoing IPS rule is not set Router# A device that is not configured for Cisco IOS IPS will return a blank line. The following example shows a device on which Cisco IOS IPS is not configured: Router#show ip ips interfaces Router# To determine whether a device is configured with Zone-Based Firewall, log into the device and issue the "show zone security" CLI command. If the output shows a member interface under a zone name, then the device is vulnerable. This example, shows a device with Zone-Based Firewall rules configured on both GigabitEthernet0/0 and GigabitEthernet0/1 Router#show zone security zone self Description: System defined zone zone inside Description: *** Inside Network *** Member Interfaces: GigabitEthernet0/0 zone outside Description: *** Outside Network *** Member Interfaces: GigabitEthernet0/1 Router# Note: The device is vulnerable if configured with Zone-Based Firewall, regardless of the type of packet inspection being performed. * Cisco IOS Software Denial of Service when processing specially crafted HTTP packets A device is vulnerable if configured under the following circumstances: - HTTP Layer 7 Application Control and Inspection and Cisco IOS IPS are enabled. - HTTP Layer 7 Application Control and Inspection with match request arg regex parameter on the HTTP class map. This configuration is affected regardless if Cisco IOS IPS is enabled or not. The device is not vulnerable under other configurations. A summary of different configurations and their affect by this vulnerability is provided below: +--------------------------------------------------------+ | | Affected | | Configuration on Device | or not | | | Affected | |--------------------------------------------+-----------| | Only Cisco IOS IPS enabled | Not | | | Affected | |--------------------------------------------+-----------| | HTTP Layer 4 Stateful Inspection with | Not | | Cisco IOS IPS enabled | Affected | |--------------------------------------------+-----------| | HTTP Layer 4 Stateful Inspection with | Not | | Cisco IOS IPS disabled | Affected | |--------------------------------------------+-----------| | HTTP Layer 7 Application Control and | Affected | | Inspection with Cisco IOS IPS enabled | | |--------------------------------------------+-----------| | HTTP Layer 7 Application Control and | | | Inspection with match arg regex parameter. | Affected | | With or without Cisco IOS IPS enabled. | | |--------------------------------------------+-----------| | HTTP Layer 7 Application Control and | | | Inspection without match arg regex | Not | | parameter. With or without Cisco IOS IPS | Affected | | enabled. | | +--------------------------------------------------------+ The following example shows an affected device configured with HTTP Layer 7 Application Control and Inspection and Cisco IOS IPS enabled: ! ip ips name myips ! ip ips signature-category category all retired true category ios_ips basic retired false ! ! class-map type inspect match-any layer4-classmap match protocol http ! class-map type inspect http match-any layer7-classmap match request arg length gt 15 ! ! policy-map type inspect http layer7-policymap class type inspect http layer7-classmap reset log policy-map type inspect layer4-policymap class type inspect layer4-classmap inspect service-policy http layer7-policymap class class-default drop ! zone security inside description ** Inside Network ** zone security outside description ** Outside Network ** zone-pair security in2out source inside destination outside description ** Zone Pair - inside to outside ** service-policy type inspect layer4-policymap ! ! interface GigabitEthernet0/0 ip address 192.168.0.6 255.255.255.0 ip ips myips in zone-member security inside ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 zone-member security outside ! The following example shows an affected device configured with HTTP Layer 7 Application Control and Inspection with the match request arg regex parameter on the HTTP class map: ! parameter-map type regex example pattern [^\x00-\x80] ! class-map type inspect match-any layer4-classmap match protocol http ! class-map type inspect http match-any layer7-classmap match request arg regex example ! ! policy-map type inspect http layer7-policymap class type inspect http layer7-classmap reset log policy-map type inspect layer4-policymap class type inspect layer4-classmap inspect service-policy http layer7-policymap class class-default drop ! zone security inside description ** Inside Network ** zone security outside description ** Outside Network ** zone-pair security in2out source inside destination outside description ** Zone Pair - inside to outside ** service-policy type inspect layer4-policymap ! interface GigabitEthernet0/0 ip address 192.168.0.6 255.255.255.0 zone-member security inside ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 zone-member security outside ! To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide at http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Products Confirmed Not Vulnerable +-------------------------------- The following products are confirmed not vulnerable: * Cisco PIX 500 Series Firewall * Cisco ASA 5500 Series Adaptive Security Appliance * Firewall Services Module (FWSM) for Catalyst 6500 Series Switches and 7600 Series Routers * Virtual Firewall (VFW) application on the multiservice blade (MSB) on the Cisco XR 12000 Series Router * Cisco ACE Application Control Engine Module * Cisco IOS devices configured with legacy Cisco IOS Firewall Support * Cisco IOS XR Software * Cisco IOS XE Software * Cisco IPS Appliances * Cisco Catalyst 6500 Series ASA Services Module * Content Based Access Control (CBAC) No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Firewalls are networking devices that control access to the network assets of an organization. Firewalls are often positioned at the entrance points of networks. Cisco IOS Software provides a set of security features that allow the configuration of a simple or elaborate firewall policy according to particular requirements. Cisco IOS IPS is an inline, deep-packet inspection feature that effectively mitigates a wide range of network attacks. Logs may indicate a message similar to " *CCE: CCE 7 tuple table entry to add not malloced." or "CCE: CCE 7 tuple table adding data to invalid hash entry." when the device experiences this memory leak. The output of show processes memory sorted will show an increasing amount of memory being held in the "Chunk Manager" process in the "Holding" column. The following example shows the output of the "show processes memory sorted" CLI command: Router#show processes memory sorted Processor Pool Total: 930768768 Used: 90497932 Free: 840270836 I/O Pool Total: 12582912 Used: 6138704 Free: 6444208 PID TTY Allocated Freed Holding Getbufs Retbufs Process 1 0 130499156 72333476 58304964 0 0 Chunk Manager For this particular vulnerability applying Zone-Based Policy Firewall denial of service protection does not protect against the memory leak due to Cisco bug ID CSCtq28732. This vulnerability is documented in Cisco bug ID CSCti79848 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3273. * Cisco IOS Software Denial of Service when processing specially crafted HTTP packets Devices with affected configurations may hang or crash when processing a specially crafted HTTP packets. If the device supports and is configured with scheduler isr-watchdog then the device will reset and reload if the vulnerability is exploited, rather than just hang. For more information on the "scheduler isr-watchdog" command consult the Cisco IOS Configuration Fundamentals Command Reference at the following link: http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_r1.html#wp1079401 This vulnerability is documented in Cisco bug ID CSCto68554 and has been assigned CVE ID CVE-2011-3281. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCti79848 ("Memory leak in Cisco IOS Software when device is configured with either Cisco IOS IPS or ZBFW") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCto68554 ("Cisco IOS Software Denial of Service when processing specially crafted HTTP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities may result in: * Memory leak in Cisco IOS Software The device may run out of memory resulting in instability or the device crashing. * Cisco IOS Software Denial of Service when processing specially crafted HTTP packets The device may crash or hang. If the device hangs, it will have to be power cycled to recover. If the device supports and is configured with scheduler isr-watchdog then the device will reset and reload if the vulnerability is exploited. For more information on the "scheduler isr-watchdog" command consult the Cisco IOS Configuration Fundamentals Command Reference at the following link: http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_r1.html#wp1079401 Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.0-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------------------------------------------------------| | There are no affected 12.0 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.1-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------+--------------+--------------------------------| | 12.1E | Not | 12.2(18)SXF17b | | | Vulnerable | | |------------+--------------+--------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.2-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------+--------------+--------------------------------| | 12.2 | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2B | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2BC | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2BW | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2BX | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SB | |------------+--------------+--------------------------------| | 12.2BY | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2BZ | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2CX | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2CY | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2CZ | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SB | |------------+--------------+--------------------------------| | 12.2DA | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2DD | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2DX | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2EU | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | Not | Releases up to and including | | 12.2EW | vulnerable | 12.2(20)EW4 are not | | | | vulnerable. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2EWA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2EX | Not | 12.2(55)EX3 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2EY | Not | 12.2(58)EY | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2EZ | Not | Vulnerable; migrate to any | | | vulnerable | release in 15.0SE | |------------+--------------+--------------------------------| | 12.2FX | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2FY | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2EX | |------------+--------------+--------------------------------| | 12.2FZ | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2IRA | Not | Vulnerable; migrate to any | | | vulnerable | release in 12.2IRG | |------------+--------------+--------------------------------| | 12.2IRB | Not | Vulnerable; migrate to any | | | vulnerable | release in 12.2IRG | |------------+--------------+--------------------------------| | 12.2IRC | Not | Vulnerable; migrate to any | | | vulnerable | release in 12.2IRG | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IRD | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IRE | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2IRF | Not | Vulnerable; migrate to any | | | vulnerable | release in 12.2IRG | |------------+--------------+--------------------------------| | 12.2IRG | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXB | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXC | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXD | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXE | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXF | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXG | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXH | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2JA | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2JK | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2MB | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2MC | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2MRA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SRD | |------------+--------------+--------------------------------| | 12.2MRB | Not | 12.2(33)MRB5 | | | vulnerable | | |------------+--------------+--------------------------------| | | | Releases prior to 12.2(30)S | | | Not | are vulnerable; Releases 12.2 | | 12.2S | vulnerable | (30)S and later are not | | | | vulnerable. First fixed in | | | | Release 12.2SB | |------------+--------------+--------------------------------| | | Not | 12.2(31)SB20 | | 12.2SB | vulnerable | | | | | 12.2(33)SB10 | |------------+--------------+--------------------------------| | 12.2SBC | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SB | |------------+--------------+--------------------------------| | 12.2SCA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SCC | |------------+--------------+--------------------------------| | 12.2SCB | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SCC | |------------+--------------+--------------------------------| | 12.2SCC | Not | 12.2(33)SCC7 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SCD | Not | 12.2(33)SCD6 | | | vulnerable | | |------------+--------------+--------------------------------| | | Not | 12.2(33)SCE1 | | 12.2SCE | vulnerable | | | | | 12.2(33)SCE2 | |------------+--------------+--------------------------------| | 12.2SCF | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | Not | 12.2(55)SE3 | | 12.2SE | vulnerable | | | | | 12.2(58)SE | |------------+--------------+--------------------------------| | 12.2SEA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2SEB | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2SEC | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2SED | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2SEE | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2SEF | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | | | Releases prior to 12.2(25)SEG4 | | | Not | are vulnerable; Releases 12.2 | | 12.2SEG | vulnerable | (25)SEG4 and later are not | | | | vulnerable. First fixed in | | | | Release 12.2EX | |------------+--------------+--------------------------------| | | | Releases prior to 12.2(53)SG4 | | 12.2SG | Not | are vulnerable; Releases 12.2 | | | vulnerable | (53)SG4 and later are not | | | | vulnerable. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2SGA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2SL | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2SM | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2SO | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SQ | Not | 12.2(50)SQ3 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SRA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SRD | |------------+--------------+--------------------------------| | 12.2SRB | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SRD | |------------+--------------+--------------------------------| | 12.2SRC | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SRD | |------------+--------------+--------------------------------| | 12.2SRD | Not | 12.2(33)SRD6 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SRE | Not | 12.2(33)SRE4 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2STE | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SU | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | | | Releases prior to 12.2(29a)SV | | | Not | are vulnerable; Releases 12.2 | | 12.2SV | vulnerable | (29a)SV and later are not | | | | vulnerable. Migrate to any | | | | release in 12.2SVD | |------------+--------------+--------------------------------| | 12.2SVA | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SVC | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SVD | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SVE | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2SW | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2SX | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | 12.2SXA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | 12.2SXB | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | 12.2SXD | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | 12.2SXE | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | 12.2SXF | Not | 12.2(18)SXF17b | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SXH | Not | 12.2(33)SXH8a | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SXI | Not | 12.2(33)SXI6 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SXJ | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SY | Not | 12.2(50)SY | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SZ | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SB | |------------+--------------+--------------------------------| | 12.2T | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2TPC | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2XA | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XB | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2XC | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XD | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XE | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XF | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XG | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XH | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XI | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XJ | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XK | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XL | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XM | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XN | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XNA | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XNB | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XNC | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XND | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XNE | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XNF | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | | Releases prior to 12.2(54)XO | | 12.2XO | Not | are vulnerable; Releases 12.2 | | | vulnerable | (54)XO and later are not | | | | vulnerable. | |------------+--------------+--------------------------------| | 12.2XQ | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XR | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XS | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XT | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XU | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XV | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XW | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2YA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2YB | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2YC | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2YD | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2YE | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YF | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YG | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YH | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YJ | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2YK | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YL | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2YM | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YN | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2YO | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2YP | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YQ | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YR | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YS | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YT | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YU | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YV | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YW | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YX | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YY | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YZ | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2ZA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2ZB | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2ZC | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2ZD | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2ZE | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2ZF | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2ZG | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2ZH | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2ZJ | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2ZL | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2ZP | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2ZU | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXH | |------------+--------------+--------------------------------| | 12.2ZX | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2ZY | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2ZYA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.3-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------------------------------------------------------| | There are no affected 12.3 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.4-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------------------------------------------------------| | There are no affected 12.4 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 15.0-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------+--------------+--------------------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 15.0MR | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 15.0MRA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | See Cisco | | | 15.0S | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 15.0SA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 15.0SE | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | See Cisco | | | 15.0SG | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | Vulnerable; | | | 15.0XA | first fixed | Vulnerable; first fixed in | | | in Release | Release 15.1T | | | 15.1T | | |------------+--------------+--------------------------------| | | See Cisco | | | 15.0XO | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | Affected | First Fixed | First Fixed Release for All | | 15.1-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 15.1EY | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | Vulnerable; | | | 15.1GC | first fixed | Vulnerable; first fixed in | | | in Release | Release 15.1T | | | 15.1T | | |------------+--------------+--------------------------------| | 15.1M | 15.1(4)M1 | 15.1(4)M2; Available on | | | | 30-SEP-11 | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 15.1MR | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | See Cisco | | | 15.1S | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | 15.1(1)T4; | | | | Available on | | | | 08-Dec-2011 | 15.1(2)T4 | | 15.1T | | | | | 15.1(2)T4 | 15.1(1)T4 on 8-Dec-2011 | | | | | | | 15.1(3)T2 | | |------------+--------------+--------------------------------| | | Vulnerable; | | | 15.1XB | first fixed | Vulnerable; first fixed in | | | in Release | Release 15.1T | | | 15.1T | | |------------+--------------+--------------------------------| | Affected | First Fixed | First Fixed Release for All | | 15.2-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------------------------------------------------------| | There are no affected 15.2 based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- Cisco IOS XE Software is not affected by the vulnerabilities disclosed in this document. +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release For | Advisories in the September | | Release | This Advisory | 2011 Bundled Publication | |----------+----------------+--------------------------------| | 2.1.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 2.2.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 2.3.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 2.4.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 2.5.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 2.6.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 3.1.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 3.1.xSG | Not vulnerable | Vulnerable; migrate to 3.2.0SG | | | | or later | |----------+----------------+--------------------------------| | 3.2.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |----------+----------------+--------------------------------| | 3.3.xS | Not vulnerable | 3.3.2S | |----------+----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by the vulnerabilities disclosed in this document. Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== Workarounds that mitigate these vulnerabilities are not available. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were discovered while handling customer support calls. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-zbfw.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2wACgkQQXnnBKKRMNDczwD8CQbBRLSBdYML0id/QNwXTCO0 lKPvItw21VC8zN6eF1YA/3GNLczrQt1qm1NAFMnhNbQxWryUh7MiZLcVRQ+UA3HW =pHTr -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS IPS and Zone-Based Firewall Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46198 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46198 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46198/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46198/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46198 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-zbfw.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID CSCto68554. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCti79848 and CSCto68554. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities Advisory ID: cisco-sa-20110928-zbfw Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= Cisco IOS Software contains two vulnerabilities related to Cisco IOS Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall features. These vulnerabilities are: * Memory leak in Cisco IOS Software * Cisco IOS Software Denial of Service when processing specially crafted HTTP packets Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-zbfw.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. The two vulnerabilities are independent of each other. Details to confirm affected configurations are provided below. * Memory leak in Cisco IOS Software A device that is configured for either Cisco IOS IPS or Cisco IOS Zone-Based Firewall (or both), may experience a memory leak under high rates of new session creation flows through the device. To determine if a device is configured with Cisco IOS IPS, log into the device and issue the "show ip ips interfaces" CLI command. If the output shows an IPS rule either in the inbound or outbound direction set, then the device is vulnerable. This example, shows a device with an IPS rule set on Interface Gigabit Ethernet 0/0 in the inbound direction: Router#show ip ips interfaces Interface Configuration Interface GigabitEthernet0/0 Inbound IPS rule is example_ips_rule Outgoing IPS rule is not set Router# A device that is not configured for Cisco IOS IPS will return a blank line. The following example shows a device on which Cisco IOS IPS is not configured: Router#show ip ips interfaces Router# To determine whether a device is configured with Zone-Based Firewall, log into the device and issue the "show zone security" CLI command. If the output shows a member interface under a zone name, then the device is vulnerable. This example, shows a device with Zone-Based Firewall rules configured on both GigabitEthernet0/0 and GigabitEthernet0/1 Router#show zone security zone self Description: System defined zone zone inside Description: *** Inside Network *** Member Interfaces: GigabitEthernet0/0 zone outside Description: *** Outside Network *** Member Interfaces: GigabitEthernet0/1 Router# Note: The device is vulnerable if configured with Zone-Based Firewall, regardless of the type of packet inspection being performed. - HTTP Layer 7 Application Control and Inspection with match request arg regex parameter on the HTTP class map. This configuration is affected regardless if Cisco IOS IPS is enabled or not. The device is not vulnerable under other configurations. | Affected | | With or without Cisco IOS IPS enabled. | | |--------------------------------------------+-----------| | HTTP Layer 7 Application Control and | | | Inspection without match arg regex | Not | | parameter. With or without Cisco IOS IPS | Affected | | enabled. | | +--------------------------------------------------------+ The following example shows an affected device configured with HTTP Layer 7 Application Control and Inspection and Cisco IOS IPS enabled: ! ip ips name myips ! ip ips signature-category category all retired true category ios_ips basic retired false ! ! class-map type inspect match-any layer4-classmap match protocol http ! class-map type inspect http match-any layer7-classmap match request arg length gt 15 ! ! policy-map type inspect http layer7-policymap class type inspect http layer7-classmap reset log policy-map type inspect layer4-policymap class type inspect layer4-classmap inspect service-policy http layer7-policymap class class-default drop ! zone security inside description ** Inside Network ** zone security outside description ** Outside Network ** zone-pair security in2out source inside destination outside description ** Zone Pair - inside to outside ** service-policy type inspect layer4-policymap ! ! interface GigabitEthernet0/0 ip address 192.168.0.6 255.255.255.0 ip ips myips in zone-member security inside ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 zone-member security outside ! The following example shows an affected device configured with HTTP Layer 7 Application Control and Inspection with the match request arg regex parameter on the HTTP class map: ! parameter-map type regex example pattern [^\x00-\x80] ! class-map type inspect match-any layer4-classmap match protocol http ! class-map type inspect http match-any layer7-classmap match request arg regex example ! ! policy-map type inspect http layer7-policymap class type inspect http layer7-classmap reset log policy-map type inspect layer4-policymap class type inspect layer4-classmap inspect service-policy http layer7-policymap class class-default drop ! zone security inside description ** Inside Network ** zone security outside description ** Outside Network ** zone-pair security in2out source inside destination outside description ** Zone Pair - inside to outside ** service-policy type inspect layer4-policymap ! interface GigabitEthernet0/0 ip address 192.168.0.6 255.255.255.0 zone-member security inside ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 zone-member security outside ! To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide at http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Products Confirmed Not Vulnerable +-------------------------------- The following products are confirmed not vulnerable: * Cisco PIX 500 Series Firewall * Cisco ASA 5500 Series Adaptive Security Appliance * Firewall Services Module (FWSM) for Catalyst 6500 Series Switches and 7600 Series Routers * Virtual Firewall (VFW) application on the multiservice blade (MSB) on the Cisco XR 12000 Series Router * Cisco ACE Application Control Engine Module * Cisco IOS devices configured with legacy Cisco IOS Firewall Support * Cisco IOS XR Software * Cisco IOS XE Software * Cisco IPS Appliances * Cisco Catalyst 6500 Series ASA Services Module * Content Based Access Control (CBAC) No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Firewalls are networking devices that control access to the network assets of an organization. Firewalls are often positioned at the entrance points of networks. Cisco IOS Software provides a set of security features that allow the configuration of a simple or elaborate firewall policy according to particular requirements. Cisco IOS IPS is an inline, deep-packet inspection feature that effectively mitigates a wide range of network attacks. * Memory leak in Cisco IOS Software Devices with affected configurations may observe a memory leak under high rates of new session creation flows through the device. Logs may indicate a message similar to " *CCE: CCE 7 tuple table entry to add not malloced." or "CCE: CCE 7 tuple table adding data to invalid hash entry." when the device experiences this memory leak. The output of show processes memory sorted will show an increasing amount of memory being held in the "Chunk Manager" process in the "Holding" column. The following example shows the output of the "show processes memory sorted" CLI command: Router#show processes memory sorted Processor Pool Total: 930768768 Used: 90497932 Free: 840270836 I/O Pool Total: 12582912 Used: 6138704 Free: 6444208 PID TTY Allocated Freed Holding Getbufs Retbufs Process 1 0 130499156 72333476 58304964 0 0 Chunk Manager For this particular vulnerability applying Zone-Based Policy Firewall denial of service protection does not protect against the memory leak due to Cisco bug ID CSCtq28732. This vulnerability is documented in Cisco bug ID CSCti79848 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3273. If the device supports and is configured with scheduler isr-watchdog then the device will reset and reload if the vulnerability is exploited, rather than just hang. For more information on the "scheduler isr-watchdog" command consult the Cisco IOS Configuration Fundamentals Command Reference at the following link: http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_r1.html#wp1079401 This vulnerability is documented in Cisco bug ID CSCto68554 and has been assigned CVE ID CVE-2011-3281. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCti79848 ("Memory leak in Cisco IOS Software when device is configured with either Cisco IOS IPS or ZBFW") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCto68554 ("Cisco IOS Software Denial of Service when processing specially crafted HTTP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities may result in: * Memory leak in Cisco IOS Software The device may run out of memory resulting in instability or the device crashing. If the device hangs, it will have to be power cycled to recover. If the device supports and is configured with scheduler isr-watchdog then the device will reset and reload if the vulnerability is exploited. For more information on the "scheduler isr-watchdog" command consult the Cisco IOS Configuration Fundamentals Command Reference at the following link: http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_r1.html#wp1079401 Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.0-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------------------------------------------------------| | There are no affected 12.0 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.1-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------+--------------+--------------------------------| | 12.1E | Not | 12.2(18)SXF17b | | | Vulnerable | | |------------+--------------+--------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.2-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------+--------------+--------------------------------| | 12.2 | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2B | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2BC | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2BW | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2BX | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SB | |------------+--------------+--------------------------------| | 12.2BY | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2BZ | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2CX | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2CY | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2CZ | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SB | |------------+--------------+--------------------------------| | 12.2DA | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2DD | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2DX | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2EU | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | Not | Releases up to and including | | 12.2EW | vulnerable | 12.2(20)EW4 are not | | | | vulnerable. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2EWA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2EX | Not | 12.2(55)EX3 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2EY | Not | 12.2(58)EY | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2EZ | Not | Vulnerable; migrate to any | | | vulnerable | release in 15.0SE | |------------+--------------+--------------------------------| | 12.2FX | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2FY | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2EX | |------------+--------------+--------------------------------| | 12.2FZ | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2IRA | Not | Vulnerable; migrate to any | | | vulnerable | release in 12.2IRG | |------------+--------------+--------------------------------| | 12.2IRB | Not | Vulnerable; migrate to any | | | vulnerable | release in 12.2IRG | |------------+--------------+--------------------------------| | 12.2IRC | Not | Vulnerable; migrate to any | | | vulnerable | release in 12.2IRG | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IRD | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IRE | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2IRF | Not | Vulnerable; migrate to any | | | vulnerable | release in 12.2IRG | |------------+--------------+--------------------------------| | 12.2IRG | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXB | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXC | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXD | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXE | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXF | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXG | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2IXH | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2JA | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2JK | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2MB | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2MC | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2MRA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SRD | |------------+--------------+--------------------------------| | 12.2MRB | Not | 12.2(33)MRB5 | | | vulnerable | | |------------+--------------+--------------------------------| | | | Releases prior to 12.2(30)S | | | Not | are vulnerable; Releases 12.2 | | 12.2S | vulnerable | (30)S and later are not | | | | vulnerable. First fixed in | | | | Release 12.2SB | |------------+--------------+--------------------------------| | | Not | 12.2(31)SB20 | | 12.2SB | vulnerable | | | | | 12.2(33)SB10 | |------------+--------------+--------------------------------| | 12.2SBC | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SB | |------------+--------------+--------------------------------| | 12.2SCA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SCC | |------------+--------------+--------------------------------| | 12.2SCB | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SCC | |------------+--------------+--------------------------------| | 12.2SCC | Not | 12.2(33)SCC7 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SCD | Not | 12.2(33)SCD6 | | | vulnerable | | |------------+--------------+--------------------------------| | | Not | 12.2(33)SCE1 | | 12.2SCE | vulnerable | | | | | 12.2(33)SCE2 | |------------+--------------+--------------------------------| | 12.2SCF | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | Not | 12.2(55)SE3 | | 12.2SE | vulnerable | | | | | 12.2(58)SE | |------------+--------------+--------------------------------| | 12.2SEA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2SEB | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2SEC | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2SED | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2SEE | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | 12.2SEF | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SE | |------------+--------------+--------------------------------| | | | Releases prior to 12.2(25)SEG4 | | | Not | are vulnerable; Releases 12.2 | | 12.2SEG | vulnerable | (25)SEG4 and later are not | | | | vulnerable. First fixed in | | | | Release 12.2EX | |------------+--------------+--------------------------------| | | | Releases prior to 12.2(53)SG4 | | 12.2SG | Not | are vulnerable; Releases 12.2 | | | vulnerable | (53)SG4 and later are not | | | | vulnerable. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2SGA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2SL | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2SM | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2SO | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SQ | Not | 12.2(50)SQ3 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SRA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SRD | |------------+--------------+--------------------------------| | 12.2SRB | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SRD | |------------+--------------+--------------------------------| | 12.2SRC | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SRD | |------------+--------------+--------------------------------| | 12.2SRD | Not | 12.2(33)SRD6 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SRE | Not | 12.2(33)SRE4 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2STE | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SU | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | | | Releases prior to 12.2(29a)SV | | | Not | are vulnerable; Releases 12.2 | | 12.2SV | vulnerable | (29a)SV and later are not | | | | vulnerable. Migrate to any | | | | release in 12.2SVD | |------------+--------------+--------------------------------| | 12.2SVA | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SVC | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SVD | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SVE | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2SW | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2SX | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | 12.2SXA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | 12.2SXB | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | 12.2SXD | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | 12.2SXE | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | 12.2SXF | Not | 12.2(18)SXF17b | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SXH | Not | 12.2(33)SXH8a | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SXI | Not | 12.2(33)SXI6 | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SXJ | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SY | Not | 12.2(50)SY | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2SZ | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SB | |------------+--------------+--------------------------------| | 12.2T | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2TPC | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2XA | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XB | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2XC | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XD | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XE | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XF | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XG | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XH | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XI | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XJ | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XK | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XL | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XM | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XN | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XNA | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XNB | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XNC | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XND | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XNE | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | See Cisco | | | 12.2XNF | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | | Releases prior to 12.2(54)XO | | 12.2XO | Not | are vulnerable; Releases 12.2 | | | vulnerable | (54)XO and later are not | | | | vulnerable. | |------------+--------------+--------------------------------| | 12.2XQ | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XR | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XS | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XT | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XU | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XV | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2XW | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2YA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2YB | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2YC | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2YD | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2YE | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YF | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YG | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YH | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YJ | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2YK | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YL | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2YM | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YN | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2YO | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2YP | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YQ | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YR | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YS | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YT | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YU | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YV | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YW | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YX | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YY | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2YZ | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2ZA | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXF | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2ZB | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2ZC | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2ZD | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2ZE | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2ZF | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2ZG | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2ZH | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.4 | |------------+--------------+--------------------------------| | 12.2ZJ | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2ZL | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 12.2ZP | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | 12.2ZU | Not | Vulnerable; first fixed in | | | vulnerable | Release 12.2SXH | |------------+--------------+--------------------------------| | 12.2ZX | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2ZY | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 12.2ZYA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.3-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------------------------------------------------------| | There are no affected 12.3 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.4-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------------------------------------------------------| | There are no affected 12.4 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 15.0-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------+--------------+--------------------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 15.0MR | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 15.0MRA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | See Cisco | | | 15.0S | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 15.0SA | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | 15.0SE | Not | Not vulnerable | | | vulnerable | | |------------+--------------+--------------------------------| | | See Cisco | | | 15.0SG | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | Vulnerable; | | | 15.0XA | first fixed | Vulnerable; first fixed in | | | in Release | Release 15.1T | | | 15.1T | | |------------+--------------+--------------------------------| | | See Cisco | | | 15.0XO | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | Affected | First Fixed | First Fixed Release for All | | 15.1-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 15.1EY | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | Vulnerable; | | | 15.1GC | first fixed | Vulnerable; first fixed in | | | in Release | Release 15.1T | | | 15.1T | | |------------+--------------+--------------------------------| | 15.1M | 15.1(4)M1 | 15.1(4)M2; Available on | | | | 30-SEP-11 | |------------+--------------+--------------------------------| | | | Vulnerable; contact your | | | Not | support organization per the | | 15.1MR | vulnerable | instructions in the Obtaining | | | | Fixed Software section of this | | | | advisory. | |------------+--------------+--------------------------------| | | See Cisco | | | 15.1S | IOS-XE | See Cisco IOS-XE Software | | | Software | Availability | | | Availability | | |------------+--------------+--------------------------------| | | 15.1(1)T4; | | | | Available on | | | | 08-Dec-2011 | 15.1(2)T4 | | 15.1T | | | | | 15.1(2)T4 | 15.1(1)T4 on 8-Dec-2011 | | | | | | | 15.1(3)T2 | | |------------+--------------+--------------------------------| | | Vulnerable; | | | 15.1XB | first fixed | Vulnerable; first fixed in | | | in Release | Release 15.1T | | | 15.1T | | |------------+--------------+--------------------------------| | Affected | First Fixed | First Fixed Release for All | | 15.2-Based | Release for | Advisories in the September | | Releases | This | 2011 Bundled Publication | | | Advisory | | |------------------------------------------------------------| | There are no affected 15.2 based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- Cisco IOS XE Software is not affected by the vulnerabilities disclosed in this document. +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release For | Advisories in the September | | Release | This Advisory | 2011 Bundled Publication | |----------+----------------+--------------------------------| | 2.1.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 2.2.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 2.3.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 2.4.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 2.5.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 2.6.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 3.1.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 3.1.xSG | Not vulnerable | Vulnerable; migrate to 3.2.0SG | | | | or later | |----------+----------------+--------------------------------| | 3.2.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |----------+----------------+--------------------------------| | 3.3.xS | Not vulnerable | 3.3.2S | |----------+----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by the vulnerabilities disclosed in this document. Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== Workarounds that mitigate these vulnerabilities are not available. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were discovered while handling customer support calls. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-zbfw.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2wACgkQQXnnBKKRMNDczwD8CQbBRLSBdYML0id/QNwXTCO0 lKPvItw21VC8zN6eF1YA/3GNLczrQt1qm1NAFMnhNbQxWryUh7MiZLcVRQ+UA3HW =pHTr -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS IPS and Zone-Based Firewall Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46198 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46198 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46198/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46198/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46198 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-zbfw.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564. This problem is Bug ID CSCtq89842 and CSCtq88547 It's a problem. Cisco Unified Presence and Jabber XCP are prone to a denial-of-service vulnerability. Successful exploits will allow attackers to crash the affected server, denying service to legitimate users. This issue is being tracked by the following Cisco Bug IDs: CSCtq78106 CSCtq89842 CSCtq88547. Malicious users can exploit this vulnerability to cause DoS (Denial of Service). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability Advisory ID: cisco-sa-20110928-xcpcupsxml Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= A denial of service (DoS) vulnerability exists in Jabber Extensible Communications Platform (Jabber XCP) and Cisco Unified Presence. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious XML to an affected server. Repeated exploitation could result in a sustained DoS condition. There are no workarounds available to mitigate exploitation of this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-xcpcupsxml.shtml. JabberNow appliances are also affected if they are running a vulnerable version of Jabber XCP software. Jabber XCP and JabberNow Appliances +---------------------------------- The following Jabber XCP software versions are affected by the vulnerability in this advisory: +------------------------------------------------------------+ | Versions | Builds | |------------------+-----------------------------------------| | 2.X | All builds | |------------------+-----------------------------------------| | 3.X | All builds | |------------------+-----------------------------------------| | 4.X | All builds | |------------------+-----------------------------------------| | 5.0 | All builds | |------------------+-----------------------------------------| | 5.1 | All builds | |------------------+-----------------------------------------| | 5.2 | All builds | |------------------+-----------------------------------------| | 5.4 | Prior to 5.4.0.27581 | |------------------+-----------------------------------------| | 5.8 | Prior to 5.8.1.27561 | +------------------------------------------------------------+ Note: JabberNow appliances that are running these software versions are also affected by the vulnerability in this advisory. Determining Cisco Unified Presence Software Versions +--------------------------------------------------- To determine the running version of Cisco Unified Presence software, issue the "show version active" command from the command line interface. The following example shows Cisco Unified Presence software version 8.6.0: admin: show version active Active Master Version: 8.6.0.97041-43 Determining Jabber XCP Software Versions +--------------------------------------- To determine the running version of Jabber XCP software, find the "JABBER_VERSION" in the [JABBER_HOME]/var/cache/xcp_vars.sh file. The following example shows Jabber XCP software version 5.8.1.17421: JABBER_VERSION=5.8.1.17421 Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by this vulnerability. Details ======= Jabber XCP and Cisco Unified Presence provide an open and extensible platform that facilitates the secure exchange of availability and instant messaging (IM) information. This attack is also known as an XML Bomb referring to an XML document that is valid according to the rules of an XML schema yet results in the hanging or crash of the parser or underlying server. The attack is often referred to as the Billion Laughs Attack because many proof of concept examples caused XML parsers to expand the string lol or ha up to a billion times or until server resources were exhausted. The attack combines certain properties of XML to create valid but malicious XML using an extreme level of nested substitutions. When an XML parser attempts to expand all the nested entities it quickly exhausts all server resources. The attack affects both client-to-server connections as well as server-to-server (federation) links. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtq78106 ("XCP Vulnerable to XML Entity Expansion Attack") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtq89842 ("CUP Server PE Vulnerable to XML Entity Expansion Attack") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtq88547 ("CUP Server Client Profile Agent Vulnerable to XML Entity Expansion Attack") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of this vulnerability could cause elevated memory and CPU utilization, resulting in memory exhaustion and process crashes. Repeated exploitation could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +------------------------------------------------------------+ | Cisco Unified Presence Software | First Fixed | | Version | Release | |---------------------------------------+--------------------| | All versions prior to 8.5(4) | Upgrade to 8.5(4) | +------------------------------------------------------------+ +------------------------------------------------------------+ | Jabber XCP | | | Software | | | Version, | First Fixed Release | | Including | | | JabberNow | | | Appliances | | |------------------+-----------------------------------------| | | These versions are vulnerable but are | | | End of Life. No fixed software will be | | Versions prior | made available. Cisco highly recommends | | to 4.X | that customers using one of these | | | versions migrate to a supported | | | version. | |------------------+-----------------------------------------| | Versions 4.X - | Migrate to 5.4.0.27581, 5.8.1.27561, or | | 5.2 | higher | |------------------+-----------------------------------------| | Version 5.4 | Upgrade to 5.4.0.27581, 5.8.1.27561, or | | | higher | |------------------+-----------------------------------------| | Version 5.8 | Upgrade to 5.8.1.27561 or higher | +------------------------------------------------------------+ Workarounds =========== There are no available workarounds to mitigate this vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== XML entity expansion attacks are well known, but Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability against the Cisco products in this advisory. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-xcpcupsxml.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2sACgkQQXnnBKKRMNBL5AD/U+9K5lhXNsuQ8VwDsJ8JcUL1 W9OUjYEUtuGBytfhimEA/2wOZIkhVHkXO9QHazNI93kZY4mDumxfxTyA3pqDex98 =SUS0 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco Unified Presence Nested XML Entities Denial of Service SECUNIA ADVISORY ID: SA46233 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46233/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46233 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46233/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46233/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46233 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Unified Presence, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain XML requests, which can be exploited to e.g. SOLUTION: Update to version 8.5(4). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-xcpcupsxml.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities that affect the SIP implementation. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCth03022 and CSCti48504. Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet interconnection. The data flow interaction function DLSw can realize the transmission of IBM SNA and network BIOS traffic on the IP network. ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS SIP Packet Processing Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46197 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46197/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46197 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46197/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46197/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46197 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An unspecified error when processing certain Session Initiation Protocol (SIP) packets can be exploited to reload a device. 2) A memory leak error when processing certain Session Initiation Protocol (SIP) packets can be exploited to reload a device. 3) A memory leak error can be exploited to disrupt voice services. For more information: SA46226 Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities Advisory ID: cisco-sa-20110928-sip Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Cisco Unified Communications Manager (CUCM) is affected by one of the vulnerabilities described in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerability that affects the Cisco Unified Communications Manager at the following location: http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml Vulnerable Products +------------------ Cisco devices are affected when they are running affected Cisco IOS Software and Cisco IOS XE Software versions that are configured to process SIP messages. Creating a dial peer by issuing the "dial-peer voice" configuration command will start the SIP processes, causing the Cisco IOS device to process SIP messages. In addition, several features in Cisco Unified Communications Manager Express, such as ephones, will automatically start the SIP process when they are configured, which could cause the affected device to start processing SIP messages. An example of an affected configuration follows: dial-peer voice <Voice dial-peer tag> voip ... ! In addition to inspecting the Cisco IOS device configuration for a "dial-peer" command that causes the device to process SIP messages, administrators can also use the "show processes | include SIP" command to determine whether Cisco IOS Software is running the processes that handle SIP messages. In the following example, the presence of the processes CCSIP_UDP_SOCKET or CCSIP_TCP_SOCKET indicates that the Cisco IOS device will process SIP messages: Router# show processes | include SIP 149 Mwe 40F48254 4 1 400023108/24000 0 CCSIP_UDP_SOCKET 150 Mwe 40F48034 4 1 400023388/24000 0 CCSIP_TCP_SOCKET Note: Because there are several ways a device running Cisco IOS Software can start processing SIP messages, the "show processes | include SIP" command should be used to determine whether the device is processing SIP messages instead of relying on the presence of specific configuration commands. Cisco Unified Border Element images are also affected by two of these vulnerabilities. Note: The Cisco Unified Border Element feature (previously known as the Cisco Multiservice IP-to-IP Gateway) is a special Cisco IOS Software image that runs on Cisco multiservice gateway platforms. This feature provides a network-to-network interface point for billing, security, call admission control, quality of service, and signaling interworking. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Note: Cisco Unified Communications Manager is affected by one of the vulnerabilities described in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerability that affects the Cisco Unified Communications Manager at the following location: http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml Products Confirmed Not Vulnerable +-------------------------------- The SIP application layer gateway (ALG), which is used by the Cisco IOS Network Address Translation (NAT) and firewall features of Cisco IOS Software, is not affected by these vulnerabilities. Cisco IOS XR Software is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= SIP is a popular signaling protocol that is used to manage voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol has the flexibility to accommodate other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP port 5061) as the underlying transport protocol. Only traffic destined to the device can trigger the vulnerabilities; transit SIP traffic is not an exploit vector. Note: In cases where SIP is running over TCP transport, a TCP three-way handshake is necessary to exploit these vulnerabilities. This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0939. CSCti48504 may cause memory leaks. This vulnerability has been assigned CVE ID CVE-2011-3275. CSCto88686 may cause memory leaks or reloads of affected devices. This vulnerability has been assigned CVE ID CVE-2011-2072. Note: this vulnerability also affects Cisco Unified Communications Manager. Refer to the separate Cisco Security Advisory for the Cisco Unified Communications Manager for additional details. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss Note that all vulnerabilities in this advisory (CSCth03022, CSCti48504, and CSCto88686) have been scored in an identical manner, assuming a complete denial of service (DoS) condition. * CSCth03022, CSCti48504, CSCto88686 CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities in this advisory may result in system instabilities or a reload of an affected device. Repeated exploitation could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0 based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.1E | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2B | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BC | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2BX | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2CZ | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Releases up to and | | 12.2EW | Not vulnerable | including 12.2(20)EW4 | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2EWA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | Not vulnerable | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | 12.2EY | Not vulnerable | 12.2(58)EY | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2EZ | Not vulnerable | to any release in | | | | 15.0SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2FX | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2FY | Not vulnerable | fixed in Release | | | | 12.2EX | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2FZ | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRA | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRB | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRC | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRF | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXB | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXC | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXE | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXF | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXH | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2MRA | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | Not vulnerable | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(30)S are | | | | vulnerable; Releases | | 12.2S | Not vulnerable | 12.2(30)S and later | | | | are not vulnerable. | | | | First fixed in | | | | Release 12.2SB | |------------+-----------------------+-----------------------| | 12.2SB | Not vulnerable | 12.2(31)SB2012.2(33) | | | | SB10 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SBC | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SCA | Not vulnerable | fixed in Release | | | | 12.2SCC | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SCB | Not vulnerable | fixed in Release | | | | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | Not vulnerable | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | 12.2SCD | Not vulnerable | 12.2(33)SCD6 | |------------+-----------------------+-----------------------| | 12.2SCE | Not vulnerable | 12.2(33)SCE112.2(33) | | | | SCE2 | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SE | Not vulnerable | 12.2(55)SE312.2(58)SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEA | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEB | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEC | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SED | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEE | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEF | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(25)SEG4 are | | | | vulnerable; Releases | | 12.2SEG | Not vulnerable | 12.2(25)SEG4 and | | | | later are not | | | | vulnerable. First | | | | fixed in Release | | | | 12.2EX | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(53)SG4 are | | 12.2SG | Not vulnerable | vulnerable; Releases | | | | 12.2(53)SG4 and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SGA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SM | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | Not vulnerable | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SRA | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SRB | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SRC | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | Not vulnerable | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | Not vulnerable | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(29a)SV are | | | | vulnerable; Releases | | 12.2SV | Not vulnerable | 12.2(29a)SV and later | | | | are not vulnerable. | | | | Migrate to any | | | | release in 12.2SVD | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SW | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SX | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXA | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXB | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXD | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXE | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | Not vulnerable | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | 12.2SXH | Not vulnerable | 12.2(33)SXH8a | |------------+-----------------------+-----------------------| | 12.2SXI | Not vulnerable | 12.2(33)SXI6 | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | Not vulnerable | 12.2(50)SY | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SZ | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2TPC | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XNA | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNB | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNC | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XND | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNE | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNF | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(54)XO are | | 12.2XO | Not vulnerable | vulnerable; Releases | | | | 12.2(54)XO and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YA | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YF | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YH | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YJ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YL | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YN | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YQ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YS | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YT | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YU | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YV | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YW | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YX | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YZ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2ZA | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZB | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZH | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZL | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2ZU | Not vulnerable | fixed in Release | | | | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZYA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.3 based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.4 | Not vulnerable | 12.4(25f) | |------------+-----------------------+-----------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+-----------------------+-----------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | | | to any release in | | | | 12.4JA | | 12.4JX | Not vulnerable | | | | | Releases up to and | | | | including 12.4(21a)JX | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4MD | Not vulnerable | 12.4(24)MD6 on | | | | 28-Oct-2011 | |------------+-----------------------+-----------------------| | 12.4MDA | Not vulnerable | 12.4(24)MDA7 | |------------+-----------------------+-----------------------| | 12.4MDB | Not vulnerable | 12.4(24)MDB3 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Releases up to and | organization per the | | 12.4MR | including 12.4(6)MR1 | instructions in the | | | are not vulnerable. | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MRA | instructions in | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4MRB | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.4(24)T6 | 12.4(24)T6 | | 12.4T | | | | | 12.4(15)T16 | 12.4(15)T16 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XA | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | 12.4XB | Not vulnerable | 12.4(2)XB12 | |------------+-----------------------+-----------------------| | | Vulnerable; First | | | 12.4XC | Fixed in Release | Not vulnerable | | | 12.4T | | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XD | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | Not vulnerable | | | | | | | 12.4XE | Vulnerable; First | Not vulnerable | | | Fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XF | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | Releases up to and | | | | including 12.4(9)XG1 | | | | are not vulnerable. | | | | | Vulnerable; First | | 12.4XG | Releases 12.4(9)XG3 | fixed in Release | | | and later are not | 12.4T | | | vulnerable. First | | | | fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | | Not vulnerable | | | | | | | 12.4XJ | Vulnerable; First | Not vulnerable | | | Fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Releases up to and | | | | including 12.4(15)XM | | | | are not vulnerable. | | | | | Vulnerable; First | | 12.4XM | Releases 12.4(15)XM3 | fixed in Release | | | and later are not | 12.4T | | | vulnerable. First | | | | fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4XN | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4XP | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XQ | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XR | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XT | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4XW | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4XY | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4XZ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4YA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YB | instructions in | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4YD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; fixed in | | | | 12.4(22)YE6 on | | 12.4YE | Not vulnerable | 30-Sept-2011; 12.4 | | | | (24)YE7 available on | | | | 17-Oct-2011 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4YG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0MRA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Not vulnerable | 15.0(1)S4 | | | | | | 15.0S | Cisco IOS XE devices: | Cisco IOS XE devices: | | | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0SA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0SG | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0XO | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 15.1GC | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | 15.1(4)M1 | 15.1(4)M2; Available | | | | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | 15.1(2)S2 | | | Not vulnerable | | | | | 15.1(3)S | | 15.1S | Cisco IOS XE devices: | | | | See Cisco IOS-XE | Cisco IOS XE devices: | | | Software Availability | See Cisco IOS-XE | | | | Software Availability | |------------+-----------------------+-----------------------| | | 15.1(2)T4 | 15.1(2)T4 15.1(1)T4 | | 15.1T | | on 8-Dec-2011 | | | 15.1(3)T2 | | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 15.1XB | 15.1(4)XB5 | fixed in Release | | | | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2 based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +------------------------------------------------------------+ | Cisco | First | First Fixed Release for All | | IOS XE | Fixed | Advisories in the September 2011 | | Release | Release | Bundled Publication | |----------+------------+------------------------------------| | 2.1.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.2.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.3.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.4.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.5.x | 3.1.3S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 2.6.x | 3.1.3S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.1.xS | 3.1.3S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.1.xSG | Not | Vulnerable; migrate to 3.2.0SG or | | | vulnerable | later | |----------+------------+------------------------------------| | 3.2.xS | 3.2.1S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.2.xSG | Not | Not vulnerable | | | vulnerable | | |----------+------------+------------------------------------| | 3.3.xS | Not | 3.3.2S | | | Vulnerable | | |----------+------------+------------------------------------| | 3.4.xS | Not | Not Vulnerable | | | Vulnerable | | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR System Software +--------------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== If the affected Cisco IOS device requires SIP for VoIP services, SIP cannot be disabled and no workarounds are available. Users are advised to apply mitigation techniques to help limit exposure to the vulnerabilities. Mitigation consists of allowing only legitimate devices to connect to affected devices. To increase effectiveness, the mitigation must be coupled with measures against spoofing on the network edge. This action is required because SIP can use UDP as the transport protocol. Additional mitigations that can be deployed on Cisco devices within the network are available in the companion document "Cisco Applied Mitigation Bulletin:Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products" at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20110928-voice.shtml. Disabling SIP Listening Ports +---------------------------- For devices that do not require SIP to be enabled, the simplest and most effective workaround is to disable SIP processing on the device. Some versions of Cisco IOS Software allow administrators to disable SIP with the following commands: sip-ua no transport udp no transport tcp no transport tcp tls Warning: When applying this workaround to devices that are processing Media Gateway Control Protocol (MGCP) or H.323 calls, the device will not stop SIP processing while active calls are being processed. Under these circumstances, this workaround should be implemented during a maintenance window when active calls can be briefly stopped. The "show udp connections", "show tcp brief all", and "show processes | include SIP" commands can be used to confirm that the SIP UDP and TCP ports are closed after applying this workaround. Depending on the Cisco IOS Software version in use, when SIP is disabled, the output from the "show ip sockets" command may still show the SIP ports open, but sending traffic to them will cause the SIP process to display the following message: *Jun 2 11:36:47.691: sip_udp_sock_process_read: SIP UDP Listener is DISABLED Control Plane Policing +--------------------- For devices that need to offer SIP services, it is possible to use Control Plane Policing (CoPP) to block SIP traffic to the device from untrusted sources. Cisco IOS Releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP may be configured on a device to protect the management and control planes to minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic sent to infrastructure devices in accordance with existing security policies and configurations. The following example can be adapted to specific network configurations: !-- The 192.168.1.0/24 network and the 172.16.1.1 host are trusted. !-- Everything else is not trusted. The following access list is used !-- to determine what traffic needs to be dropped by a control plane !-- policy (the CoPP feature): if the access list matches (permit) !-- then traffic will be dropped and if the access list does not !-- match (deny) then traffic will be processed by the router. access-list 100 deny udp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5061 access-list 100 deny udp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5061 access-list 100 permit udp any any eq 5060 access-list 100 permit tcp any any eq 5060 access-list 100 permit tcp any any eq 5061 !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4 !-- traffic in accordance with existing security policies and !-- configurations for traffic that is authorized to be sent !-- to infrastructure devices. !-- Create a Class-Map for traffic to be policed by !-- the CoPP feature. class-map match-all drop-sip-class match access-group 100 !-- Create a Policy-Map that will be applied to the !-- Control-Plane of the device. policy-map control-plane-policy class drop-sip-class drop !-- Apply the Policy-Map to the Control-Plane of the !-- device. control-plane service-policy input control-plane-policy Note: Because SIP can use UDP as a transport protocol, it is possible to spoof the source address of an IP packet, which may bypass access control lists that permit communication to these ports from trusted IP addresses. In the preceding CoPP example, the access control entries (ACEs) that match the potential exploit packets with the permit action cause these packets to be discarded by the policy-map drop function, whereas packets that match the deny action (not shown) are not affected by the policy-map drop function. Additional information on the configuration and use of the CoPP feature can be found at http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html and http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were discovered by Cisco during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2gACgkQQXnnBKKRMNDX3gD/UeN/lhANnUYaPYTJesK+CgTF Hnpss1asMqYlNes4DlgA/idrlbSx8cbkiX0rrhhHEkTNFRcVmvxA3gJhKq9s9GsO =XFrW -----END PGP SIGNATURE-----

Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka Bug ID CSCth11006. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs: CSCtd10712 CSCso02147 CSCti98219 CSCti48483 CSCtj04672 CSCth11006. For more information: SA46179 The vulnerabilities are reported in version 3.1.xSG. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20110928-nat Revision 1.0 For Public Release 2011 Sep 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols: * NetMeeting Directory (Lightweight Directory Access Protocol, LDAP) * Session Initiation Protocol (Multiple vulnerabilities) * H.323 protocol All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= Vulnerable Products +------------------ Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for NAT and contain support for one or more of the following features: * NetMeeting Directory NAT (LDAP on TCP port 389) * NAT for Session Initiation Protocol (SIP) * NAT for H.323 The preferred method to verify whether NAT is enabled on a Cisco IOS device is to log in to the device and issue the "show ip nat statistics" command. If NAT is active the sections Outside interfaces and Inside interfaces will each include at least one interface. The following example shows a device on which the NAT feature is active: Router#show ip nat statistics Total translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: Serial0 Inside interfaces: Ethernet1 Hits: 135 Misses: 5 Expired translations: 2 Dynamic mappings: -- Inside Source access-list 1 pool mypool refcount 2 pool mypool: netmask 255.255.255.0 start 192.168.10.1 end 192.168.10.254 type generic, total addresses 14, allocated 2 (14%), misses 0 Depending on the Cisco IOS Software release, the interface lists can be in the lines following the Outside interfaces and Inside interfaces lines. In releases that support the section filter on show commands, the administrator can determine whether NAT is active by using the "show ip nat statistics | section interfaces" command: Router> show ip nat statistics | section interfaces Outside interfaces: GigabitEthernet0/0 Inside interfaces: GigabitEthernet0/1 Router> Alternatively, to determine whether NAT has been enabled in the Cisco IOS Software configuration, either the "ip nat inside" and "ip nat outside" commands must be present in different interfaces or, in the case of the NAT Virtual Interface, the "ip nat enable" interface command will be present. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= NAT for NetMeeting Directory (LDAP) Vulnerability +------------------------------------------------ LDAP is a protocol for querying and modifying data of directory services implemented in IP networks. NAT for NetMeeting Directory, also known as the Internet Locator Service (ILS), translates LDAP packets on TCP port 389. The inspected port is not configurable. This vulnerability is triggered by malformed transit LDAP traffic that needs to be processed by the NAT for NetMeeting Directory feature. This vulnerability is documented in Cisco bug ID CSCtd10712 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0946. Translation of SIP over TCP packets will be disabled by default with the fix for this vulnerability. This vulnerability is documented in Cisco bug ID CSCso02147 and has been assigned Common Vulnerabilities and Exposures CVE-2011-3276. Provider edge Multiprotocol Label Switching (MPLS) NAT of SIP over UDP packets DoS vulnerability: A malformed SIP packet on UDP 5060 that transits an MPLS enabled vulnerable device that needs an MPLS tag to be imposed on the malformed packet might reload the device. They have been assigned CVE IDs CVE-2011-3278 and CVE-2011-3280. This vulnerability is documented in Cisco bug ID CSCth11006 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3277. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtd10712 ("NAT LDAP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCso02147 ("NAT of SIP over TCP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti98219 ("Provider-Edge MPLS NAT of SIP over UDP packets Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti48483/CSCtj04672 ("NAT of crafted SIP packets vulnerabilities") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCth11006 ("NAT of H.323 Packets DoS Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities can cause the device to reload or become unresponsive. For the NAT of UDP over SIP vulnerability that corresponds to Cisco bug CSCtj04672, it is also possible that exploitation can cause a memory leak. Repeated exploitation of the memory leak vulnerability can lead to a DoS condition in which the device reloads or becomes unresponsive. Reloading may occur automatically, or the device may require manual intervention to reload. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.1E | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2BX | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2CZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | | | | fixed in Release | | | | 12.2SG | Releases up to and | | 12.2EW | | including 12.2(20)EW4 | | | Releases up to and | are not vulnerable. | | | including 12.2(20)EW4 | | | | are not vulnerable. | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2EWA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | 12.2(55)EX | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | | 12.2(52)EY | | | 12.2EY | | 12.2(58)EY | | | 12.2(52)EY1b | | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2EZ | to any release in | to any release in | | | 15.0SE | 15.0SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FX | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FY | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FZ | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRA | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRB | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRC | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | 12.2(33)IRD1 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | 12.2(33)IRE3 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRF | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXE | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2MRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | 12.2(33)MRB5 | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(30)S are | 12.2(30)S are | | | vulnerable; Releases | vulnerable; Releases | | 12.2S | 12.2(30)S and later | 12.2(30)S and later | | | are not vulnerable. | are not vulnerable. | | | First fixed in | First fixed in | | | Release 12.2SB | Release 12.2SB | |------------+-----------------------+-----------------------| | | 12.2(31)SB20 | 12.2(31)SB2012.2(33) | | 12.2SB | | SB10 | | | 12.2(33)SB10 | | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SBC | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCA | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCB | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | 12.2(33)SCC7 | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | | 12.2(33)SCD6 | | | 12.2SCD | | 12.2(33)SCD6 | | | 12.2(33)SCD7 | | |------------+-----------------------+-----------------------| | 12.2SCE | 12.2(33)SCE1 | 12.2(33)SCE1 | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.2(55)SE2 | 12.2(55)SE3 | | 12.2SE | | | | | 12.2(58)SE | 12.2(58)SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEA | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEB | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEC | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SED | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEE | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEF | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(25)SEG4 are | 12.2(25)SEG4 are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SEG | 12.2(25)SEG4 and | 12.2(25)SEG4 and | | | later are not | later are not | | | vulnerable. First | vulnerable. First | | | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(53)SG4 are | | 12.2SG | 12.2(53)SG4 | vulnerable; Releases | | | | 12.2(53)SG4 and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2SGA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SM | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | 12.2(50)SQ3 | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRB | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRC | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | 12.2(33)SRD6 | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | 12.2(33)SRE3 | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(29b)SV1 are | 12.2(29a)SV are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SV | 12.2(29b)SV1 and | 12.2(29a)SV and later | | | later are not | are not vulnerable. | | | vulnerable. Migrate | Migrate to any | | | to any release in | release in 12.2SVD | | | 12.2SVD | | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SX | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXB | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXD | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXE | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | 12.2(18)SXF17b | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | | 12.2(33)SXH6 | | | 12.2SXH | | 12.2(33)SXH8a | | | 12.2(33)SXH8a | | |------------+-----------------------+-----------------------| | | 12.2(33)SXI2 | | | | | | | 12.2SXI | 12.2(33)SXI2a | 12.2(33)SXI6 | | | | | | | 12.2(33)SXI4a | | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | 12.2(50)SY | 12.2(50)SY | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNA | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNB | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNC | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XND | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNE | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNF | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Releases prior to | | | | 12.2(54)XO are | Releases prior to | | | vulnerable; Releases | 12.2(54)XO are | | 12.2XO | 12.2(54)XO and later | vulnerable; Releases | | | are not vulnerable. | 12.2(54)XO and later | | | First fixed in | are not vulnerable. | | | Release 12.2SG | | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YQ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YS | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YT | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YU | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YV | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YX | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZH | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZU | fixed in Release | fixed in Release | | | 12.2SXH | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZYA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.3 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3BC | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.3BW | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JED | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases up to and | Releases up to and | | | including 12.3(2)JK3 | including 12.3(2)JK3 | | | are not vulnerable. | are not vulnerable. | | 12.3JK | | Releases 12.3(8)JK1 | | | Releases 12.3(8)JK1 | and later are not | | | and later are not | vulnerable. First | | | vulnerable. First | fixed in Release 12.4 | | | fixed in Release 12.4 | | |------------+-----------------------+-----------------------| | 12.3JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3VA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XD | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XG | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XI | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XK | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XL | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3XQ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XR | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XS | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XU | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XZ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YJ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YS | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YU | fixed in Release | fixed in Release | | | 12.4XB | 12.4XB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YX | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3ZA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.4 | 12.4(25f) | 12.4(25f) | |------------+-----------------------+-----------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+-----------------------+-----------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | | to any release in | to any release in | | | 12.4JA | 12.4JA | | 12.4JX | | | | | Releases up to and | Releases up to and | | | including 12.4(21a)JX | including 12.4(21a)JX | | | are not vulnerable. | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4MD | 12.4(24)MD6 on | 12.4(24)MD6 on | | | 28-Oct-11 | 28-Oct-11 | |------------+-----------------------+-----------------------| | 12.4MDA | 12.4(24)MDA7 | 12.4(24)MDA7 | |------------+-----------------------+-----------------------| | 12.4MDB | 12.4(24)MDB3 | 12.4(24)MDB3 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4MRB | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.4(15)T16 | 12.4(15)T16 | | 12.4T | | | | | 12.4(24)T6 | 12.4(24)T6 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XB | 12.4(2)XB12 | 12.4(2)XB12 | |------------+-----------------------+-----------------------| | 12.4XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XD | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XF | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XG | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XM | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XP | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XR | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XW | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XY | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XZ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4YA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 12.4(22)YE6; | 12.4(22)YE6; | | | Available on | Available on | | | 30-SEP-11 | 30-SEP-11 | | 12.4YE | | | | | 12.4(24)YE7; | 12.4(24)YE7; | | | Available on | Available on | | | 17-OCT-11 | 17-OCT-11 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 15.0(1)S4 | 15.0(1)S4 | | | | | | 15.0S | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0SA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0SG | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0XO | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | 15.1(2)EY | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1GC | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | 15.1(4)M2; Available | 15.1(4)M2; Available | | | on 30-SEP-11 | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | 15.1(2)S2 | 15.1(2)S2 | | | | | | | 15.1(3)S | 15.1(3)S | | 15.1S | | | | | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | 15.1(1)T4; Available | 15.1(1)T4; Available | | | on 09-DEC-11 | on 09-DEC-11 | | 15.1T | | | | | 15.1(2)T4 | 15.1(2)T4 | | | | | | | 15.1(3)T2 | 15.1(3)T2 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1XB | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2-based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release | Advisories in the September | | Release | | 2011 Bundled Publication | |---------+-----------------+--------------------------------| | 2.1.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.2.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.3.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.4.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.5.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.6.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.1.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | | Vulnerable; | | | 3.1.xSG | migrate to | Vulnerable; migrate to 3.2.0SG | | | 3.2.0SG or | or later | | | later | | |---------+-----------------+--------------------------------| | 3.2.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |---------+-----------------+--------------------------------| | 3.3.xS | Not vulnerable | 3.3.2S | |---------+-----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== It is possible to mitigate the vulnerabilities in this advisory by disabling the translation of embedded IP addresses in the payload of IP packets. Disabling NAT for the different protocols requires different configurations. For some protocols, a single command can be used. Other protocols require individual NAT translation rules be added to the configuration. NAT LDAP Vulnerability Mitigation +--------------------------------- To disable NAT of LDAP, port-based address translation needs to be configured to disable LDAP inspection using the no-payload keyword. This will still allow the NAT of LDAP packets at Layer 3 (non-port specific). Translation of other non-LDAP protocols translation will not be affected. Applications that use embedded IP addresses in LDAP, such as NetMeeting Directory, will be negatively impacted if the embedded IP addresses need to be translated. The following is an example configuration that includes the mitigation for two NAT rules. !-- NAT rule for port TCP/389 to disable IP NAT for LDAP translation !-- Takes precedence over the non-port translation rule. ip nat outside source static tcp 192.168.0.1 389 192.168.1.1 389 no-payload ip nat outside source static tcp 192.168.0.3 389 192.168.1.3 389 no-payload !-- Translation rule for all other protocols ip nat outside source static 192.168.0.1 192.168.1.1 ip nat outside source static 192.168.0.3 192.168.1.3 interface GigabitEthernet0/0 ip nat inside interface GigabitEthernet0/1 ip nat outside Each NAT translation rule in the configuration will need to be updated to include a per-port rule that disables translation of TCP packets on port 389. NAT for SIP over TCP DoS Vulnerability Mitigation +------------------------------------------------ Mitigation for this vulnerability consists of disabling NAT for SIP over the TCP transport by using the "no ip nat service sip tcp port 5060" global configuration command. NAT of Crafted SIP over UDP Packets DoS Vulnerability Mitigation +--------------------------------------------------------------- Mitigation of these vulnerabilities consists of disabling NAT for SIP over the UDP transport by using the "no ip nat service sip udp port 5060" global configuration command. NAT for Crafted H.323 Packets DoS Vulnerability Mitigation +--------------------------------------------------------- Mitigation for this vulnerability consists of disabling NAT for H.323 and H.225.0 using the "no ip nat service h225" global configuration command. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The NAT LDAP vulnerability and the NAT of crafted SIP packets vulnerabilities were found during internal Cisco testing. The NAT SIP/TCP vulnerability, provider edge MPLS NAT of SIP over UDP packets vulnerability, and NAT of H.323 packets DoS vulnerabilities were found during troubleshooting of TAC service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-Sep-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2YACgkQQXnnBKKRMNAOugD/Qr4CA7ZO3CeTOcQnwg+oMx+c NjHD7/tFD6PNnBBJF1IA/jMWm3G+EDQeuwMQ0ijB1QvXEApsX4ZJFNJyMgiFtL5x =B/LS -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs: CSCtd10712 CSCso02147 CSCti98219 CSCti48483 CSCtj04672 CSCth11006. For more information: SA46179 The vulnerabilities are reported in version 3.1.xSG. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20110928-nat Revision 1.0 For Public Release 2011 Sep 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols: * NetMeeting Directory (Lightweight Directory Access Protocol, LDAP) * Session Initiation Protocol (Multiple vulnerabilities) * H.323 protocol All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= Vulnerable Products +------------------ Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for NAT and contain support for one or more of the following features: * NetMeeting Directory NAT (LDAP on TCP port 389) * NAT for Session Initiation Protocol (SIP) * NAT for H.323 The preferred method to verify whether NAT is enabled on a Cisco IOS device is to log in to the device and issue the "show ip nat statistics" command. If NAT is active the sections Outside interfaces and Inside interfaces will each include at least one interface. The following example shows a device on which the NAT feature is active: Router#show ip nat statistics Total translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: Serial0 Inside interfaces: Ethernet1 Hits: 135 Misses: 5 Expired translations: 2 Dynamic mappings: -- Inside Source access-list 1 pool mypool refcount 2 pool mypool: netmask 255.255.255.0 start 192.168.10.1 end 192.168.10.254 type generic, total addresses 14, allocated 2 (14%), misses 0 Depending on the Cisco IOS Software release, the interface lists can be in the lines following the Outside interfaces and Inside interfaces lines. In releases that support the section filter on show commands, the administrator can determine whether NAT is active by using the "show ip nat statistics | section interfaces" command: Router> show ip nat statistics | section interfaces Outside interfaces: GigabitEthernet0/0 Inside interfaces: GigabitEthernet0/1 Router> Alternatively, to determine whether NAT has been enabled in the Cisco IOS Software configuration, either the "ip nat inside" and "ip nat outside" commands must be present in different interfaces or, in the case of the NAT Virtual Interface, the "ip nat enable" interface command will be present. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= NAT for NetMeeting Directory (LDAP) Vulnerability +------------------------------------------------ LDAP is a protocol for querying and modifying data of directory services implemented in IP networks. NAT for NetMeeting Directory, also known as the Internet Locator Service (ILS), translates LDAP packets on TCP port 389. The inspected port is not configurable. This vulnerability is triggered by malformed transit LDAP traffic that needs to be processed by the NAT for NetMeeting Directory feature. This vulnerability is documented in Cisco bug ID CSCtd10712 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0946. NAT for SIP DoS Vulnerabilities +------------------------------ Four vulnerabilities in the NAT for SIP feature are described in this document: NAT of SIP over TCP vulnerability: Crafted SIP packets on TCP port 5060 could cause unpredictable results, including the reload of the vulnerable device. Translation of SIP over TCP packets will be disabled by default with the fix for this vulnerability. This vulnerability is documented in Cisco bug ID CSCso02147 and has been assigned Common Vulnerabilities and Exposures CVE-2011-3276. They have been assigned CVE IDs CVE-2011-3278 and CVE-2011-3280. This vulnerability is documented in Cisco bug ID CSCth11006 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3277. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtd10712 ("NAT LDAP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCso02147 ("NAT of SIP over TCP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti98219 ("Provider-Edge MPLS NAT of SIP over UDP packets Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti48483/CSCtj04672 ("NAT of crafted SIP packets vulnerabilities") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCth11006 ("NAT of H.323 Packets DoS Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities can cause the device to reload or become unresponsive. For the NAT of UDP over SIP vulnerability that corresponds to Cisco bug CSCtj04672, it is also possible that exploitation can cause a memory leak. Repeated exploitation of the memory leak vulnerability can lead to a DoS condition in which the device reloads or becomes unresponsive. Reloading may occur automatically, or the device may require manual intervention to reload. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.1E | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2BX | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2CZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | | | | fixed in Release | | | | 12.2SG | Releases up to and | | 12.2EW | | including 12.2(20)EW4 | | | Releases up to and | are not vulnerable. | | | including 12.2(20)EW4 | | | | are not vulnerable. | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2EWA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | 12.2(55)EX | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | | 12.2(52)EY | | | 12.2EY | | 12.2(58)EY | | | 12.2(52)EY1b | | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2EZ | to any release in | to any release in | | | 15.0SE | 15.0SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FX | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FY | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FZ | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRA | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRB | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRC | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | 12.2(33)IRD1 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | 12.2(33)IRE3 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRF | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXE | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2MRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | 12.2(33)MRB5 | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(30)S are | 12.2(30)S are | | | vulnerable; Releases | vulnerable; Releases | | 12.2S | 12.2(30)S and later | 12.2(30)S and later | | | are not vulnerable. | are not vulnerable. | | | First fixed in | First fixed in | | | Release 12.2SB | Release 12.2SB | |------------+-----------------------+-----------------------| | | 12.2(31)SB20 | 12.2(31)SB2012.2(33) | | 12.2SB | | SB10 | | | 12.2(33)SB10 | | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SBC | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCA | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCB | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | 12.2(33)SCC7 | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | | 12.2(33)SCD6 | | | 12.2SCD | | 12.2(33)SCD6 | | | 12.2(33)SCD7 | | |------------+-----------------------+-----------------------| | 12.2SCE | 12.2(33)SCE1 | 12.2(33)SCE1 | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.2(55)SE2 | 12.2(55)SE3 | | 12.2SE | | | | | 12.2(58)SE | 12.2(58)SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEA | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEB | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEC | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SED | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEE | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEF | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(25)SEG4 are | 12.2(25)SEG4 are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SEG | 12.2(25)SEG4 and | 12.2(25)SEG4 and | | | later are not | later are not | | | vulnerable. First | vulnerable. First | | | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(53)SG4 are | | 12.2SG | 12.2(53)SG4 | vulnerable; Releases | | | | 12.2(53)SG4 and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2SGA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SM | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | 12.2(50)SQ3 | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRB | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRC | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | 12.2(33)SRD6 | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | 12.2(33)SRE3 | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(29b)SV1 are | 12.2(29a)SV are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SV | 12.2(29b)SV1 and | 12.2(29a)SV and later | | | later are not | are not vulnerable. | | | vulnerable. Migrate | Migrate to any | | | to any release in | release in 12.2SVD | | | 12.2SVD | | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SX | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXB | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXD | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXE | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | 12.2(18)SXF17b | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | | 12.2(33)SXH6 | | | 12.2SXH | | 12.2(33)SXH8a | | | 12.2(33)SXH8a | | |------------+-----------------------+-----------------------| | | 12.2(33)SXI2 | | | | | | | 12.2SXI | 12.2(33)SXI2a | 12.2(33)SXI6 | | | | | | | 12.2(33)SXI4a | | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | 12.2(50)SY | 12.2(50)SY | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNA | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNB | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNC | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XND | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNE | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNF | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Releases prior to | | | | 12.2(54)XO are | Releases prior to | | | vulnerable; Releases | 12.2(54)XO are | | 12.2XO | 12.2(54)XO and later | vulnerable; Releases | | | are not vulnerable. | 12.2(54)XO and later | | | First fixed in | are not vulnerable. | | | Release 12.2SG | | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YQ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YS | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YT | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YU | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YV | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YX | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZH | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZU | fixed in Release | fixed in Release | | | 12.2SXH | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZYA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.3 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3BC | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.3BW | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JED | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases up to and | Releases up to and | | | including 12.3(2)JK3 | including 12.3(2)JK3 | | | are not vulnerable. | are not vulnerable. | | 12.3JK | | Releases 12.3(8)JK1 | | | Releases 12.3(8)JK1 | and later are not | | | and later are not | vulnerable. First | | | vulnerable. First | fixed in Release 12.4 | | | fixed in Release 12.4 | | |------------+-----------------------+-----------------------| | 12.3JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3VA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XD | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XG | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XI | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XK | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XL | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3XQ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XR | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XS | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XU | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XZ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YJ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YS | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YU | fixed in Release | fixed in Release | | | 12.4XB | 12.4XB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YX | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3ZA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.4 | 12.4(25f) | 12.4(25f) | |------------+-----------------------+-----------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+-----------------------+-----------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | | to any release in | to any release in | | | 12.4JA | 12.4JA | | 12.4JX | | | | | Releases up to and | Releases up to and | | | including 12.4(21a)JX | including 12.4(21a)JX | | | are not vulnerable. | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4MD | 12.4(24)MD6 on | 12.4(24)MD6 on | | | 28-Oct-11 | 28-Oct-11 | |------------+-----------------------+-----------------------| | 12.4MDA | 12.4(24)MDA7 | 12.4(24)MDA7 | |------------+-----------------------+-----------------------| | 12.4MDB | 12.4(24)MDB3 | 12.4(24)MDB3 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4MRB | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.4(15)T16 | 12.4(15)T16 | | 12.4T | | | | | 12.4(24)T6 | 12.4(24)T6 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XB | 12.4(2)XB12 | 12.4(2)XB12 | |------------+-----------------------+-----------------------| | 12.4XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XD | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XF | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XG | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XM | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XP | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XR | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XW | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XY | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XZ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4YA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 12.4(22)YE6; | 12.4(22)YE6; | | | Available on | Available on | | | 30-SEP-11 | 30-SEP-11 | | 12.4YE | | | | | 12.4(24)YE7; | 12.4(24)YE7; | | | Available on | Available on | | | 17-OCT-11 | 17-OCT-11 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 15.0(1)S4 | 15.0(1)S4 | | | | | | 15.0S | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0SA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0SG | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0XO | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | 15.1(2)EY | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1GC | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | 15.1(4)M2; Available | 15.1(4)M2; Available | | | on 30-SEP-11 | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | 15.1(2)S2 | 15.1(2)S2 | | | | | | | 15.1(3)S | 15.1(3)S | | 15.1S | | | | | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | 15.1(1)T4; Available | 15.1(1)T4; Available | | | on 09-DEC-11 | on 09-DEC-11 | | 15.1T | | | | | 15.1(2)T4 | 15.1(2)T4 | | | | | | | 15.1(3)T2 | 15.1(3)T2 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1XB | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2-based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release | Advisories in the September | | Release | | 2011 Bundled Publication | |---------+-----------------+--------------------------------| | 2.1.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.2.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.3.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.4.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.5.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.6.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.1.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | | Vulnerable; | | | 3.1.xSG | migrate to | Vulnerable; migrate to 3.2.0SG | | | 3.2.0SG or | or later | | | later | | |---------+-----------------+--------------------------------| | 3.2.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |---------+-----------------+--------------------------------| | 3.3.xS | Not vulnerable | 3.3.2S | |---------+-----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== It is possible to mitigate the vulnerabilities in this advisory by disabling the translation of embedded IP addresses in the payload of IP packets. Disabling NAT for the different protocols requires different configurations. For some protocols, a single command can be used. Other protocols require individual NAT translation rules be added to the configuration. NAT LDAP Vulnerability Mitigation +--------------------------------- To disable NAT of LDAP, port-based address translation needs to be configured to disable LDAP inspection using the no-payload keyword. This will still allow the NAT of LDAP packets at Layer 3 (non-port specific). Translation of other non-LDAP protocols translation will not be affected. Applications that use embedded IP addresses in LDAP, such as NetMeeting Directory, will be negatively impacted if the embedded IP addresses need to be translated. The following is an example configuration that includes the mitigation for two NAT rules. !-- NAT rule for port TCP/389 to disable IP NAT for LDAP translation !-- Takes precedence over the non-port translation rule. ip nat outside source static tcp 192.168.0.1 389 192.168.1.1 389 no-payload ip nat outside source static tcp 192.168.0.3 389 192.168.1.3 389 no-payload !-- Translation rule for all other protocols ip nat outside source static 192.168.0.1 192.168.1.1 ip nat outside source static 192.168.0.3 192.168.1.3 interface GigabitEthernet0/0 ip nat inside interface GigabitEthernet0/1 ip nat outside Each NAT translation rule in the configuration will need to be updated to include a per-port rule that disables translation of TCP packets on port 389. NAT for SIP over TCP DoS Vulnerability Mitigation +------------------------------------------------ Mitigation for this vulnerability consists of disabling NAT for SIP over the TCP transport by using the "no ip nat service sip tcp port 5060" global configuration command. NAT of Crafted SIP over UDP Packets DoS Vulnerability Mitigation +--------------------------------------------------------------- Mitigation of these vulnerabilities consists of disabling NAT for SIP over the UDP transport by using the "no ip nat service sip udp port 5060" global configuration command. NAT for Crafted H.323 Packets DoS Vulnerability Mitigation +--------------------------------------------------------- Mitigation for this vulnerability consists of disabling NAT for H.323 and H.225.0 using the "no ip nat service h225" global configuration command. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The NAT LDAP vulnerability and the NAT of crafted SIP packets vulnerabilities were found during internal Cisco testing. The NAT SIP/TCP vulnerability, provider edge MPLS NAT of SIP over UDP packets vulnerability, and NAT of H.323 packets DoS vulnerabilities were found during troubleshooting of TAC service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-Sep-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2YACgkQQXnnBKKRMNAOugD/Qr4CA7ZO3CeTOcQnwg+oMx+c NjHD7/tFD6PNnBBJF1IA/jMWm3G+EDQeuwMQ0ijB1QvXEApsX4ZJFNJyMgiFtL5x =B/LS -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCti48483. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs: CSCtd10712 CSCso02147 CSCti98219 CSCti48483 CSCtj04672 CSCth11006. For more information: SA46179 The vulnerabilities are reported in version 3.1.xSG. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20110928-nat Revision 1.0 For Public Release 2011 Sep 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols: * NetMeeting Directory (Lightweight Directory Access Protocol, LDAP) * Session Initiation Protocol (Multiple vulnerabilities) * H.323 protocol All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= Vulnerable Products +------------------ Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for NAT and contain support for one or more of the following features: * NetMeeting Directory NAT (LDAP on TCP port 389) * NAT for Session Initiation Protocol (SIP) * NAT for H.323 The preferred method to verify whether NAT is enabled on a Cisco IOS device is to log in to the device and issue the "show ip nat statistics" command. If NAT is active the sections Outside interfaces and Inside interfaces will each include at least one interface. The following example shows a device on which the NAT feature is active: Router#show ip nat statistics Total translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: Serial0 Inside interfaces: Ethernet1 Hits: 135 Misses: 5 Expired translations: 2 Dynamic mappings: -- Inside Source access-list 1 pool mypool refcount 2 pool mypool: netmask 255.255.255.0 start 192.168.10.1 end 192.168.10.254 type generic, total addresses 14, allocated 2 (14%), misses 0 Depending on the Cisco IOS Software release, the interface lists can be in the lines following the Outside interfaces and Inside interfaces lines. In releases that support the section filter on show commands, the administrator can determine whether NAT is active by using the "show ip nat statistics | section interfaces" command: Router> show ip nat statistics | section interfaces Outside interfaces: GigabitEthernet0/0 Inside interfaces: GigabitEthernet0/1 Router> Alternatively, to determine whether NAT has been enabled in the Cisco IOS Software configuration, either the "ip nat inside" and "ip nat outside" commands must be present in different interfaces or, in the case of the NAT Virtual Interface, the "ip nat enable" interface command will be present. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= NAT for NetMeeting Directory (LDAP) Vulnerability +------------------------------------------------ LDAP is a protocol for querying and modifying data of directory services implemented in IP networks. NAT for NetMeeting Directory, also known as the Internet Locator Service (ILS), translates LDAP packets on TCP port 389. The inspected port is not configurable. This vulnerability is triggered by malformed transit LDAP traffic that needs to be processed by the NAT for NetMeeting Directory feature. This vulnerability is documented in Cisco bug ID CSCtd10712 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0946. Translation of SIP over TCP packets will be disabled by default with the fix for this vulnerability. This vulnerability is documented in Cisco bug ID CSCso02147 and has been assigned Common Vulnerabilities and Exposures CVE-2011-3276. Provider edge Multiprotocol Label Switching (MPLS) NAT of SIP over UDP packets DoS vulnerability: A malformed SIP packet on UDP 5060 that transits an MPLS enabled vulnerable device that needs an MPLS tag to be imposed on the malformed packet might reload the device. They have been assigned CVE IDs CVE-2011-3278 and CVE-2011-3280. This vulnerability is documented in Cisco bug ID CSCth11006 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3277. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtd10712 ("NAT LDAP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCso02147 ("NAT of SIP over TCP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti98219 ("Provider-Edge MPLS NAT of SIP over UDP packets Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti48483/CSCtj04672 ("NAT of crafted SIP packets vulnerabilities") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCth11006 ("NAT of H.323 Packets DoS Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities can cause the device to reload or become unresponsive. For the NAT of UDP over SIP vulnerability that corresponds to Cisco bug CSCtj04672, it is also possible that exploitation can cause a memory leak. Repeated exploitation of the memory leak vulnerability can lead to a DoS condition in which the device reloads or becomes unresponsive. Reloading may occur automatically, or the device may require manual intervention to reload. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.1E | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2BX | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2CZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | | | | fixed in Release | | | | 12.2SG | Releases up to and | | 12.2EW | | including 12.2(20)EW4 | | | Releases up to and | are not vulnerable. | | | including 12.2(20)EW4 | | | | are not vulnerable. | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2EWA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | 12.2(55)EX | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | | 12.2(52)EY | | | 12.2EY | | 12.2(58)EY | | | 12.2(52)EY1b | | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2EZ | to any release in | to any release in | | | 15.0SE | 15.0SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FX | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FY | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FZ | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRA | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRB | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRC | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | 12.2(33)IRD1 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | 12.2(33)IRE3 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRF | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXE | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2MRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | 12.2(33)MRB5 | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(30)S are | 12.2(30)S are | | | vulnerable; Releases | vulnerable; Releases | | 12.2S | 12.2(30)S and later | 12.2(30)S and later | | | are not vulnerable. | are not vulnerable. | | | First fixed in | First fixed in | | | Release 12.2SB | Release 12.2SB | |------------+-----------------------+-----------------------| | | 12.2(31)SB20 | 12.2(31)SB2012.2(33) | | 12.2SB | | SB10 | | | 12.2(33)SB10 | | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SBC | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCA | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCB | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | 12.2(33)SCC7 | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | | 12.2(33)SCD6 | | | 12.2SCD | | 12.2(33)SCD6 | | | 12.2(33)SCD7 | | |------------+-----------------------+-----------------------| | 12.2SCE | 12.2(33)SCE1 | 12.2(33)SCE1 | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.2(55)SE2 | 12.2(55)SE3 | | 12.2SE | | | | | 12.2(58)SE | 12.2(58)SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEA | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEB | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEC | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SED | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEE | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEF | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(25)SEG4 are | 12.2(25)SEG4 are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SEG | 12.2(25)SEG4 and | 12.2(25)SEG4 and | | | later are not | later are not | | | vulnerable. First | vulnerable. First | | | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(53)SG4 are | | 12.2SG | 12.2(53)SG4 | vulnerable; Releases | | | | 12.2(53)SG4 and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2SGA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SM | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | 12.2(50)SQ3 | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRB | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRC | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | 12.2(33)SRD6 | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | 12.2(33)SRE3 | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(29b)SV1 are | 12.2(29a)SV are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SV | 12.2(29b)SV1 and | 12.2(29a)SV and later | | | later are not | are not vulnerable. | | | vulnerable. Migrate | Migrate to any | | | to any release in | release in 12.2SVD | | | 12.2SVD | | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SX | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXB | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXD | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXE | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | 12.2(18)SXF17b | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | | 12.2(33)SXH6 | | | 12.2SXH | | 12.2(33)SXH8a | | | 12.2(33)SXH8a | | |------------+-----------------------+-----------------------| | | 12.2(33)SXI2 | | | | | | | 12.2SXI | 12.2(33)SXI2a | 12.2(33)SXI6 | | | | | | | 12.2(33)SXI4a | | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | 12.2(50)SY | 12.2(50)SY | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNA | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNB | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNC | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XND | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNE | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNF | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Releases prior to | | | | 12.2(54)XO are | Releases prior to | | | vulnerable; Releases | 12.2(54)XO are | | 12.2XO | 12.2(54)XO and later | vulnerable; Releases | | | are not vulnerable. | 12.2(54)XO and later | | | First fixed in | are not vulnerable. | | | Release 12.2SG | | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YQ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YS | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YT | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YU | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YV | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YX | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZH | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZU | fixed in Release | fixed in Release | | | 12.2SXH | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZYA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.3 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3BC | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.3BW | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JED | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases up to and | Releases up to and | | | including 12.3(2)JK3 | including 12.3(2)JK3 | | | are not vulnerable. | are not vulnerable. | | 12.3JK | | Releases 12.3(8)JK1 | | | Releases 12.3(8)JK1 | and later are not | | | and later are not | vulnerable. First | | | vulnerable. First | fixed in Release 12.4 | | | fixed in Release 12.4 | | |------------+-----------------------+-----------------------| | 12.3JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3VA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XD | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XG | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XI | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XK | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XL | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3XQ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XR | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XS | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XU | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XZ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YJ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YS | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YU | fixed in Release | fixed in Release | | | 12.4XB | 12.4XB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YX | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3ZA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.4 | 12.4(25f) | 12.4(25f) | |------------+-----------------------+-----------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+-----------------------+-----------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | | to any release in | to any release in | | | 12.4JA | 12.4JA | | 12.4JX | | | | | Releases up to and | Releases up to and | | | including 12.4(21a)JX | including 12.4(21a)JX | | | are not vulnerable. | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4MD | 12.4(24)MD6 on | 12.4(24)MD6 on | | | 28-Oct-11 | 28-Oct-11 | |------------+-----------------------+-----------------------| | 12.4MDA | 12.4(24)MDA7 | 12.4(24)MDA7 | |------------+-----------------------+-----------------------| | 12.4MDB | 12.4(24)MDB3 | 12.4(24)MDB3 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4MRB | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.4(15)T16 | 12.4(15)T16 | | 12.4T | | | | | 12.4(24)T6 | 12.4(24)T6 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XB | 12.4(2)XB12 | 12.4(2)XB12 | |------------+-----------------------+-----------------------| | 12.4XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XD | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XF | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XG | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XM | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XP | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XR | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XW | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XY | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XZ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4YA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 12.4(22)YE6; | 12.4(22)YE6; | | | Available on | Available on | | | 30-SEP-11 | 30-SEP-11 | | 12.4YE | | | | | 12.4(24)YE7; | 12.4(24)YE7; | | | Available on | Available on | | | 17-OCT-11 | 17-OCT-11 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 15.0(1)S4 | 15.0(1)S4 | | | | | | 15.0S | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0SA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0SG | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0XO | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | 15.1(2)EY | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1GC | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | 15.1(4)M2; Available | 15.1(4)M2; Available | | | on 30-SEP-11 | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | 15.1(2)S2 | 15.1(2)S2 | | | | | | | 15.1(3)S | 15.1(3)S | | 15.1S | | | | | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | 15.1(1)T4; Available | 15.1(1)T4; Available | | | on 09-DEC-11 | on 09-DEC-11 | | 15.1T | | | | | 15.1(2)T4 | 15.1(2)T4 | | | | | | | 15.1(3)T2 | 15.1(3)T2 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1XB | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2-based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release | Advisories in the September | | Release | | 2011 Bundled Publication | |---------+-----------------+--------------------------------| | 2.1.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.2.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.3.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.4.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.5.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.6.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.1.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | | Vulnerable; | | | 3.1.xSG | migrate to | Vulnerable; migrate to 3.2.0SG | | | 3.2.0SG or | or later | | | later | | |---------+-----------------+--------------------------------| | 3.2.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |---------+-----------------+--------------------------------| | 3.3.xS | Not vulnerable | 3.3.2S | |---------+-----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== It is possible to mitigate the vulnerabilities in this advisory by disabling the translation of embedded IP addresses in the payload of IP packets. Disabling NAT for the different protocols requires different configurations. For some protocols, a single command can be used. Other protocols require individual NAT translation rules be added to the configuration. NAT LDAP Vulnerability Mitigation +--------------------------------- To disable NAT of LDAP, port-based address translation needs to be configured to disable LDAP inspection using the no-payload keyword. This will still allow the NAT of LDAP packets at Layer 3 (non-port specific). Translation of other non-LDAP protocols translation will not be affected. Applications that use embedded IP addresses in LDAP, such as NetMeeting Directory, will be negatively impacted if the embedded IP addresses need to be translated. The following is an example configuration that includes the mitigation for two NAT rules. !-- NAT rule for port TCP/389 to disable IP NAT for LDAP translation !-- Takes precedence over the non-port translation rule. ip nat outside source static tcp 192.168.0.1 389 192.168.1.1 389 no-payload ip nat outside source static tcp 192.168.0.3 389 192.168.1.3 389 no-payload !-- Translation rule for all other protocols ip nat outside source static 192.168.0.1 192.168.1.1 ip nat outside source static 192.168.0.3 192.168.1.3 interface GigabitEthernet0/0 ip nat inside interface GigabitEthernet0/1 ip nat outside Each NAT translation rule in the configuration will need to be updated to include a per-port rule that disables translation of TCP packets on port 389. NAT for SIP over TCP DoS Vulnerability Mitigation +------------------------------------------------ Mitigation for this vulnerability consists of disabling NAT for SIP over the TCP transport by using the "no ip nat service sip tcp port 5060" global configuration command. NAT for Crafted H.323 Packets DoS Vulnerability Mitigation +--------------------------------------------------------- Mitigation for this vulnerability consists of disabling NAT for H.323 and H.225.0 using the "no ip nat service h225" global configuration command. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The NAT LDAP vulnerability and the NAT of crafted SIP packets vulnerabilities were found during internal Cisco testing. The NAT SIP/TCP vulnerability, provider edge MPLS NAT of SIP over UDP packets vulnerability, and NAT of H.323 packets DoS vulnerabilities were found during troubleshooting of TAC service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-Sep-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2YACgkQQXnnBKKRMNAOugD/Qr4CA7ZO3CeTOcQnwg+oMx+c NjHD7/tFD6PNnBBJF1IA/jMWm3G+EDQeuwMQ0ijB1QvXEApsX4ZJFNJyMgiFtL5x =B/LS -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) by sending crafted SIP packets to TCP port 5060, aka Bug ID CSCso02147. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs: CSCtd10712 CSCso02147 CSCti98219 CSCti48483 CSCtj04672 CSCth11006. For more information: SA46179 The vulnerabilities are reported in version 3.1.xSG. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20110928-nat Revision 1.0 For Public Release 2011 Sep 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols: * NetMeeting Directory (Lightweight Directory Access Protocol, LDAP) * Session Initiation Protocol (Multiple vulnerabilities) * H.323 protocol All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= Vulnerable Products +------------------ Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for NAT and contain support for one or more of the following features: * NetMeeting Directory NAT (LDAP on TCP port 389) * NAT for Session Initiation Protocol (SIP) * NAT for H.323 The preferred method to verify whether NAT is enabled on a Cisco IOS device is to log in to the device and issue the "show ip nat statistics" command. If NAT is active the sections Outside interfaces and Inside interfaces will each include at least one interface. The following example shows a device on which the NAT feature is active: Router#show ip nat statistics Total translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: Serial0 Inside interfaces: Ethernet1 Hits: 135 Misses: 5 Expired translations: 2 Dynamic mappings: -- Inside Source access-list 1 pool mypool refcount 2 pool mypool: netmask 255.255.255.0 start 192.168.10.1 end 192.168.10.254 type generic, total addresses 14, allocated 2 (14%), misses 0 Depending on the Cisco IOS Software release, the interface lists can be in the lines following the Outside interfaces and Inside interfaces lines. In releases that support the section filter on show commands, the administrator can determine whether NAT is active by using the "show ip nat statistics | section interfaces" command: Router> show ip nat statistics | section interfaces Outside interfaces: GigabitEthernet0/0 Inside interfaces: GigabitEthernet0/1 Router> Alternatively, to determine whether NAT has been enabled in the Cisco IOS Software configuration, either the "ip nat inside" and "ip nat outside" commands must be present in different interfaces or, in the case of the NAT Virtual Interface, the "ip nat enable" interface command will be present. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= NAT for NetMeeting Directory (LDAP) Vulnerability +------------------------------------------------ LDAP is a protocol for querying and modifying data of directory services implemented in IP networks. NAT for NetMeeting Directory, also known as the Internet Locator Service (ILS), translates LDAP packets on TCP port 389. The inspected port is not configurable. This vulnerability is triggered by malformed transit LDAP traffic that needs to be processed by the NAT for NetMeeting Directory feature. This vulnerability is documented in Cisco bug ID CSCtd10712 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0946. Translation of SIP over TCP packets will be disabled by default with the fix for this vulnerability. This vulnerability is documented in Cisco bug ID CSCso02147 and has been assigned Common Vulnerabilities and Exposures CVE-2011-3276. Provider edge Multiprotocol Label Switching (MPLS) NAT of SIP over UDP packets DoS vulnerability: A malformed SIP packet on UDP 5060 that transits an MPLS enabled vulnerable device that needs an MPLS tag to be imposed on the malformed packet might reload the device. They have been assigned CVE IDs CVE-2011-3278 and CVE-2011-3280. This vulnerability is documented in Cisco bug ID CSCth11006 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3277. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtd10712 ("NAT LDAP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCso02147 ("NAT of SIP over TCP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti98219 ("Provider-Edge MPLS NAT of SIP over UDP packets Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti48483/CSCtj04672 ("NAT of crafted SIP packets vulnerabilities") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCth11006 ("NAT of H.323 Packets DoS Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities can cause the device to reload or become unresponsive. For the NAT of UDP over SIP vulnerability that corresponds to Cisco bug CSCtj04672, it is also possible that exploitation can cause a memory leak. Repeated exploitation of the memory leak vulnerability can lead to a DoS condition in which the device reloads or becomes unresponsive. Reloading may occur automatically, or the device may require manual intervention to reload. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.1E | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2BX | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2CZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | | | | fixed in Release | | | | 12.2SG | Releases up to and | | 12.2EW | | including 12.2(20)EW4 | | | Releases up to and | are not vulnerable. | | | including 12.2(20)EW4 | | | | are not vulnerable. | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2EWA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | 12.2(55)EX | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | | 12.2(52)EY | | | 12.2EY | | 12.2(58)EY | | | 12.2(52)EY1b | | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2EZ | to any release in | to any release in | | | 15.0SE | 15.0SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FX | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FY | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FZ | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRA | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRB | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRC | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | 12.2(33)IRD1 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | 12.2(33)IRE3 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRF | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXE | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2MRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | 12.2(33)MRB5 | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(30)S are | 12.2(30)S are | | | vulnerable; Releases | vulnerable; Releases | | 12.2S | 12.2(30)S and later | 12.2(30)S and later | | | are not vulnerable. | are not vulnerable. | | | First fixed in | First fixed in | | | Release 12.2SB | Release 12.2SB | |------------+-----------------------+-----------------------| | | 12.2(31)SB20 | 12.2(31)SB2012.2(33) | | 12.2SB | | SB10 | | | 12.2(33)SB10 | | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SBC | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCA | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCB | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | 12.2(33)SCC7 | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | | 12.2(33)SCD6 | | | 12.2SCD | | 12.2(33)SCD6 | | | 12.2(33)SCD7 | | |------------+-----------------------+-----------------------| | 12.2SCE | 12.2(33)SCE1 | 12.2(33)SCE1 | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.2(55)SE2 | 12.2(55)SE3 | | 12.2SE | | | | | 12.2(58)SE | 12.2(58)SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEA | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEB | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEC | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SED | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEE | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEF | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(25)SEG4 are | 12.2(25)SEG4 are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SEG | 12.2(25)SEG4 and | 12.2(25)SEG4 and | | | later are not | later are not | | | vulnerable. First | vulnerable. First | | | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(53)SG4 are | | 12.2SG | 12.2(53)SG4 | vulnerable; Releases | | | | 12.2(53)SG4 and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2SGA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SM | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | 12.2(50)SQ3 | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRB | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRC | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | 12.2(33)SRD6 | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | 12.2(33)SRE3 | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(29b)SV1 are | 12.2(29a)SV are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SV | 12.2(29b)SV1 and | 12.2(29a)SV and later | | | later are not | are not vulnerable. | | | vulnerable. Migrate | Migrate to any | | | to any release in | release in 12.2SVD | | | 12.2SVD | | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SX | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXB | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXD | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXE | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | 12.2(18)SXF17b | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | | 12.2(33)SXH6 | | | 12.2SXH | | 12.2(33)SXH8a | | | 12.2(33)SXH8a | | |------------+-----------------------+-----------------------| | | 12.2(33)SXI2 | | | | | | | 12.2SXI | 12.2(33)SXI2a | 12.2(33)SXI6 | | | | | | | 12.2(33)SXI4a | | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | 12.2(50)SY | 12.2(50)SY | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNA | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNB | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNC | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XND | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNE | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNF | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Releases prior to | | | | 12.2(54)XO are | Releases prior to | | | vulnerable; Releases | 12.2(54)XO are | | 12.2XO | 12.2(54)XO and later | vulnerable; Releases | | | are not vulnerable. | 12.2(54)XO and later | | | First fixed in | are not vulnerable. | | | Release 12.2SG | | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YQ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YS | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YT | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YU | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YV | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YX | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZH | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZU | fixed in Release | fixed in Release | | | 12.2SXH | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZYA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.3 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3BC | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.3BW | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JED | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases up to and | Releases up to and | | | including 12.3(2)JK3 | including 12.3(2)JK3 | | | are not vulnerable. | are not vulnerable. | | 12.3JK | | Releases 12.3(8)JK1 | | | Releases 12.3(8)JK1 | and later are not | | | and later are not | vulnerable. First | | | vulnerable. First | fixed in Release 12.4 | | | fixed in Release 12.4 | | |------------+-----------------------+-----------------------| | 12.3JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3VA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XD | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XG | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XI | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XK | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XL | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3XQ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XR | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XS | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XU | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XZ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YJ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YS | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YU | fixed in Release | fixed in Release | | | 12.4XB | 12.4XB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YX | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3ZA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.4 | 12.4(25f) | 12.4(25f) | |------------+-----------------------+-----------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+-----------------------+-----------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | | to any release in | to any release in | | | 12.4JA | 12.4JA | | 12.4JX | | | | | Releases up to and | Releases up to and | | | including 12.4(21a)JX | including 12.4(21a)JX | | | are not vulnerable. | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4MD | 12.4(24)MD6 on | 12.4(24)MD6 on | | | 28-Oct-11 | 28-Oct-11 | |------------+-----------------------+-----------------------| | 12.4MDA | 12.4(24)MDA7 | 12.4(24)MDA7 | |------------+-----------------------+-----------------------| | 12.4MDB | 12.4(24)MDB3 | 12.4(24)MDB3 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4MRB | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.4(15)T16 | 12.4(15)T16 | | 12.4T | | | | | 12.4(24)T6 | 12.4(24)T6 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XB | 12.4(2)XB12 | 12.4(2)XB12 | |------------+-----------------------+-----------------------| | 12.4XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XD | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XF | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XG | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XM | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XP | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XR | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XW | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XY | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XZ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4YA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 12.4(22)YE6; | 12.4(22)YE6; | | | Available on | Available on | | | 30-SEP-11 | 30-SEP-11 | | 12.4YE | | | | | 12.4(24)YE7; | 12.4(24)YE7; | | | Available on | Available on | | | 17-OCT-11 | 17-OCT-11 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 15.0(1)S4 | 15.0(1)S4 | | | | | | 15.0S | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0SA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0SG | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0XO | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | 15.1(2)EY | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1GC | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | 15.1(4)M2; Available | 15.1(4)M2; Available | | | on 30-SEP-11 | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | 15.1(2)S2 | 15.1(2)S2 | | | | | | | 15.1(3)S | 15.1(3)S | | 15.1S | | | | | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | 15.1(1)T4; Available | 15.1(1)T4; Available | | | on 09-DEC-11 | on 09-DEC-11 | | 15.1T | | | | | 15.1(2)T4 | 15.1(2)T4 | | | | | | | 15.1(3)T2 | 15.1(3)T2 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1XB | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2-based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release | Advisories in the September | | Release | | 2011 Bundled Publication | |---------+-----------------+--------------------------------| | 2.1.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.2.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.3.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.4.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.5.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.6.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.1.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | | Vulnerable; | | | 3.1.xSG | migrate to | Vulnerable; migrate to 3.2.0SG | | | 3.2.0SG or | or later | | | later | | |---------+-----------------+--------------------------------| | 3.2.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |---------+-----------------+--------------------------------| | 3.3.xS | Not vulnerable | 3.3.2S | |---------+-----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== It is possible to mitigate the vulnerabilities in this advisory by disabling the translation of embedded IP addresses in the payload of IP packets. Disabling NAT for the different protocols requires different configurations. For some protocols, a single command can be used. Other protocols require individual NAT translation rules be added to the configuration. NAT LDAP Vulnerability Mitigation +--------------------------------- To disable NAT of LDAP, port-based address translation needs to be configured to disable LDAP inspection using the no-payload keyword. This will still allow the NAT of LDAP packets at Layer 3 (non-port specific). Translation of other non-LDAP protocols translation will not be affected. Applications that use embedded IP addresses in LDAP, such as NetMeeting Directory, will be negatively impacted if the embedded IP addresses need to be translated. The following is an example configuration that includes the mitigation for two NAT rules. !-- NAT rule for port TCP/389 to disable IP NAT for LDAP translation !-- Takes precedence over the non-port translation rule. ip nat outside source static tcp 192.168.0.1 389 192.168.1.1 389 no-payload ip nat outside source static tcp 192.168.0.3 389 192.168.1.3 389 no-payload !-- Translation rule for all other protocols ip nat outside source static 192.168.0.1 192.168.1.1 ip nat outside source static 192.168.0.3 192.168.1.3 interface GigabitEthernet0/0 ip nat inside interface GigabitEthernet0/1 ip nat outside Each NAT translation rule in the configuration will need to be updated to include a per-port rule that disables translation of TCP packets on port 389. NAT for SIP over TCP DoS Vulnerability Mitigation +------------------------------------------------ Mitigation for this vulnerability consists of disabling NAT for SIP over the TCP transport by using the "no ip nat service sip tcp port 5060" global configuration command. NAT of Crafted SIP over UDP Packets DoS Vulnerability Mitigation +--------------------------------------------------------------- Mitigation of these vulnerabilities consists of disabling NAT for SIP over the UDP transport by using the "no ip nat service sip udp port 5060" global configuration command. NAT for Crafted H.323 Packets DoS Vulnerability Mitigation +--------------------------------------------------------- Mitigation for this vulnerability consists of disabling NAT for H.323 and H.225.0 using the "no ip nat service h225" global configuration command. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The NAT LDAP vulnerability and the NAT of crafted SIP packets vulnerabilities were found during internal Cisco testing. The NAT SIP/TCP vulnerability, provider edge MPLS NAT of SIP over UDP packets vulnerability, and NAT of H.323 packets DoS vulnerabilities were found during troubleshooting of TAC service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-Sep-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2YACgkQQXnnBKKRMNAOugD/Qr4CA7ZO3CeTOcQnwg+oMx+c NjHD7/tFD6PNnBBJF1IA/jMWm3G+EDQeuwMQ0ijB1QvXEApsX4ZJFNJyMgiFtL5x =B/LS -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCtj04672. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs: CSCtd10712 CSCso02147 CSCti98219 CSCti48483 CSCtj04672 CSCth11006. For more information: SA46179 The vulnerabilities are reported in version 3.1.xSG. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20110928-nat Revision 1.0 For Public Release 2011 Sep 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols: * NetMeeting Directory (Lightweight Directory Access Protocol, LDAP) * Session Initiation Protocol (Multiple vulnerabilities) * H.323 protocol All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= Vulnerable Products +------------------ Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for NAT and contain support for one or more of the following features: * NetMeeting Directory NAT (LDAP on TCP port 389) * NAT for Session Initiation Protocol (SIP) * NAT for H.323 The preferred method to verify whether NAT is enabled on a Cisco IOS device is to log in to the device and issue the "show ip nat statistics" command. If NAT is active the sections Outside interfaces and Inside interfaces will each include at least one interface. The following example shows a device on which the NAT feature is active: Router#show ip nat statistics Total translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: Serial0 Inside interfaces: Ethernet1 Hits: 135 Misses: 5 Expired translations: 2 Dynamic mappings: -- Inside Source access-list 1 pool mypool refcount 2 pool mypool: netmask 255.255.255.0 start 192.168.10.1 end 192.168.10.254 type generic, total addresses 14, allocated 2 (14%), misses 0 Depending on the Cisco IOS Software release, the interface lists can be in the lines following the Outside interfaces and Inside interfaces lines. In releases that support the section filter on show commands, the administrator can determine whether NAT is active by using the "show ip nat statistics | section interfaces" command: Router> show ip nat statistics | section interfaces Outside interfaces: GigabitEthernet0/0 Inside interfaces: GigabitEthernet0/1 Router> Alternatively, to determine whether NAT has been enabled in the Cisco IOS Software configuration, either the "ip nat inside" and "ip nat outside" commands must be present in different interfaces or, in the case of the NAT Virtual Interface, the "ip nat enable" interface command will be present. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= NAT for NetMeeting Directory (LDAP) Vulnerability +------------------------------------------------ LDAP is a protocol for querying and modifying data of directory services implemented in IP networks. NAT for NetMeeting Directory, also known as the Internet Locator Service (ILS), translates LDAP packets on TCP port 389. The inspected port is not configurable. This vulnerability is triggered by malformed transit LDAP traffic that needs to be processed by the NAT for NetMeeting Directory feature. This vulnerability is documented in Cisco bug ID CSCtd10712 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0946. NAT for SIP DoS Vulnerabilities +------------------------------ Four vulnerabilities in the NAT for SIP feature are described in this document: NAT of SIP over TCP vulnerability: Crafted SIP packets on TCP port 5060 could cause unpredictable results, including the reload of the vulnerable device. Translation of SIP over TCP packets will be disabled by default with the fix for this vulnerability. This vulnerability is documented in Cisco bug ID CSCso02147 and has been assigned Common Vulnerabilities and Exposures CVE-2011-3276. Provider edge Multiprotocol Label Switching (MPLS) NAT of SIP over UDP packets DoS vulnerability: A malformed SIP packet on UDP 5060 that transits an MPLS enabled vulnerable device that needs an MPLS tag to be imposed on the malformed packet might reload the device. They have been assigned CVE IDs CVE-2011-3278 and CVE-2011-3280. This vulnerability is documented in Cisco bug ID CSCth11006 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3277. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtd10712 ("NAT LDAP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCso02147 ("NAT of SIP over TCP Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti98219 ("Provider-Edge MPLS NAT of SIP over UDP packets Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti48483/CSCtj04672 ("NAT of crafted SIP packets vulnerabilities") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCth11006 ("NAT of H.323 Packets DoS Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities can cause the device to reload or become unresponsive. Reloading may occur automatically, or the device may require manual intervention to reload. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.1E | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2BX | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2CZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | | | | fixed in Release | | | | 12.2SG | Releases up to and | | 12.2EW | | including 12.2(20)EW4 | | | Releases up to and | are not vulnerable. | | | including 12.2(20)EW4 | | | | are not vulnerable. | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2EWA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | 12.2(55)EX | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | | 12.2(52)EY | | | 12.2EY | | 12.2(58)EY | | | 12.2(52)EY1b | | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2EZ | to any release in | to any release in | | | 15.0SE | 15.0SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FX | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FY | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2FZ | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRA | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRB | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRC | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | 12.2(33)IRD1 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | 12.2(33)IRE3 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRF | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXE | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2MRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | 12.2(33)MRB5 | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(30)S are | 12.2(30)S are | | | vulnerable; Releases | vulnerable; Releases | | 12.2S | 12.2(30)S and later | 12.2(30)S and later | | | are not vulnerable. | are not vulnerable. | | | First fixed in | First fixed in | | | Release 12.2SB | Release 12.2SB | |------------+-----------------------+-----------------------| | | 12.2(31)SB20 | 12.2(31)SB2012.2(33) | | 12.2SB | | SB10 | | | 12.2(33)SB10 | | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SBC | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCA | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCB | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | 12.2(33)SCC7 | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | | 12.2(33)SCD6 | | | 12.2SCD | | 12.2(33)SCD6 | | | 12.2(33)SCD7 | | |------------+-----------------------+-----------------------| | 12.2SCE | 12.2(33)SCE1 | 12.2(33)SCE1 | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.2(55)SE2 | 12.2(55)SE3 | | 12.2SE | | | | | 12.2(58)SE | 12.2(58)SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEA | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEB | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEC | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SED | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEE | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SEF | fixed in Release | fixed in Release | | | 12.2SE | 12.2SE | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(25)SEG4 are | 12.2(25)SEG4 are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SEG | 12.2(25)SEG4 and | 12.2(25)SEG4 and | | | later are not | later are not | | | vulnerable. First | vulnerable. First | | | fixed in Release | fixed in Release | | | 12.2EX | 12.2EX | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(53)SG4 are | | 12.2SG | 12.2(53)SG4 | vulnerable; Releases | | | | 12.2(53)SG4 and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Vulnerable; first | organization per the | | 12.2SGA | fixed in Release | instructions in the | | | 12.2SG | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SM | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | 12.2(50)SQ3 | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRB | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRC | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | 12.2(33)SRD6 | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | 12.2(33)SRE3 | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(29b)SV1 are | 12.2(29a)SV are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SV | 12.2(29b)SV1 and | 12.2(29a)SV and later | | | later are not | are not vulnerable. | | | vulnerable. Migrate | Migrate to any | | | to any release in | release in 12.2SVD | | | 12.2SVD | | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2SW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SX | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXB | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXD | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXE | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | 12.2(18)SXF17b | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | | 12.2(33)SXH6 | | | 12.2SXH | | 12.2(33)SXH8a | | | 12.2(33)SXH8a | | |------------+-----------------------+-----------------------| | | 12.2(33)SXI2 | | | | | | | 12.2SXI | 12.2(33)SXI2a | 12.2(33)SXI6 | | | | | | | 12.2(33)SXI4a | | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | 12.2(50)SY | 12.2(50)SY | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNA | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNB | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNC | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XND | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNE | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNF | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Releases prior to | | | | 12.2(54)XO are | Releases prior to | | | vulnerable; Releases | 12.2(54)XO are | | 12.2XO | 12.2(54)XO and later | vulnerable; Releases | | | are not vulnerable. | 12.2(54)XO and later | | | First fixed in | are not vulnerable. | | | Release 12.2SG | | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YQ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YS | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YT | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YU | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YV | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YX | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZH | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZU | fixed in Release | fixed in Release | | | 12.2SXH | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZYA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.3 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3BC | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.3BW | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JED | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases up to and | Releases up to and | | | including 12.3(2)JK3 | including 12.3(2)JK3 | | | are not vulnerable. | are not vulnerable. | | 12.3JK | | Releases 12.3(8)JK1 | | | Releases 12.3(8)JK1 | and later are not | | | and later are not | vulnerable. First | | | vulnerable. First | fixed in Release 12.4 | | | fixed in Release 12.4 | | |------------+-----------------------+-----------------------| | 12.3JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3VA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XD | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XG | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XI | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XK | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XL | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3XQ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XR | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XS | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XU | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XZ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YA | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YJ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YS | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YU | fixed in Release | fixed in Release | | | 12.4XB | 12.4XB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YX | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3ZA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.4 | 12.4(25f) | 12.4(25f) | |------------+-----------------------+-----------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+-----------------------+-----------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | | to any release in | to any release in | | | 12.4JA | 12.4JA | | 12.4JX | | | | | Releases up to and | Releases up to and | | | including 12.4(21a)JX | including 12.4(21a)JX | | | are not vulnerable. | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4MD | 12.4(24)MD6 on | 12.4(24)MD6 on | | | 28-Oct-11 | 28-Oct-11 | |------------+-----------------------+-----------------------| | 12.4MDA | 12.4(24)MDA7 | 12.4(24)MDA7 | |------------+-----------------------+-----------------------| | 12.4MDB | 12.4(24)MDB3 | 12.4(24)MDB3 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4MRB | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.4(15)T16 | 12.4(15)T16 | | 12.4T | | | | | 12.4(24)T6 | 12.4(24)T6 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XB | 12.4(2)XB12 | 12.4(2)XB12 | |------------+-----------------------+-----------------------| | 12.4XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XD | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XF | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XG | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XM | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XP | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XR | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XW | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XY | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XZ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4YA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 12.4(22)YE6; | 12.4(22)YE6; | | | Available on | Available on | | | 30-SEP-11 | 30-SEP-11 | | 12.4YE | | | | | 12.4(24)YE7; | 12.4(24)YE7; | | | Available on | Available on | | | 17-OCT-11 | 17-OCT-11 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | 15.0(1)S4 | 15.0(1)S4 | | | | | | 15.0S | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0SA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0SG | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0XO | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | 15.1(2)EY | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1GC | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | 15.1(4)M2; Available | 15.1(4)M2; Available | | | on 30-SEP-11 | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | 15.1(2)S2 | 15.1(2)S2 | | | | | | | 15.1(3)S | 15.1(3)S | | 15.1S | | | | | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | 15.1(1)T4; Available | 15.1(1)T4; Available | | | on 09-DEC-11 | on 09-DEC-11 | | 15.1T | | | | | 15.1(2)T4 | 15.1(2)T4 | | | | | | | 15.1(3)T2 | 15.1(3)T2 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1XB | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2-based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release | Advisories in the September | | Release | | 2011 Bundled Publication | |---------+-----------------+--------------------------------| | 2.1.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.2.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.3.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.4.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.5.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 2.6.x | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.1.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | | Vulnerable; | | | 3.1.xSG | migrate to | Vulnerable; migrate to 3.2.0SG | | | 3.2.0SG or | or later | | | later | | |---------+-----------------+--------------------------------| | 3.2.xS | Not vulnerable | Vulnerable; migrate to 3.3.2S | | | | or later | |---------+-----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |---------+-----------------+--------------------------------| | 3.3.xS | Not vulnerable | 3.3.2S | |---------+-----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== It is possible to mitigate the vulnerabilities in this advisory by disabling the translation of embedded IP addresses in the payload of IP packets. Disabling NAT for the different protocols requires different configurations. For some protocols, a single command can be used. Other protocols require individual NAT translation rules be added to the configuration. NAT LDAP Vulnerability Mitigation +--------------------------------- To disable NAT of LDAP, port-based address translation needs to be configured to disable LDAP inspection using the no-payload keyword. This will still allow the NAT of LDAP packets at Layer 3 (non-port specific). Translation of other non-LDAP protocols translation will not be affected. Applications that use embedded IP addresses in LDAP, such as NetMeeting Directory, will be negatively impacted if the embedded IP addresses need to be translated. The following is an example configuration that includes the mitigation for two NAT rules. !-- NAT rule for port TCP/389 to disable IP NAT for LDAP translation !-- Takes precedence over the non-port translation rule. ip nat outside source static tcp 192.168.0.1 389 192.168.1.1 389 no-payload ip nat outside source static tcp 192.168.0.3 389 192.168.1.3 389 no-payload !-- Translation rule for all other protocols ip nat outside source static 192.168.0.1 192.168.1.1 ip nat outside source static 192.168.0.3 192.168.1.3 interface GigabitEthernet0/0 ip nat inside interface GigabitEthernet0/1 ip nat outside Each NAT translation rule in the configuration will need to be updated to include a per-port rule that disables translation of TCP packets on port 389. NAT for SIP over TCP DoS Vulnerability Mitigation +------------------------------------------------ Mitigation for this vulnerability consists of disabling NAT for SIP over the TCP transport by using the "no ip nat service sip tcp port 5060" global configuration command. NAT of Crafted SIP over UDP Packets DoS Vulnerability Mitigation +--------------------------------------------------------------- Mitigation of these vulnerabilities consists of disabling NAT for SIP over the UDP transport by using the "no ip nat service sip udp port 5060" global configuration command. NAT for Crafted H.323 Packets DoS Vulnerability Mitigation +--------------------------------------------------------- Mitigation for this vulnerability consists of disabling NAT for H.323 and H.225.0 using the "no ip nat service h225" global configuration command. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The NAT LDAP vulnerability and the NAT of crafted SIP packets vulnerabilities were found during internal Cisco testing. The NAT SIP/TCP vulnerability, provider edge MPLS NAT of SIP over UDP packets vulnerability, and NAT of H.323 packets DoS vulnerabilities were found during troubleshooting of TAC service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-Sep-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2YACgkQQXnnBKKRMNAOugD/Qr4CA7ZO3CeTOcQnwg+oMx+c NjHD7/tFD6PNnBBJF1IA/jMWm3G+EDQeuwMQ0ijB1QvXEApsX4ZJFNJyMgiFtL5x =B/LS -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCth03022. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities that affect the SIP implementation. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCth03022 and CSCti48504. Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet interconnection. The data flow interaction function DLSw can realize the transmission of IBM SNA and network BIOS traffic on the IP network. ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS SIP Packet Processing Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46197 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46197/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46197 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46197/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46197/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46197 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An unspecified error when processing certain Session Initiation Protocol (SIP) packets can be exploited to reload a device. 2) A memory leak error when processing certain Session Initiation Protocol (SIP) packets can be exploited to reload a device. 3) A memory leak error can be exploited to disrupt voice services. For more information: SA46226 Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Cisco Unified Communications Manager (CUCM) is affected by one of the vulnerabilities described in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerability that affects the Cisco Unified Communications Manager at the following location: http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml Vulnerable Products +------------------ Cisco devices are affected when they are running affected Cisco IOS Software and Cisco IOS XE Software versions that are configured to process SIP messages. Creating a dial peer by issuing the "dial-peer voice" configuration command will start the SIP processes, causing the Cisco IOS device to process SIP messages. In addition, several features in Cisco Unified Communications Manager Express, such as ephones, will automatically start the SIP process when they are configured, which could cause the affected device to start processing SIP messages. An example of an affected configuration follows: dial-peer voice <Voice dial-peer tag> voip ... ! In addition to inspecting the Cisco IOS device configuration for a "dial-peer" command that causes the device to process SIP messages, administrators can also use the "show processes | include SIP" command to determine whether Cisco IOS Software is running the processes that handle SIP messages. In the following example, the presence of the processes CCSIP_UDP_SOCKET or CCSIP_TCP_SOCKET indicates that the Cisco IOS device will process SIP messages: Router# show processes | include SIP 149 Mwe 40F48254 4 1 400023108/24000 0 CCSIP_UDP_SOCKET 150 Mwe 40F48034 4 1 400023388/24000 0 CCSIP_TCP_SOCKET Note: Because there are several ways a device running Cisco IOS Software can start processing SIP messages, the "show processes | include SIP" command should be used to determine whether the device is processing SIP messages instead of relying on the presence of specific configuration commands. Cisco Unified Border Element images are also affected by two of these vulnerabilities. Note: The Cisco Unified Border Element feature (previously known as the Cisco Multiservice IP-to-IP Gateway) is a special Cisco IOS Software image that runs on Cisco multiservice gateway platforms. This feature provides a network-to-network interface point for billing, security, call admission control, quality of service, and signaling interworking. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Note: Cisco Unified Communications Manager is affected by one of the vulnerabilities described in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerability that affects the Cisco Unified Communications Manager at the following location: http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml Products Confirmed Not Vulnerable +-------------------------------- The SIP application layer gateway (ALG), which is used by the Cisco IOS Network Address Translation (NAT) and firewall features of Cisco IOS Software, is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= SIP is a popular signaling protocol that is used to manage voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol has the flexibility to accommodate other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP port 5061) as the underlying transport protocol. Only traffic destined to the device can trigger the vulnerabilities; transit SIP traffic is not an exploit vector. Note: In cases where SIP is running over TCP transport, a TCP three-way handshake is necessary to exploit these vulnerabilities. This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0939. CSCti48504 may cause memory leaks. This vulnerability has been assigned CVE ID CVE-2011-3275. CSCto88686 may cause memory leaks or reloads of affected devices. This vulnerability has been assigned CVE ID CVE-2011-2072. Note: this vulnerability also affects Cisco Unified Communications Manager. Refer to the separate Cisco Security Advisory for the Cisco Unified Communications Manager for additional details. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss Note that all vulnerabilities in this advisory (CSCth03022, CSCti48504, and CSCto88686) have been scored in an identical manner, assuming a complete denial of service (DoS) condition. * CSCth03022, CSCti48504, CSCto88686 CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities in this advisory may result in system instabilities or a reload of an affected device. Repeated exploitation could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0 based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.1E | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2B | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BC | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2BX | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2CZ | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Releases up to and | | 12.2EW | Not vulnerable | including 12.2(20)EW4 | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2EWA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | Not vulnerable | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | 12.2EY | Not vulnerable | 12.2(58)EY | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2EZ | Not vulnerable | to any release in | | | | 15.0SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2FX | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2FY | Not vulnerable | fixed in Release | | | | 12.2EX | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2FZ | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRA | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRB | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRC | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRF | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXB | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXC | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXE | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXF | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXH | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2MRA | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | Not vulnerable | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(30)S are | | | | vulnerable; Releases | | 12.2S | Not vulnerable | 12.2(30)S and later | | | | are not vulnerable. | | | | First fixed in | | | | Release 12.2SB | |------------+-----------------------+-----------------------| | 12.2SB | Not vulnerable | 12.2(31)SB2012.2(33) | | | | SB10 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SBC | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SCA | Not vulnerable | fixed in Release | | | | 12.2SCC | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SCB | Not vulnerable | fixed in Release | | | | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | Not vulnerable | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | 12.2SCD | Not vulnerable | 12.2(33)SCD6 | |------------+-----------------------+-----------------------| | 12.2SCE | Not vulnerable | 12.2(33)SCE112.2(33) | | | | SCE2 | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SE | Not vulnerable | 12.2(55)SE312.2(58)SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEA | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEB | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEC | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SED | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEE | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEF | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(25)SEG4 are | | | | vulnerable; Releases | | 12.2SEG | Not vulnerable | 12.2(25)SEG4 and | | | | later are not | | | | vulnerable. First | | | | fixed in Release | | | | 12.2EX | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(53)SG4 are | | 12.2SG | Not vulnerable | vulnerable; Releases | | | | 12.2(53)SG4 and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SGA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SM | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | Not vulnerable | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SRA | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SRB | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SRC | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | Not vulnerable | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | Not vulnerable | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(29a)SV are | | | | vulnerable; Releases | | 12.2SV | Not vulnerable | 12.2(29a)SV and later | | | | are not vulnerable. | | | | Migrate to any | | | | release in 12.2SVD | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SW | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SX | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXA | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXB | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXD | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXE | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | Not vulnerable | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | 12.2SXH | Not vulnerable | 12.2(33)SXH8a | |------------+-----------------------+-----------------------| | 12.2SXI | Not vulnerable | 12.2(33)SXI6 | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | Not vulnerable | 12.2(50)SY | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SZ | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2TPC | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XNA | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNB | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNC | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XND | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNE | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNF | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(54)XO are | | 12.2XO | Not vulnerable | vulnerable; Releases | | | | 12.2(54)XO and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YA | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YF | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YH | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YJ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YL | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YN | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YQ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YS | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YT | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YU | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YV | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YW | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YX | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YZ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2ZA | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZB | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZH | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZL | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2ZU | Not vulnerable | fixed in Release | | | | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZYA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.3 based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.4 | Not vulnerable | 12.4(25f) | |------------+-----------------------+-----------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+-----------------------+-----------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | | | to any release in | | | | 12.4JA | | 12.4JX | Not vulnerable | | | | | Releases up to and | | | | including 12.4(21a)JX | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4MD | Not vulnerable | 12.4(24)MD6 on | | | | 28-Oct-2011 | |------------+-----------------------+-----------------------| | 12.4MDA | Not vulnerable | 12.4(24)MDA7 | |------------+-----------------------+-----------------------| | 12.4MDB | Not vulnerable | 12.4(24)MDB3 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Releases up to and | organization per the | | 12.4MR | including 12.4(6)MR1 | instructions in the | | | are not vulnerable. | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MRA | instructions in | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4MRB | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.4(24)T6 | 12.4(24)T6 | | 12.4T | | | | | 12.4(15)T16 | 12.4(15)T16 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XA | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | 12.4XB | Not vulnerable | 12.4(2)XB12 | |------------+-----------------------+-----------------------| | | Vulnerable; First | | | 12.4XC | Fixed in Release | Not vulnerable | | | 12.4T | | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XD | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | Not vulnerable | | | | | | | 12.4XE | Vulnerable; First | Not vulnerable | | | Fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XF | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | Releases up to and | | | | including 12.4(9)XG1 | | | | are not vulnerable. | | | | | Vulnerable; First | | 12.4XG | Releases 12.4(9)XG3 | fixed in Release | | | and later are not | 12.4T | | | vulnerable. First | | | | fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | | Not vulnerable | | | | | | | 12.4XJ | Vulnerable; First | Not vulnerable | | | Fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Releases up to and | | | | including 12.4(15)XM | | | | are not vulnerable. | | | | | Vulnerable; First | | 12.4XM | Releases 12.4(15)XM3 | fixed in Release | | | and later are not | 12.4T | | | vulnerable. First | | | | fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4XN | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4XP | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XQ | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XR | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XT | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4XW | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4XY | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4XZ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4YA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YB | instructions in | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4YD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; fixed in | | | | 12.4(22)YE6 on | | 12.4YE | Not vulnerable | 30-Sept-2011; 12.4 | | | | (24)YE7 available on | | | | 17-Oct-2011 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4YG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0MRA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0SG | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0XO | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 15.1GC | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | 15.1(4)M1 | 15.1(4)M2; Available | | | | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | 15.1(2)S2 | | | Not vulnerable | | | | | 15.1(3)S | | 15.1S | Cisco IOS XE devices: | | | | See Cisco IOS-XE | Cisco IOS XE devices: | | | Software Availability | See Cisco IOS-XE | | | | Software Availability | |------------+-----------------------+-----------------------| | | 15.1(2)T4 | 15.1(2)T4 15.1(1)T4 | | 15.1T | | on 8-Dec-2011 | | | 15.1(3)T2 | | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 15.1XB | 15.1(4)XB5 | fixed in Release | | | | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2 based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +------------------------------------------------------------+ | Cisco | First | First Fixed Release for All | | IOS XE | Fixed | Advisories in the September 2011 | | Release | Release | Bundled Publication | |----------+------------+------------------------------------| | 2.1.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.2.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.3.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.4.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.5.x | 3.1.3S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 2.6.x | 3.1.3S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.1.xS | 3.1.3S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.1.xSG | Not | Vulnerable; migrate to 3.2.0SG or | | | vulnerable | later | |----------+------------+------------------------------------| | 3.2.xS | 3.2.1S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.2.xSG | Not | Not vulnerable | | | vulnerable | | |----------+------------+------------------------------------| | 3.3.xS | Not | 3.3.2S | | | Vulnerable | | |----------+------------+------------------------------------| | 3.4.xS | Not | Not Vulnerable | | | Vulnerable | | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR System Software +--------------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== If the affected Cisco IOS device requires SIP for VoIP services, SIP cannot be disabled and no workarounds are available. Users are advised to apply mitigation techniques to help limit exposure to the vulnerabilities. Mitigation consists of allowing only legitimate devices to connect to affected devices. To increase effectiveness, the mitigation must be coupled with measures against spoofing on the network edge. This action is required because SIP can use UDP as the transport protocol. Additional mitigations that can be deployed on Cisco devices within the network are available in the companion document "Cisco Applied Mitigation Bulletin:Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products" at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20110928-voice.shtml. Disabling SIP Listening Ports +---------------------------- For devices that do not require SIP to be enabled, the simplest and most effective workaround is to disable SIP processing on the device. Some versions of Cisco IOS Software allow administrators to disable SIP with the following commands: sip-ua no transport udp no transport tcp no transport tcp tls Warning: When applying this workaround to devices that are processing Media Gateway Control Protocol (MGCP) or H.323 calls, the device will not stop SIP processing while active calls are being processed. Under these circumstances, this workaround should be implemented during a maintenance window when active calls can be briefly stopped. The "show udp connections", "show tcp brief all", and "show processes | include SIP" commands can be used to confirm that the SIP UDP and TCP ports are closed after applying this workaround. Depending on the Cisco IOS Software version in use, when SIP is disabled, the output from the "show ip sockets" command may still show the SIP ports open, but sending traffic to them will cause the SIP process to display the following message: *Jun 2 11:36:47.691: sip_udp_sock_process_read: SIP UDP Listener is DISABLED Control Plane Policing +--------------------- For devices that need to offer SIP services, it is possible to use Control Plane Policing (CoPP) to block SIP traffic to the device from untrusted sources. Cisco IOS Releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP may be configured on a device to protect the management and control planes to minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic sent to infrastructure devices in accordance with existing security policies and configurations. The following example can be adapted to specific network configurations: !-- The 192.168.1.0/24 network and the 172.16.1.1 host are trusted. !-- Everything else is not trusted. The following access list is used !-- to determine what traffic needs to be dropped by a control plane !-- policy (the CoPP feature): if the access list matches (permit) !-- then traffic will be dropped and if the access list does not !-- match (deny) then traffic will be processed by the router. access-list 100 deny udp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5061 access-list 100 deny udp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5061 access-list 100 permit udp any any eq 5060 access-list 100 permit tcp any any eq 5060 access-list 100 permit tcp any any eq 5061 !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4 !-- traffic in accordance with existing security policies and !-- configurations for traffic that is authorized to be sent !-- to infrastructure devices. !-- Create a Class-Map for traffic to be policed by !-- the CoPP feature. class-map match-all drop-sip-class match access-group 100 !-- Create a Policy-Map that will be applied to the !-- Control-Plane of the device. policy-map control-plane-policy class drop-sip-class drop !-- Apply the Policy-Map to the Control-Plane of the !-- device. control-plane service-policy input control-plane-policy Note: Because SIP can use UDP as a transport protocol, it is possible to spoof the source address of an IP packet, which may bypass access control lists that permit communication to these ports from trusted IP addresses. In the preceding CoPP example, the access control entries (ACEs) that match the potential exploit packets with the permit action cause these packets to be discarded by the policy-map drop function, whereas packets that match the deny action (not shown) are not affected by the policy-map drop function. Additional information on the configuration and use of the CoPP feature can be found at http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html and http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were discovered by Cisco during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2gACgkQQXnnBKKRMNDX3gD/UeN/lhANnUYaPYTJesK+CgTF Hnpss1asMqYlNes4DlgA/idrlbSx8cbkiX0rrhhHEkTNFRcVmvxA3gJhKq9s9GsO =XFrW -----END PGP SIGNATURE-----

The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability 2. Multiple denial-of-service vulnerabilities Exploiting these issues allows remote attackers to cause the daemon to crash (denying further service to legitimate users) or allows attackers to execute arbitrary code within the context of the affected application. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 " References ========== [ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011 quagga vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3325) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1 Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1 Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2 Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3 In general, a standard system update will make all the necessary changes. CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet. CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF. For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6. For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Radfa Sabadkharid Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46244 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46244/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46244 RELEASE DATE: 2011-10-24 DISCUSS ADVISORY: http://secunia.com/advisories/46244/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46244/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46244 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Radfa Sabadkharid, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the wysiwyg/editor/filemanager/upload/php/upload.php script not properly validating uploaded file types, which can be exploited to e.g. execute arbitrary PHP code through an uploaded PHP file. SOLUTION: Reportedly, the vendor has issued a fix. PROVIDED AND/OR DISCOVERED BY: St493r ORIGINAL ADVISORY: http://www.sabadkharid.com/news/19/%D9%82%D8%A7%D8%A8%D9%84-%D8%AA%D9%88%D8%AC%D9%87-%D9%85%D8%B4%D8%AA%D8%B1%DB%8C%D8%A7%D9%86-%D9%82%D8%AF%DB%8C%D9%85%DB%8C-%D9%86%D8%B3%D8%AE%D9%87-%D8%AD%D8%B1%D9%81%D9%87-%D8%A7%DB%8C!.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 ===================================================================== 1. Summary: Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability 2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 " References ========== [ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011 quagga vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3327) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1 Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1 Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2 Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3 In general, a standard system update will make all the necessary changes. CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet. CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF. For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6. For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Radfa Sabadkharid Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46244 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46244/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46244 RELEASE DATE: 2011-10-24 DISCUSS ADVISORY: http://secunia.com/advisories/46244/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46244/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46244 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Radfa Sabadkharid, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the wysiwyg/editor/filemanager/upload/php/upload.php script not properly validating uploaded file types, which can be exploited to e.g. execute arbitrary PHP code through an uploaded PHP file. SOLUTION: Reportedly, the vendor has issued a fix. PROVIDED AND/OR DISCOVERED BY: St493r ORIGINAL ADVISORY: http://www.sabadkharid.com/news/19/%D9%82%D8%A7%D8%A8%D9%84-%D8%AA%D9%88%D8%AC%D9%87-%D9%85%D8%B4%D8%AA%D8%B1%DB%8C%D8%A7%D9%86-%D9%82%D8%AF%DB%8C%D9%85%DB%8C-%D9%86%D8%B3%D8%AE%D9%87-%D8%AD%D8%B1%D9%81%D9%87-%D8%A7%DB%8C!.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 ===================================================================== 1. Summary: Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes 802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures 817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587) 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability 2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 " References ========== [ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011 quagga vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3325) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1 Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1 Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2 Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3 In general, a standard system update will make all the necessary changes. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for quagga SECUNIA ADVISORY ID: SA46214 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46214 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46214/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46214/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46214 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for quagga. ORIGINAL ADVISORY: SUSE-SU-2011:1075-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html openSUSE-SU-2011:1155-1: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet. CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF. For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6. For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 ===================================================================== 1. Summary: Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes 802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures 817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587) 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability 2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 " References ========== [ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011 quagga vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3325) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1 Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1 Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2 Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3 In general, a standard system update will make all the necessary changes. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for quagga SECUNIA ADVISORY ID: SA46214 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46214 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46214/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46214/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46214 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for quagga. ORIGINAL ADVISORY: SUSE-SU-2011:1075-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html openSUSE-SU-2011:1155-1: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet. CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF. For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6. For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 ===================================================================== 1. Summary: Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes 802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures 817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587) 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability 2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 " References ========== [ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011 quagga vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3325) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1 Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1 Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2 Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3 In general, a standard system update will make all the necessary changes. CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet. CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF. For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6. For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 ===================================================================== 1. Summary: Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce