Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities Advisory ID: cisco-sa-20150923-fhs Revision 1.0 For Public Release 2015 September 23 16:00 UTC (GMT) +--- Summary === Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs Note: The September 23, 2015, release of the Cisco IOS and IOS XE Software Security Advisory bundled publication includes three Cisco Security Advisories. All the advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: September 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWAWwcAAoJEIpI1I6i1Mx3wYkQAJU+71c6l6BRNwQ65d7XucdS r64mrlpga6Mud4jxqsbatCM76W+DDcSE1xtz2lqWN8L3Aqndq/ZmsysZPID81lr/ kPWpVaNbOjr/BgXe8K8f/xYS6ExIMs7jcLSOcB5obdQaHXOvOf8yPOP4SuHodILO i5JJ+kjE22dmRw1srBCtZF0HdNUFa+aXYuR0OSrqHwaPARMsRPQbsAF7djBVDdRU 1XB4YH5zVXG0q3yMpdlJLdVkPtQesC+BSka66qcSJBnC6tqQ/KEMkUkt+Uk1Yh9s Qpuh9UcIB78/oBy/VZI8IGsTL4uVLczRhonQe5KFP3uvM0LJvMXAn+dTXXBZJXlm 9NEHrOuoxZjPlMYntaY3xE9Ocl3ObA4Y12H1S+E1djhVogdNjW4qN8dorqIq10g5 jAi0o8qhM7o5vRjDt8os0UnuAHPaqtY0C5oaTruZN28N7Hzey4mdM9wkOL/oY+rq Lgd9BT+BHAO+Yop0cgpmPAs2EXYzVz7zN5euYzuFywQOfQvko84YFfzxt6Y+ofIH SbAHZ1tdtw059IQk6Q6nlK3rE9jk+vO7wQ8MW39OXCgjEMlXn7kWQ3gctXz0Qesj li2+OFzXVhLBk3JDiqBQJ08FYoyuH25e58MumDLxZnoQi4jS5YqJcSQjSfnRLn2n eU9LswAcnFiAlRAE34PP =pjAl -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability Advisory ID: cisco-sa-20150923-sshpk Revision 1.0 For Public Release 2015 September 23 16:00 UTC (GMT) +--- Summary === A vulnerability in the SSH version 2 (SSHv2) protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configured for the Virtual Teletype (VTY) line. Depending on the configuration of the user and of the vty line, the attacker may obtain administrative privileges on the system. The attacker cannot use this vulnerability to elevate privileges. The attacker must know a valid username configured for RSA-based user authentication and the public key configured for that user to exploit this vulnerability. This vulnerability affects only devices configured for public key authentication method, also known as RSA-based user authentication feature. Cisco has released software updates that address this vulnerability. Workarounds for this vulnerability are not available; however administrators could temporarily disable RSA-based user authentication to avoid exploitation. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk Note: The September 23, 2015, release of the Cisco IOS and IOS XE Software Security Advisory bundled publication includes three Cisco Security Advisories. All the advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: September 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWAWwoAAoJEIpI1I6i1Mx3ZX8P/2w1PAyuoJbNS6i5ESErJBX8 EM18LXLdOuy+qe5Ag2V6ztDBpLGpp2AdaR4EYeaRnRyqBjL5gqdyXLYotIKk3IY0 4DLG/IEiLoSJql51Fx8GXvuomqr4S3Its3MfSjfkre2fEvVV6NpXaCaBZKsowiw+ e+pu4D1qPZm30+kwO7QUIN0lGwCIboZa7OiRLjItRyixiKbA7LADsCijCNy6FIF+ G8shRD/mSkyBoetF1MjvAN18d+z+Kuy9YOGViM8oWSV20/Z9PXlSujkVdRjaxW4Y +dPp5Fk1ot6zqSXQahZZRBY8glIkqE8gsTSJT9qhfD+8Q3XXY1eUNvlKuNmv3HDg ftlJYTq7Ye5gjbvd2ro7/IAoKf/jaC2CM6pTgegDsXCCarzUMVj6ZjXiP1XqjRS4 4yaX7v9z3qPVid8W8niJscFVdXMG4YGhHqNdriDirUmvF+a5XDa0OGCi40xO8rsV HG1PishidpaMXFgklJPCWzzuwmwWDu6GKvpJkTTSRNYWttzWV+/aMNQzzyGjTSIY ePzDeRctHfaeZyaVCiAVvv6Pj2NP0PGbLmtsr5K5UqoTEbVTy0CIte1iLuu8zzhs HzyoWlqziOq9+0NfvcM5/0J64wekiOUiQehKzyYOa+F3F54KzyDJxNhToezkLhdQ VcGcN1w0HOwRLvd7LWN6 =hXl+ -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability Advisory ID: cisco-sa-20150923-iosxe Revision 1.0 For Public Release 2015 September 23 16:00 UTC (GMT) +--- Summary === A vulnerability in the processing of IPv4 packets that require Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of IPv4 packets that require NAT and MPLS processing. An attacker could exploit this vulnerability by sending an IPv4 packet to be processed by a Cisco IOS XE device configured to perform NAT and MPLS services. A successful exploit could allow the attacker to cause a reload of the affected device. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-iosxe Note: The September 23, 2015, release of the Cisco IOS and IOS XE Software Security Advisory bundled publication includes three Cisco Security Advisories. All the advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: September 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWAWwjAAoJEIpI1I6i1Mx38DAP/RFsW3ytyddAsop+FKs1wOMR 5lecyURmnDItcgbmAFcQIOZDV076aFznVDHKniGZQBsW54nh4YGV1pfq1YNU3ikz XVPY22XNgfnJQVGmzypxkL/hCYJlWF+RWMEQ+5sDMKb2LZP3WNNMtjNBOW4oac3r dP9sYgKBT8GcA4gVlsWEpaaFlMTs90jizkjjm2V1JcGiEn0aoL3+Uq5epJ0mRajI Kx/Dl7DdtiyDONNycABntHena6GtBVu+QvDqTbjpL8VV7XMeLmmCeOtZgGQQ/bTr UgZrRd+skLs+phSREk4x/GwcksRAGYu19pq5fNNAnWOYUBD2dhlfNET4GVKQ++1b h/DfHMXS++Ztj4aEA2VEU1WlFeTA5qRVjWtr6nxxfJoixaf6b0teeXMeWFJh9rRt C3LsSWvTp+X4L8vvVwWRV/Ij5vlMcN2aHp9SCealJzFDRr7r1B1cj/bGq+Cf4Ozc e9+8Y/F5NFe4+Epdm0SwdbYnwAvi6NxR1HGlzhpJWv2fkVZO+uCZajRwjAsceYmI si1mgpMJNgWyLitsRPbFVjnjtJaVdTb9AIUotvWqgHAmm6aaaGt1zRWDoJxZEQq3 r1JVXHd5Jm/jeTUeQApZF4QqIcDxP3vGvpdEdFJbHZGAQobia8TXX2vjagjomZwU IH8hUmuxOjKmeSFIP7oy =W9mD -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20150415-iosxr Revision 1.0 For Public Release 2015 April 15 16:00 UTC (GMT) Summary === A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers (ASR) could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only Typhoon-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability. The vulnerability is due to improper processing of packets that are routed via the bridge-group virtual interface (BVI) when any of the following features are configured: Unicast Reverse Path Forwarding (uRPF), policy-based routing (PBR), quality of service (QoS), or access control lists (ACLs). An attacker could exploit this vulnerability by sending IPv4 packets through an affected device that is configured to route them via the BVI interface. A successful exploit could allow the attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic, leading to a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds to address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVLoaBAAoJEIpI1I6i1Mx3QxoP/0l8Z+HfJhF5ipb0CZT62TIS m6gBR5TnXtkQTSLPBqvGTALoKTpXIuY49YwRjkAYRmVMei+ercsf6llE8YSmYL3Q TjaGxxhp4v9dQo36IwuzhjY8oGiMHIrLuRwWt+b8OZos2d+wQAcP76nfKyWhnGhC rBwN/js1uxBkTWpxIru149xf76moe3+1v353kjVS+PUbm33Uwe1dfAS1uETZvN1N lIIYlyzwqzokl+KRFvPKq0Iyr/qLa2cHqtfcLOwAD2VuLwGboFcno1uOlf7uEt4Z Wb1T1tAHvEHVBMpmh2jcV6EgGw3igU5Azx2C/+YeNqFTAei4qbUYi9Jhg9vuvhO1 ED5w+GaXg58opiaYEvP4GAXJ6pcq2P39Nawncodz/rA2IM5bQyTRWzCflMMfivFC AR0/g500NvwyCWluXaDVpvcZMI/MNuw8nq4MaTp7e/opYAiJFMW/ru6YAAFZOTW3 yG0Iij+vObL977hGlSHxlbJfqusfHT9m1tvARUhqRnD+LJcymvGMY9bJnndGqFr1 MQowrdz2acEX4DYF6RJgjgYSUfpH7QZd2Dh7STxmOS1y+8oUBplcr8oD4qgl/NRk NJyyuN2lLywb+v0EJGwz1+QjCBOLRJ5y3CvYM9ZsPOWJJZASDmPa4EvVQSyXloBM 8aItCdd34k/4H7gj+gYy =nnUg -END PGP SIGNATURE-
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol Advisory ID: cisco-sa-20150325-cip Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === The Cisco IOS Software implementation of the Common Industrial Protocol (CIP) feature contains the following vulnerabilities when processing crafted CIP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition: Cisco IOS Software UDP CIP Denial of Service Vulnerability Cisco IOS Software TCP CIP Packet Memory Leak Vulnerability Cisco IOS Software TCP CIP Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the forwarding plane, resulting in an interruption of services on an affected device. Repeated exploitation could result in a sustained DoS condition. Additionally, successful exploitation of Cisco IOS Software TCP CIP Packet Memory Leak Vulnerability could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3EAAoJEIpI1I6i1Mx3gQoQAMgga/GDsaG87OcxdBDP3PS0 VWVup8SutEuU6I0Gb+L/PmUYPTNCq7Tc25Cumoqy6z5K7jqNsmsrjzoFeUR86Ksr GYY1hFEc9M4nOapTzoiNFQAxg8bGxh5u4PemCCg9CbEfqP51ItKUmKKcsmT45YpJ M2uidBLWkPum0bcfAvD7JMox/luzMFyAiLnb0IJj217hMVr1OmZou66V8cQfWZZl He+pT5WcPKd116GAB3Gb7B0lcEHduTQAb2psSrPOPJLE4bOwBtyuC17wjCoblQKh W1SLIddEDTUHIkvKt71ZKjvARIiwdEFnZWd9QoH9DygSvTPoooN168Ub5S9rqVDy E84p7pJf0FSyAFrXqTdl0vZHIFmZlDwGZnablle1+E878im49dDY2mSLVEQs21Pr V1iu6R9o+affi4MLFPAQSf1zTx6r6zotCO0Rnp33QfFo97UdLyL7I2qtpZhSczGU 4wTySD8qvM/02rUvszWg/YoJ12A7IU5YMjCXb/Lfkd6UYK/go4BA3BuqZAqSuvAN AWq6MEdOsV4uuchVm0ha1YgdQzt9vNveR4twYpSiQZ0MnzcB9020nLlHmVAB3+lY d04mKF1SMQ568mfes8/lNt0fefc6XkVvrZeIk+9uNn+irAynRRBZR2wpnvQT/Xev qc1FbxmTWdixlVg1kZL6 =b7Xz -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability Advisory ID: cisco-sa-20150325-mdns Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending malformed IP version 4 (IPv4) or IP version 6 (IPv6) packets on UDP port 5353. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3FAAoJEIpI1I6i1Mx3h30P/3gJw08jXsXrVu8KO7L3kqLR vKTMc5BYxLQPoLO3SjI2p6uNKn5iMM6oOsKSZt+mehlDZUUe1JBVricFa07bNQmh jW9mCwVrsMMfOF7NL47vJm6GtGZurhc5WlCRp0uE1PNJs6NmMyRgszTxDz1F5Tjh fq6/2SiKnZW0w+MuxZnrck9rPZ+fzjcpe7sKOUr3htAi/Z0cfhadQrEcVXFuRhn9 bSk0D71zzfXt1VazqOIZiciRJOu/cEN5Tq+NZWTUKqFPFlepjT1G/Ho3WPtQWxbp UwZyeh2InlFnc7DWuNCqW+eZ1CFDPWVNGmWcQq3oxNHkvAAvQsn7vsOgNJRr+yNi S8emKrm94iyIaD2ouOMDgof4MireHLNKNnVecsnuJqUui89zZiT6ZIXg5S8eM5sx rkkfoGjTALePenydwM7eAPjUxI4vFzGPwk1ikQrT49a8fZTJ0/p/S6X8BbybJJXK JHiBdOw88ppa7ixOHgSubHH86KKqm5tCqRI13RpTTtDXQpv4Ev0spiDGeTTKtWEA lGmZldoLHO5Tkk+HUwlUMobluwnt1kGKkAFA+wSRukArAt8i52OUziDmQ4WYBf7a CKw+f6WU9YjGxP2jpp/Xy3u9kKkHHXb8R9y009yXLg1ShZS8eiqQhh6O7O7NuiNL k43tGb1gB+D+0SPS3w/x =DuB0 -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability Advisory ID: cisco-sa-20150325-tcpleak Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === A vulnerability in the TCP input module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of the affected device. The vulnerability is due to improper handling of certain crafted packet sequences used in establishing a TCP three-way handshake. An attacker could exploit this vulnerability by sending a crafted sequence of TCP packets while establishing a three-way handshake. A successful exploit could allow the attacker to cause a memory leak and eventual reload of the affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3FAAoJEIpI1I6i1Mx3s7EP/35lG2sxSOAqj5WWow1L0VbB eCYn6sQTavKyg5pXtFKUyUfF8AUHPrySGpcjy77+s+4uDNswIAXplYQrr8r8OifE xJ8OzuvCXOgvyQEAc8H6l7zLLYOkBv6cFAyYPepl0tPac15iOqX6Xv8l2+gnvi6p puKJYc/81bYmqeE0qRvPDzT9rWiccp1pbWUqUu1ZX31zJ86e/mERHFWOTOBA/qC3 Xd/36ljl4sTR8IPOE7Zoq8jfedlc9Bg3cz7aBrFgx8M9jB/V47MPe6eyfLKHHAEI oXPUu8uJBQsrnYa9/MbN3/wmI9weq3mGhaaStmV9JL0oYn/4gsgY+r4f9euXDMqW b/kIkHxtYHrShckox708oHCjCCTdKiTJcGy+GgTagq49c+A7UCzc8XEwgCOyFFbL 5E2AZ6PJUyUEfbPWhPlCj9H/t3G8mfcmH/FZLpwbEGTtfBCb5b1WRdXd0ARqJqD3 ZXy7M9gKGlifenvs9s9rElO+GuIVvmaAZ2anHgH7aLXCxoc7mIQfTxcjV9whXfD2 TBwHhsR7FMrgtqWbBokq/aNrs/ull9RXsubVFLSToj1BAuJlZpyvjbzQw10bPm5b ZL80JvOffzmf2711jIJCoOiVHGdO/jvb518JMY4XoPyBBKSxtTYpKdKXfBQjQgIv L3q5mEH18S0YiHC8yQAz =W7nK -END PGP SIGNATURE-
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure Advisory ID: cisco-sa-20150325-ani Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === The Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device. Autonomic Networking Registration Authority Spoofing Vulnerability Autonomic Networking Infrastructure Spoofed Autonomic Networking Messages Denial of Service Vulnerability Autonomic Networking Infrastructure Device Reload Denial of Service Vulnerability Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3EAAoJEIpI1I6i1Mx3D4kP/RHXNWflKJAGDDZwOfPHgPTu 3ILcyxaURs0troplCPwsJg94U8NZaeRiOQ8Xsu1s4ajquVEXLRFcdw5WKP/Yulir V7M106xpoemlQGMiw/MNEpAzzP4UNQBCO8A66gLrSGQVFI37C0ysH6yE/307d7Qz LX+aEF7nrOtOw6+ZbVF7irebyMGjaqfblOwDeuXzcyDfHp8hEKuIPfQEh7FaBooQ TnnySenNnhbfu6x0px7gTJteEMcOhDTOaW5m2MuF9STKRRGjauhng1IxJirJPC6k tyIJ+1VOop3Ps49E3czgWUtciFufCjgcl6SbmdYx97KCTQIyt7Mmel2cE37il7wR MzgSyuuIgI4METMdDWwxfTpujXXxdM5iRJNXpoSRzD40NFk9q57QvslwSSO6+1Yf ycnAGDVY+n9ahO3boZdMNne9V9dbCYIbVXES5VXxjaiHvCcRWIDUSJ+JeuX5s+em dMGGIqO8xz3Orl1i77kwWpo22V6txXX6YM07Bg52L+8xbbo7ChKDal5R6UAXsgRB vcA7ckhp28SDtlfy0aJHZHzvHNeOqCD55O8HaSdFoh94mkzBlFVxMkaKHnyeZWyA nWJtC8jHgu+VuyLien930AcUtY4NzO9ZT78c98FePuqkZbqKSvnRqYz69Dgaqu7i aqAAKX2qj2R18xzrUBya =yOgs -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities Advisory ID: cisco-sa-20150325-ikev2 Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE) version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit these vulnerabilities by sending malformed IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause a reload of the affected device or excessive consumption of resources that would lead to a DoS condition. IKEv2 is automatically enabled on devices running Cisco IOS and Cisco IOS XE Software when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled. these vulnerabilities can be triggered only by sending malformed IKEv2 packets. There are no workarounds for the vulnerabilities described in this advisory. Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2 Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEtQfAAoJEIpI1I6i1Mx3cC4QAKmoyPEnSiWyCB/TmzivfNls 2cSx2Xs2sa9KNNhqZ69hW9Q5GYhMeR89fwbNEdp/+rh3g79lE1wh/YlPwai8IJl9 t1pLC15TVky5xiEwFbmhEuqpTQ7QbdODsXR+dAVStRun8l/pnxM/r3yFRwtpeTDO vNsJNoIlIK+Wk3onNlMVdrPaSOkMhFZysuVB8hhCdF1kow5FCoMElZONU25+Tb5u 3+S32WC/L3jyDaWbQvDKTnNeHBp6M3+8Y7eXHg74CQzWLrCXN+CN6dPFaI7aR8oY P4a6lqSrkrPRXHUgxAqGKtDgzw8UDaxWdf3RX5z1r54syKzuUyuqNSnAwhZ9+pyW lhKv6Ai5ic4tyNEL++QFoZxnRg8xSopuD8yJzuyC5ZhP48tfGdZ1IIBBwxo4vKd5 9PfOlw3+oMvZrxzLL8ajGi/Vfk4LMayqe0jfmBWVMLMdBe0Dhz0Wxihyt7l+FNLS 2ovubZhBCtmhHSy+cyEgyXEjIG+5KFFJ35Wrm/U0LwXXyPIR2vgp6xn7MT1mKONi w9hWjuxFV4EAHAERvHvNR1fq6HZV+y+0vhG+GZR65XNEGrynxqBd8Dh5VpgAoX+i z8rvo9oSK/OsfbDA/qdSiNNRKAYQaKMFUy8MTFR7i2rwNduosPD36HvE4BAwhsox NgLDi9f/QtXaABCuBLeG =YsTm -END PGP SIGNATURE-
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers Advisory ID: cisco-sa-20150325-iosxe Revision 1.0 For Public Release 2015 March 25 16:00 UTC (GMT) Summary === Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers (ASR), Cisco 4400 Series Integrated Services Routers (ISR), and Cisco Cloud Services Routers (CSR) 1000v Series contains the following vulnerabilities: Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability Cisco IOS XE Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco IOS XE Software Layer 4 Redirect Crafted Packet Denial of Service Vulnerability Cisco IOS XE Software Common Flow Table Crafted Packet Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to trigger a reload of the forwarding plane, causing an interruption of services. Repeated exploitation could result in a sustained denial of service (DoS) condition. Successful exploitation of Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability could allow an unauthenticated remote attacker to execute malicious code on the affected device. Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe Note: The March 25, 2015, Cisco IOS XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVEg3EAAoJEIpI1I6i1Mx3VW8QAL2oALHAprX3uic7IXrFPW95 Cb4bqya2PjrAzZmGlDFCGr2Mko0j+Q9zgX/AGjrtQkaZaHHp7KhpdLGNrnpyEpgj Da9TYL5k/JW/xxWmh3u9q62tUjlgHRHAUqsWAKq7jgJuftqS6u5BdTIIuBhTZeqo yy9QrHTnKtiDwjW4pyvEXft+2OaRZ2u5w+9jdRk6YO41OEHdeiPBQwzOZNQUPi6C n60N1DsvPm8V+u/3i1h1ApENv8iqm/5PxF4pqPC3QgBAzI0JoV6qUokts3U15B6W 1M1cd+lBBze2ztgP8tMhYbwFcbx8WjydYdNjHpaWhv9S+eCWW63nUmlpU4x0Vx9X bVwsooTAtf+j+bfxxq2Agm14n/mjTb/+7Fwh9idoA3UVC1JfMpXuXwKAPXr7Sumz 00kXL2A44thnrEYB+sZmo24XiC/Y+QC0rILr6S1GBy7t/h6qRA4MzITIu0T54jle lwYwwI1RPmo0QL4XFXUUmtowlfvpH3lu5PFD/BwbV5cdsiDrs/ahqcwBVNnReQQe cUUYGBuYz2t3UOuYLQCyaNrd3OzLOn5wYrGk3veODzpYkNOH23fM1YiTVj/5qdV+ l22QBt/wgcrEN42YroCJxK1hxAMO7sB2qCJO/sCGirxN4AEYmp3xqTPb6T76a8jf lcPMb9mmEb9Mc8shvJmS =j74G -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software RSVP Vulnerability Advisory ID: cisco-sa-20140924-rsvp Revision 1.0 For Public Release 2014 September 24 16:00 UTC (GMT) Summary +== A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be exploited repeatedly to cause an extended denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUIZNfAAoJEIpI1I6i1Mx3qoIP/RnDEwuhG4SEtyEAycEOpJoX cDsmK8C0xRKYkoUeSlmkO1TXzRk42RMnd6aoYAxojgqsYnVt10ZKibSLzCxZxWnX MMKhMPSrUSvWvPNgLDYyOJ4R4B6IOwYwS6wNCABtiwes/rET+p+d0gw4rZ4SLujF hSrWcxE8Fax5zU7Z++ZifOhcg/C7gGvIbsuStf01S6/oZHPx8PXnVj9J4eI0Yxz9 JRhkJQv8FlfJYzZnxbi545YH1fUt+e5FzTTlPOaYayYqi0E/NvrPW64s8QKLURE7 M01EzxIsyItwxIYAXy5pcUHnyAd/bZ21CmEiHvOq4GZVXoZpkkF0pCceos+mC987 4mPYVe+PwNrPJwb0qdG6MKDiXmO+txVFLazNF2JJaGeFYjeN+If57mJSttznVLiE ZPCkdLmr/Y2uDbtwoDdFI6TbrIsFceawIEKLn5lIPQrtt+JiwkWkxKSLMsB6wm0l nmogpIL43jgnozrYRTMizA+hu/mHgg88mOWD/AAFA5O6K+YQIEYYtYjy4Bundrq7 2Rr6uJNUN9fD3amT3ZqP6DE7ETlAkC29sFy0IuXkudpXc+YrcVAkhwrlMekoeepL t6cWl+o8dTaexJe7h4neuADwCPrT15wNBiasHP0Uw/BAUnbPM2aOjL8WZDb1BHvT 5AkSuOMpsSZakqt0vik+ =kL1E -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Metadata Vulnerabilities Advisory ID: cisco-sa-20140924-metadata Revision 1.0 For Public Release 2014 September 24 16:00 UTC (GMT) Summary +== Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device. The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker could exploit these vulnerabilities by sending malformed RSVP packets to an affected device. A successful exploit could allow the attacker to cause an extended denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUIZNfAAoJEIpI1I6i1Mx3SpwP/jfNLKisT8kvgV2iMhFr0Z2w 1oOqnYmG1WWNh/yXh+uKIPeHUDSYjsW1ntAP/vnuw1Op2UDPMl1fTWe4AWo8huOf R2cq3dCBZRfKmlhfJAGuqaramkAITwLPNsODwIHZUwXYQPrHnlZB7c/Ry8dkE+d5 ATGeGFS9nDnboAKyRFyusLarQ95X+Yukpq/BmGLXd+neuC+tz4x1PCBvQJdeqaMx Fg2r94dg0mhzwYJ/HBLVUk4OJRYhJxUeJw7zqrB9GGZnYry+ll8qY9pSbMVpI1Yy 523Okpes5zJ1KNR+uceABj1SSpe0n+LAfqj8ekkzrZz7CQGONYEd39PSor73zKBE 1SmyUVj75hoH3rx45SQLgArvfUXkJZLeSgnstWU7DCIlD5OjxMbazq8nlU9cmD5q gXKtPLZI8/xREwUjmmowv3ykSscxW7x0EBL/NCG+JcXmTGS26gf8SGsVfkDYIkuo iLxrgkiuvXtq+SGLdmRnfC7Ts2m/5E1AJHW7V64yZ+tNLW4XM5cMjMtDZXTQdQHN sQvPe8E4sFFpcSn2vi0Y5weBItr3p+QGDF5HxojPr1NLZz8bHUBWJ6kjYvDynM3C yGXTgEI7g8vmzcfeBTZCa3Us/qDb+0DZFzt15TpUbZmcuVjcoSo3myp1+XzP7ky2 xC9OlRnpvnRWrSnAXcLe =E9az -END PGP SIGNATURE-
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System Advisory ID: cisco-sa-20140924-mdns Revision 1.0 For Public Release 2014 September 24 16:00 UTC (GMT) Summary +== The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains the following vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition: Cisco IOS Software mDNS Gateway Memory Leak Vulnerability Cisco IOS Software mDNS Gateway Denial of Service Vulnerability Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUIZNeAAoJEIpI1I6i1Mx3euMP/0ptD3acwXkieo5NTQEYXU2L cMlnxkTZnXzzjkGAcy0eJKhHAh9JI0FU5DcEVmMbTd7qXnm2sixFYR27dxMCJBaG Quj5RgGGz2KUFNGO87+JX8zw8yBKyknN8eO7njBb6c99UHAv/GVZAjnwcDEbRM3L G7/C7S7ZVkk8w63U46CsVV5eaGj2RQnbZx3jYNhPKjZnCc/MQSM87nnTuR8RjkCm wlrReK6BjxtJ13R3o2NmWzSJWSsc8N81pvIooJdaBCqlGZ4e/j06Z5+S5CF3DGiJ xJvEdKGdvLRo14hUtQLJ8Vx8bJMkHBdr7Bernmca/8AIeXEMdc61ZGs8bS72Magh JbiJIT7B3jQXdjzQpQ/mHKNoghkI302g3H6egrtsCBWr+lepEIfmHLf4h0LueqWh pVQPqXWAGg+5AR1ABvP+mwtQuz/psboXpacMM8keZ2a/6uS82tf3lTXR/8zBd+Om sGbhBYIkO67Cp/Zn2CNY1v9Pg8f4tNAkATazg2Mvt4QfOlRUFRYBdyV2LZLSDCJ4 9/Pw8s7pLMMFpt90pBzIBUY+FsiGkWoHduMO7/O93Zw4Y2n2vnRYFkyuFQFphBuO M2Yb20vqO9tsELTt0MDmdfXf40HhhAUF6zbw6fWa4SCV4CwZn6h8eAZttsqQQqxl cdgZjAsAV5dsoejxk0LC =7Kkh -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability Advisory ID: cisco-sa-20140924-dhcpv6 Revision 1.0 For Public Release 2014 September 24 16:00 UTC (GMT) Summary +== A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper parsing of malformed DHCPv6 packets. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of an affected device. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6 Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUIZNeAAoJEIpI1I6i1Mx3FxAP/i8bB96s06HvbR5sSFBf6iqW QMfKKOujTGf9w9UH/CUqVtvX2kDLoaZXxoARruZ3hIk2tWqfkFCIyGtCSEXwQxfg +ueE/LpmXZWkvZ7eLk7GS7lclfVlbu4W5GR1+asp3qIOeKRUpY9SPWDlLuT7vmtb s8WmVbDKQOEg3MJSt4tkUSDQsL6AOvhFue2VYjGUnzYX0SPOQxkeCGCbOcmCRGPH 3Yi0IPiUa/XOxOCfsSlXJQP5OWVOlCnQZGiOlyaiaYiyTjUlB7uKgZP/jGIuc/gf 4dt0FTK/VykqLXIXERNBL28IO/4ZZDtkZvosy92iUG/BlXzdxB4+9pZ3wgqeih9Q 2hVNgX+xQ+M6BoTyMZ11OvZxqvaIr4e4ijx/CRx+jkqsX3tgoWzcEWe6EDpAL/6s G7+0cZ04L5zdbZg0NTqciuN04Wm7HEKTpCr3Da/BwomP7Wzx/zHkKAi0IUj/Qa9f hD/RYmapejks3QXpVPaxYoSQANq7u7dBlSenNYxKaurRNDe9JO8y0LHrLWgF/PlW CRRt3k7x5bo+nHSUQrZTIeJhPLcvZ9zxLhs1X3ksSdB44ro0pH9kGky6ewPzrd/7 8HimC+ibFB5bU+sjw1iLNZY3Wd9pVNpiezuCzoKgK4mJ8IjbtFm+mBRvDL4bf5xA oKMD5Aa57OYRgeRzm5ZR =N1Wn -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20140924-sip Revision 1.0 For Public Release 2014 September 24 16:00 UTC (GMT) Summary +== A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUIZNgAAoJEIpI1I6i1Mx307EQAI1LtZYk5Eiw9CR6ZQSCPjjI vxWM5f+29TObzPyYSlWuoexDnryZ5s3FZNje6HKz0ie9hoHEXJq1YTU7Ya/JeuWV 6yNgBgbIC94PcpmK+aHuboSk/oe9aEvAsIM5lIQJwTxIa1CTq5zP1iKwe420iOQd YOHy8rjxRXda+G3OS/91m98mLQ72vIwQ2tCqrAsn484RoPMHndnMvchLLwxdEsHL fHW0tdTDXZ0KAup92koXBiIBbasfdOo/EgunmI1xw1bbDqs3fX2G6Dl5SiOUHSM0 0sn83/7WnexbXXG+Zv9vAxgYbevesQWqOpZl0Aw+nl+ov2RvmcuaEKXIm/1yPROV vJXaL+q38c+A34Hio308V8xgnPn1CCW91TrOzT+iv+tIrH6O+jT/ehjz8ioNHrKn lxenUBdRiSvLNF/LOpZFlvRs9Gdbat7iwOLbi7ri5s3Mjs4gRQcPg/ElboFvMz1D bZuSk2y7tq46MxvZosHY1JWu+5VgsO2tJAvl+isgn/Vc6Rk6ZAFpvLK+HjPN7AF3 +rPXMm/lqC9IhgviyNpDEVo0clm9a8vNwgki30s4XCS6Mat4irSX+Af0X6fZ1VII K0M+fNHgR72lLv1NR9TsRWz40njwx+ks9a9fdmkfNRuXXjx8OBfC0kwVKBU0H3EJ hzkjmy3Hee100G2V/9X+ =X1lR -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Network Address Translation Denial of Service Vulnerability Advisory ID: cisco-sa-20140924-nat Revision 1.0 For Public Release 2014 September 24 16:00 UTC (GMT) Summary +== A vulnerability in the Network Address Translation (NAT) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper translation of IP version 4 (IPv4) packets. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat Note: The September 24, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUIZNfAAoJEIpI1I6i1Mx3GjkQAKWPwFAUj1OaQ+/vwiKdlcwC sZZk53GXtQE3IVMyOYP2LyeDJk1E/Krv8BK8gguBxSjjhRi4WLKc2lr7NrbOmQUh qq9UCG1HXQi1pOUuKxTJVtlX6jktiZrdvguWcRDCZc6jbPs0cZNmfrsD5fsp8w/2 65dIFPRPYWebLBvKPCJYEvd87ugbb+jLl28qdlCFAaUMgLBnvgeNemIPu9LxgatI I1rEGXSs6YEkAzGG4uwRvOA+K/3GChuGt1v3b4YS6QVOJCHQlNvvztZMJKcPOEj5 EgtHlsQJC/tCLLT43l6+IAbmDTyaXiZITHhxFa3NXI3q6v8yuf7USFnAI7HyNdW7 ZqYpRybdyIMMSaDCMTEjYKQ5wSq95Ci9K2J52GuADKo2VJiAntoRF496VL1WftT8 80jKzNoaDX4310xvSEN2DEAU5ekLH3792o/6zIB+HgDWKZOEayO9ugWjMrBrI226 Djn/sD3oEWKUkp5EZS2HJAzYTitE5zBOfAh5qfQs7siTQQIcP3b2NgdFR5ZTiile Eo2w82I2QC96zUz51a4ESLrK88fOAl30mh/Zk8qhxCUs/29z6h2m7AAsc/9QZNHd Q4lwkodU7yllOIPV16ob47B61XueH4V3Jw7Rt3CJZUwbDTYALlPDK3bwjR60WxP7 KP2y8xOM0z4g0HMz/8bc =luk3 -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20140806-energywise Revision 1.0 For Public Release 2014 August 6 16:00 UTC (GMT) +- Summary === A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted EnergyWise packet to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJT4ivWAAoJEIpI1I6i1Mx30KoP/iN0KYzG01VMF0fbwLcZjIg+ JQn8lY0mTsetm98hLMCRBKB0STTwLZnbDUcfP0HDfncUJKL4Z2/ACIOE/+D4qDmh Mq6EoUwVIP3+w2fdjk2QNbuixbDAfc2RK4c8kT8B/9M2Za+B2+Joz8PjliNzio9j +zCizkbG78k+iPXQUNMeP57Roj8iayh33r2EF5daFp7okhmOkyTcTH2OMHh9FLaz bj7VGP6/ppysmA9zekZE4IeYMVQfCFr6Sb7VbS80jDB8XhjYEmiEtNboumqrdXkG 4syzvYRtNV9JDeRe9sGzBoJYx47EBH89uF8Y9UlPdk0U5iOvFkCc2O/tZsR6GHvt yjHreBvDuZoE/wIksPaAo/BZVudqyH5qz4Hy6Cz3w+XJC4E0Po/IzdKJEIeqt1+b tsgBvKONGUClaDmb501h+V4NKb2JBYapMSl/ohtxDLO43wqGJiY/yNZ5QnJwTjwh mJMTxBofeZTS2sCf9jGWwayNrEO3xAmngzkWy1eTybAB6QiU3VeS3spSsoGnEu5E 3MmfJz8BX6i6XFeQj9tjw5oLs0NXTx1+B85zI7tPzL1D9g4wdUiawZHuBnsg13ME jk9+F8USc2/xGHQ3GJ9OU9Gm0IoFinFyRI1BuzqPZ42XaEJaRnMbWP7jmaksEJew M9tnNIY0SSE5m3JGXZq8 =Hax4 -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20140611-ipv6 Revision 1.0 For Public Release 2014 June 11 16:00 UTC (GMT) Summary === A vulnerability in the parsing of malformed Internet Protocol version 6 (IPv6) packets in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a Network Processor (NP) chip and a line card processing traffic. Only Trident-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability. The vulnerability is due to insufficient logic in parsing malformed IPv6 packets. An attacker could exploit this vulnerability by sending a stream of malformed IPv6 packets to the affected device. An exploit could allow the attacker to cause a lockup and eventual reload of an NP chip and a line card, leading to a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140611-ipv6 -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTmF6XAAoJEIpI1I6i1Mx39ewP/05Z15cOVZKPHsTZQ0nk10Mf LuR8znSVolxIOJl3KWw7Liorml2kAy5mP9lQuMq2AKy/ifDb1CkBRGhpSXAJys9l MHrlg2Bvkm2+oacv8L9m1GLMCzOREc5ItvjXeEjZIzkaM4RrPvTSI79YOxYFjAIK jnrfdk2s9IBTvedB5bib5cpVal7X5T5E7TL0eIizpJzhSrzd/opsVeITOzcqoniU 9L7F5tQJ7RrhMipRKBFrDNp49u0MB3FgiLL+PvR2Qd4ErKmuUsA4MwAsh20krshi e3XVhYgVzqdodVSdphZeAA753yFJYD+ot8rzxW28MoaBfLC7jl23eEUsmAVZ5BO+ /xJ2S1rvHxQhAqaWSOo3dOOHspGtFk7/ZqMAIoKM+w/qx6O6IyY4SgdEYaKLWMDw H+7ya7XXCHfx3BRz9mlnfE7yNrmG+/P95rtyW4zuLuCOwAm/vm+xasj2E2Uts7VV iSLXlH7MNB3PjBkHXomMkvmLaDF5PvbKhlKoinMmJpDhKT286Jjn9RiDGaiVJdH4 rHNjTTVFoYsXLYnHrtpybfYLWmd9OMRYp/nVh75gzm7IvPnN6CCCl8LaHNOq1hcH 4V62x5LrN95yDR83n+weZouWlWcLMVU/aKIlSiN0O0+8/7dOmbgMjjtf8nvkBB6n 0fff2LUlieosr03ZacDo =rfKB -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-sip Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary === A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages. Limited Cisco IOS Software and Cisco IOS XE Software releases are affected. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-sip Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUuAAoJEIpI1I6i1Mx3NjYP/0etuiRKILQ2sFGrwyA+vUc+ af04L8J24D4/7/qQJ9YsZekjol0u0+vJIhHEMzqeRKiv4qUwHudtzgDLn6svASRR djFwz5QzPkrheF/Xk+tKT4NkDcPrr4MWH5j8zRltfYdRgQHVzGeV7u6JorOAlV3b m8Tkg6+sl4rTBw0tky8swM5H35p9UOnDzlFlzx6WNUGZFrv83wbj9L2ZdcDzXSdl 0jXw1xue9DEpksC3A2KNq9zIrizEJGfx97jhhRG0OsK/3gbO3ESFGr6wbkakLZNS WJmCgk82tiT2mM8/FulyPvdpuDAc5y0br+W0I0O0gABZmOoix0DT3NlJXh5hd48y 5iJ5s15D0Og3jJq3nzC8U2za+lMLcDsm4WGgWsY7UvzMWJ24u1Q4LP0Ios5r7bHV MF9CyWSxxqFO3pWBQw53HZhBDmk4rl3iDHSAytHVEjNlrmKAY/Q5MHZpMER1yQIO O9ER61S6eXTS6yCcoFf7cpdBvZR08C9PS/geOmv+5znJ4AbpzCdrQYUDZlcL/DhW jGZ/cvgytw3zPYozPYSFqnB/aadcA3xHeTjba9qsHlo8tAlJqUGIlIzzGsag1yuW rUSjLrnEUDiy0cGxq/tZsERiyUVWtafsc/F6/dshp27LB7Ih8ulOvpTEIMzZKAnv 8sx8s3vq7KEIpWUpj1ak =e0Cj -END PGP SIGNATURE-
Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-RSP72010GE Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary === A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RSP720-3C-10GE and RSP720-3CXL-10GE could allow an unauthenticated, remote attacker to cause the route processor to reboot or stop forwarding traffic. The vulnerability is due to an issue in the Kailash field-programmable gate array (FPGA) versions prior to 2.6. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-RSP72010GE Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUsAAoJEIpI1I6i1Mx3QqEP/1W/RvtG5zkMAVcGxT/fmT57 YsEGW6+znRSsE7VLq4R6040SQYqJemtkdrug6PB5Ie1IWySd6Qv6FA5nAwtrRqaY aSyVSxXt0ta+zmoSlYqidQl+X+oLTWf4hbkKae2DUqlPSoRadyKzp4Fz6GARolka V1P6dCwXKYo+y8444cilT5iw28RajMYDFVBv8pl1j1O20ts8gLskq1sqQaZneYKZ dS8N4yaIOtRp+6hMtH3dcRDm0dy880l4yrBN+4sOC/Pf/oTRiwkhYUXZaDqOme4R K1rWArmc9tkFMGar5j4wVWYk0B8cdOu5+FQ/1hbd2PxgLpvFylDZ/5W83hnK9J4g HTgE9vQ3BDeJkoxLupOksTRxqYgxUzYCs1LfcCNoNbQTOs8tAidQyzng3Rhw3/Ty mB3dTOaR1giqnnp6HNbRzxmw1j7m2kOfkoNhrcLMcO+2R+SaBmG4IHtRoEeABGdc H19Nv7Y/GFug1AY9ntHOyMw1urVa7Dperb22mSqeeF4HPZoYlAYJG0itwkpmdI+R E8STnyi+Hx2LmjEUc59SSLpS0n1ciBRii6CG+hFUUPCDdyJpdGYgVYbOtn3g0YHw 5OR4qK2/hWNOFQ+6DIjhYvXecLEmGltJ1rMxdFdtgH5JT2IAZsdoUHko9b9PRTJ7 J+6y3e8dU2EfXhK7GuFA =RDpO -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-ikev2 Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary === A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device to be processed. An exploit could allow the attacker to cause a reload of the affected device that would lead to a DoS condition. Although IKEv2 is automatically enabled on Cisco IOS Software and Cisco IOS XE Software devices when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled, the vulnerability can be triggered only by sending a malformed IKEv2 packet. Only IKEv2 packets can trigger this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ikev2 Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3JYsQAJSSBgUo2Fq6HUJ1Rq/YlpEf S0FE1xiO9M+pD9w+gloAm+r86TTVrvi8eTsguHnm9I7aZBkKK72Fr6en/ywx7+c2 vqNt7sgfu2EHsK45zgYFMzYIOGomydamV6YixO7wvrnhWKjAHfcO51Ks7SPam2y2 2nTAGnifDcbQGcuneKyr61aob361E1UYpqlq4CK0+hEbx9VzCM2DuidiAOqCgtlA xtzw8Eu/8PP0baBi2DM7N/wlMMVTHNLXguSJNvsQxMnkvyoPObCXucSRvAPb5lSh s38f0kZKQSLcVorkelzT5G7Ht7PxqFJAeghongQW77XEoQ0ERi/isuKHKM16AM+F NCMrWeeNCw3Fcpp9lFu7dmnQx/CAdApB26UEnRifN5dp+wPxk7Jzb/Y/H5jMH+vr XxpzCGvDD8Nlm6PaBbP/leezuBUjWv61xKeeJup/thsl6/lJVsrgFScvQNfXP49x IwPvgFx+u67PIkE0+873+JmrPENNUAY7Le6OmA6UyCewY4seDByEbG9AdigmQAR4 yWUUTe2iFAYKuVKshcrOnCX83qM2K6RNBTbQXS0YrE0gx/f71PdiEs4jiUeSh9aO rJsqX1EJa5QWeOgSlSpNJs/RCs1szchnYcKA2FGmF7sQPYHehY5X8rOistgSCRyd SUNxQ9T/HDRmOpXM85n8 =XFWb -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20140326-nat Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUuAAoJEIpI1I6i1Mx3WmEQAI3rKhU7UnKxev8CKq4Hfp5I mBnX5uHKz+w5vNqgTPYL6y228XHsicFZKNfR9Z2PiyHjwdFq3ndZACYRiK5iKxme oRO3fLAv3Muhb0F0f4j8p6NvzDoE9uZMqIlvG709+VtFhwKeW6aziV9FPNVNbe33 Jnub4qi3AINnxalKiGixmN52rCkNficlHTgbsmvRscqF0NYVos4L+CEcuukyohOV jr41sRLO9/IvY1cwPtkQ5FHI/YLvD7/P1wzVr13eJkTdS28oD0Jo1yArvQJBf+Ae fvlnhoprtAhkGUSYlyUKF5HOCe8lScYMKvfP5Of56yLr+0RQuJty4X4hCX4+HbPd g3AI2yOUHGixLZAVV8GEsnbBtPnenPjqe7EAapyMT+YZx4ocD2dUPMfQTUcUye1r rOQeQjI+vX8NLzlS1paV0vImuN0rJi1phi4/Ne+XT5qSGic3tMZVGm8rsWiMNB8l qosaCwAXUx75KraBU2g8pe8iwmUSGQPFLZoMNkKjez/oEBKXAsCMgZYzsZpht4tg kiDMU2W7OlVPkMcg6Jym/L6bLSzCUekkSREshd2KxzLm4hRSZOX36RNL5wKGjCxQ 94myZA59h4L53lmLUYpsqH6KJafW7NPL/u+YQOQ6qO9iH8c/m04mVCQ2Y05rtDPX OZnQJUm5po9ws6ylHFKw =7Q5K -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software SSL VPN Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-ios-sslvpn Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary === A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacker could submit crafted requests designed to consume memory to an affected device. An exploit could allow the attacker to consume and fragment memory on the affected device. This may cause reduced performance, a failure of certain processes, or a restart of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+ mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7 RF3x0wYuErbbC7N9m1UH =1Ixo -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-ipv6 Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary === A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected device processes a malformed IPv6 packet. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ipv6 Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx35GAP/jkk82q87zMnC9n9e2t9u1DD 7OHUYo7fuXu2L85+zDGgtE7LJ5c9mjZou12A87cjgx4v1B6xvDoemjtoIEmqWKQR LsSoI6oQL6E3PAqeDn70Lrr++kAV/4dCSzoFuiDWa5NLWO2NA1pxoRsF8f/KTENj PvPng8UPlF2WBDqNdTnjR2upDMqn1/jQOMxSSRmkMAOQ0Q3j+g9Pd+rb8ocqTJmg wCj5vXfB52E0HoGddT0UxjkxL1+CR9Jo262LeuRRtMGQsEpK94+L9d4kC/AhhclU RodAJztNC42KdFR4iE1jDHUA8HwhgnkdzuXlA12GIXeHB9EBQR5Te1hyzuAnxq5X x3IeqZnaufO2DmxAVpl3lfEDyKeyAipfCPDtFhEmDF/l12zBRlbMudEwA1Buwriq ayH4798ASI0bBumUiaMiiOyYKbqFL33ONdFMiQZv2lYam1QlYU0Ps3IMiZhD5YHX 9nOKcuWU1Uym+VjHiIKLg5/qQpndg9h+E6mNzZrQSXrpU1nYtwBCZiShBhR5+f4J WYLOVZu5LDpW6mQAhYyKC7ehugeqJZRaZQQX5oi94hlBxz1+4zin8GRVLn/Ibrtq GaeMGODALQjpolszEAt7a4QA5884m++h7Z4Crszr4s4E4j4bUdCEgDc9ynInmO80 OvU1rCkvg7QWSv3HfxI2 =nr53 -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability Advisory ID: cisco-sa-20130925-ipv6vfr Revision 1.0 For Public Release 2013 September 25 16:00 UTC (GMT) - -- Summary === A vulnerability in the implementation of the virtual fragmentation reassembly (VFR) feature for IP version 6 (IPv6) in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a race condition while accessing the reassembly queue for IPv6 fragments. An attacker could exploit this vulnerability by sending a crafted stream of valid IPv6 fragments. Repeated exploitation may result in a sustained DoS condition. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ipv6vfr Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJC6Z0ACgkQUddfH3/BbTon8QD+KjqV+g6xJtyPO04NuZLuUhZf nL+yvKaN2zd0d8DNTXYA/joTFXuponHnVUNni/h5NjU2MaS/ZphGQpuinPUZK5I4 =+5KL -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability Advisory ID: cisco-sa-20130925-cce Revision 1.0 For Public Release 2013 September 25 16:00 UTC (GMT) - -- Summary === A vulnerability in the Zone-Based Firewall (ZBFW) component of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload. The vulnerability is due to improper processing of specific HTTP packets when the device is configured for either Cisco IOS Content Filtering or HTTP application layer gateway (ALG) inspection. An attacker could exploit this vulnerability by sending specific HTTP packets through an affected device. An exploit could allow the attacker to cause an affected device to hang or reload. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-cce Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJC6ZwACgkQUddfH3/BbTrfJAEAhPGE6zVhhuxL2YSSqZ9jQ7iB WSXFXha2WZL3zp//WtgA/3B0mrj1OwGNpUouOUDM20cvsxM8RGUUGJqn/UDgbdi4 =yiSp -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20130925-ntp Revision 1.0 For Public Release 2013 September 25 16:00 UTC (GMT) - -- Summary === A vulnerability in the implementation of the Network Time Protocol (NTP) feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of multicast NTP packets that are sent to an affected device encapsulated in a Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message from a configured MSDP peer. An attacker could exploit this vulnerability by sending multicast NTP packets to an affected device. Repeated exploitation could result in a sustained DoS condition. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ntp Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJC6Z4ACgkQUddfH3/BbTrDQAD/ZDkeJZRsPNylydioU1nw+yJ+ 8frzFaXjO3g0qqocPjMA/R95PEhewfO2A29QwIyGKLw52QkiSt1sd6e2YsDIN84B =Xa3k -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20130925-nat Revision 1.0 For Public Release 2013 September 25 16:00 UTC (GMT) - -- Summary === The Cisco IOS Software implementation of the network address translation (NAT) feature contains three vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJC6Z0ACgkQUddfH3/BbTqtUwD/fmE/9ONyzNjrIDni2UklV3M2 8ATQxEVFt1L3ZYUlyA4A/Ax+e0PiSL6ojL9bSgGIM7Y//+c7ga9nsau2mV5r/mhM =u9YC -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Queue Wedge Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Queue Wedge Denial of Service Vulnerability Advisory ID: cisco-sa-20130925-wedge Revision 1.0 For Public Release 2013 September 25 16:00 UTC (GMT) - -- Summary === A vulnerability in the T1/E1 driver queue implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an interface wedge condition, which could lead to loss of connectivity, loss of routing protocol adjacency, and could result in a denial of service (DoS) scenario. The vulnerability is due to incorrect implementation of the T1/E1 driver queue. An attacker could exploit this vulnerability by sending bursty traffic through the affected interface driver. Repeated exploitation could cause a DoS condition. Workarounds to mitigate this vulnerability are available. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-wedge Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJC6Z4ACgkQUddfH3/BbTpEGAD/Ss7zOJllV49QzpGTtRmbXsjK bgypwesmtU9UdOC39kUA/1FGKQ1kn08R7dJ2PcbbLo8PP0OCtQrSyxTeBtmcIsHw =xChY -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software DHCP Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software DHCP Denial of Service Vulnerability Advisory ID: cisco-sa-20130925-dhcp Revision 1.0 For Public Release 2013 September 25 16:00 UTC (GMT) - -- Summary === A vulnerability in the DHCP implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of crafted DHCP packets. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that has the DHCP server or DHCP relay feature enabled. An exploit could allow the attacker to cause a reload of an affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-dhcp Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJC6Z0ACgkQUddfH3/BbToKcAD/Y0gUqLxw1mMs8yqeoREI7H7x /bU2ckuJKhhzJmmqpjEA/3ekjyVjTXoLRR9vQrYnAeJSE4opTRXYTlJtZesv4tIw =zzbX -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability Advisory ID: cisco-sa-20130925-ike Revision 1.0 For Public Release 2013 September 25 16:00 UTC (GMT) - -- Summary === A vulnerability in the Internet Key Exchange (IKE) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload. The vulnerability is due to incorrect handling of malformed IKE packets by the affected software. An attacker could exploit this vulnerability by sending crafted IKE packets to a device configured with features that leverage IKE version 1 (IKEv1). Although IKEv1 is automatically enabled on a Cisco IOS Software and Cisco IOS XE Software when IKEv1 or IKE version 2 (IKEv2) is configured, the vulnerability can be triggered only by sending a malformed IKEv1 packet. In specific conditions, normal IKEv1 packets can also cause an affected release of Cisco IOS Software to leak memory. Only IKEv1 is affected by this vulnerability. An exploit could cause Cisco IOS Software not to release allocated memory, causing a memory leak. A sustained attack may result in a device reload. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ike Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJC6Z0ACgkQUddfH3/BbTqlXwEAgh4+BJHc44EE50FqW2sNNo57 l9ZxzwJvzF2Tju/Fa18A/2MRGlAmkyvQZTQ/FT/j9wgW+epGNKAZ+XOL7Kwy6Luz =A0a+ -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability Advisory ID: cisco-sa-20130925-rsvp Revision 1.0 For Public Release 2013 September 25 16:00 UTC (GMT) - -- Summary === A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger an interface queue wedge on the affected device. The vulnerability is due to improper parsing of UDP RSVP packets. An attacker could exploit this vulnerability by sending UDP port 1698 RSVP packets to the vulnerable device. An exploit could cause Cisco IOS Software and Cisco IOS XE Software to incorrectly process incoming packets, resulting in an interface queue wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJC6Z4ACgkQUddfH3/BbTq2kwEAj4vA8C+M60R9Q3Ytrpq0jvRh HY+VBYi3HMwsH+PmACYA/iBdUCcbxAHyHmip/8yVjs44Ej2r4JLFfvg6vLCQ8o2G =kOF1 -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software IP Service Level Agreement Vulnerability Advisory ID: cisco-sa-20130327-ipsla Revision 1.0 For Public Release 2013 March 27 16:00 UTC (GMT) +- Summary === The Cisco IOS Software implementation of the IP Service Level Agreement (IP SLA) feature contains a vulnerability in the validation of IP SLA packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Mitigations for this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ipsla Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlFQcd0ACgkQUddfH3/BbTp8QwD+IPK7Dzz7B0uga/FtZKjYU9XC ik2D1EIVMDWcFNYovn8A/i2M+COtgQr9j/7CuMRdNfnAoA65JOxRHu4NTW7cdZoo =w51Y -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Protocol Translation Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Protocol Translation Vulnerability Advisory ID: cisco-sa-20130327-pt Revision 1.0 For Public Release 2013 March 27 16:00 UTC (GMT) +- Summary === The Cisco IOS Software Protocol Translation (PT) feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-pt Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlFQcd4ACgkQUddfH3/BbTr/hQEAhB32OjahAaNFUbeYsZloNqCX C9JHEqRP4k4Y27LcWZUA+wTwW0yKpKzQ9+ZDvaWYiXtL1iSvOhlSjS178A3kMIhb =JlLG -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Smart Install Denial of Service Vulnerability Advisory ID: cisco-sa-20130327-smartinstall Revision 1.0 For Public Release 2013 March 27 16:00 UTC (GMT) +- Summary === The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Affected devices that are configured as Smart Install clients are vulnerable. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that have the Smart Install client feature enabled. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlFQcd4ACgkQUddfH3/BbToUsAD+NSDtaCAvOzfjmsqhxVZN6Uy+ ceAxXTPCp6M0n8yGk0sA/1uJk8CWE1yjCtTu1IDGX8K/SUvWFEUi0pqFyKfKVFEa =eRMY -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Network Address Translation Vulnerability Advisory ID: cisco-sa-20130327-nat Revision 1.0 For Public Release 2013 March 27 10:00 UTC (GMT) +- Summary === The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-nat Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlFQcd0ACgkQUddfH3/BbTrndAD/Qxm/suF3S/US+6bDND+/OKB3 9KpBW/wUPVC2+87IFRQBAIXFrAjFqnbmmBAKFEVZztVhRN1TlOW9JL7mKd6SXwZw =jAQM -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Internet Key Exchange Vulnerability Advisory ID: cisco-sa-20130327-ike Revision 1.0 For Public Release 2013 March 27 16:00 UTC (GMT) +- Summary === The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ike Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlFQcd0ACgkQUddfH3/BbTovwQD8DwYcxZks8h9lxLcC9YX0Stal GfVltUM7jduv3M2tsQgBAIdGU+jBhC8Ct4i/0idzEkoX6o8TAK3EbcUqZt9QjK6F =Viuu -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability Advisory ID: cisco-sa-20130327-cce Revision 1.0 For Public Release 2013 March 27 16:00 UTC (GMT) +- Summary === Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affected by this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP inspection. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-cce Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlFQcd0ACgkQUddfH3/BbTo1NQD+JTLByafJPlfucXQ7tGEHnYy5 vVv944CH2/B0vC3+AHUA/Aw9dc2MzCzkrKELNu9FQDBFkr5lIhdY9i942xPDfHKQ =6IL2 -END PGP SIGNATURE-
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20120926-cucm Revision 1.0 For Public Release 2012 September 26 16:00 UTC (GMT) +- Summary === Cisco Unified Communications Manager contains a vulnerability in its Session Initiation Protocol (SIP) implementation that could allow an unauthenticated, remote attacker to cause a critical service to fail, which could interrupt voice services. Affected devices must be configured to process SIP messages for this vulnerability to be exploitable. Cisco has released free software updates that address this vulnerability. A workaround exists for customers who do not require SIP in their environment. This advisory is available at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html Cisco IOS Software and Cisco IOS XE Software are affected by the vulnerability described in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerability that affects Cisco IOS Software and Cisco IOS XE Software at the following location: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlBgiVQACgkQUddfH3/BbTqDrAD9GKw11Pk/9nwMJBzSQ7znHH8u JzDBtraEHMNDkyEacLAA/2ZbaNvWDOhuly4XCs84hvZhUtxnaHFCNheFGI3Go8nj =0fGN -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20120926-sip Revision 1.0 For Public Release 2012 September 26 16:00 UTC (GMT) +- Summary === A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause an affected device to reload. Affected devices must be configured to process SIP messages and for pass-through of Session Description Protocol (SDP) for this vulnerability to be exploitable. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html Cisco Unified Communications Manager is affected by the vulnerability described in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerability that affects the Cisco Unified Communications Manager at the following location: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlBgeEAACgkQUddfH3/BbTob/wD/Qp0Y5YKNdLu4RUcBgkHojBc+ EQQQyJVSQTrHNG6GJcoA/jXiO1Lic8HzNUQdmusjvD+dIdKjQd8GrMOwAhKOQWpU =vIHn -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability Advisory ID: cisco-sa-20120926-ios-ips Revision 1.0 For Public Release 2012 September 26 16:00 UTC (GMT) +- Summary === Cisco IOS Software contains a vulnerability in the Intrusion Prevention System (IPS) feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if specific Cisco IOS IPS configurations exist. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ios-ips Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlBgeD8ACgkQUddfH3/BbTpJqQD+IN51ZWVrBuSFzCEOb3hRHC+o i093jjXqPMmZ90pvT8wA/2LNuyuDuc7hat0gxy02+ZQbwKfDwaFFsJQ7UnV3WQf/ =QlOw -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability Advisory ID: cisco-sa-20120926-c10k-tunnels Revision 1.0 For Public Release 2012 September 26 16:00 UTC (GMT) +- Summary === Cisco IOS Software contains a queue wedge vulnerability that can be triggered when processing IP tunneled packets. Only Cisco IOS Software running on the Cisco 1 Series router has been demonstrated to be affected. Successful exploitation of this vulnerability may prevent traffic from transiting the affected interfaces. Cisco has released free software updates that addresses this vulnerability. There are no workarounds for this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-c10k-tunnels Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlBgeD4ACgkQUddfH3/BbTpLigD/fKng67LLI/XQ0AkD8l6YyPct /hYpJdygEEIqvm2htS8BAIGs1zHnI0iD1w9RTmKc+uaeopmfO8F7qsutxUFX4KhJ =cGGl -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability Advisory ID: cisco-sa-20120926-bgp Revision 1.0 For Public Release 2012 September 26 16:00 UTC (GMT) +- Summary === Cisco IOS Software contains a vulnerability in the Border Gateway Protocol (BGP) routing protocol feature. The vulnerability can be triggered when the router receives a malformed attribute from a peer on an existing BGP session. Successful exploitation of this vulnerability can cause all BGP sessions to reset. Repeated exploitation may result in an inability to route packets to BGP neighbors during reconvergence times. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-bgp Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlBgeD0ACgkQUddfH3/BbTpwbwD+IkJ8uofSPxpZwUFgVu8dVRWq 6OpD4B6w1i+wGN5IOEQA/1o7VdakD9PFvIZODdfcptJSRK4k4SbeAf46KMFAiSYM =/DrE -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20120926-nat Revision 1.0 For Public Release 2012 September 26 16:00 UTC (GMT) +- Summary === The Cisco IOS Software Network Address Translation (NAT) feature contains two denial of service (DoS) vulnerabilities in the translation of IP packets. The vulnerabilities are caused when packets in transit on the vulnerable device require translation. Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-nat Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlBgeD8ACgkQUddfH3/BbTrGtwD8CaC1pyjW+b1ltiGIsvX+jMfG jEEqlzr6VT/F1vjvaDgA/2pAjCs0T5rcGdJUhyKRlQH+PjVLBRVQaQTp/kk5T4+i =q0VJ -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability Advisory ID: cisco-sa-20120926-dhcpv6 Revision 1.0 For Public Release 2012 September 26 16:00 UTC (GMT) +- Summary === Cisco IOS Software and Cisco IOS XE Software contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a crafted request to an affected device that has the DHCP version 6 (DHCPv6) server feature enabled, causing a reload. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcpv6 Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlBgeD4ACgkQUddfH3/BbTpTmwD/aWSNsmnurhMHzokzSTJUI4/B 428bYcAKinMffKT+bgIA/20BRb6rR7qCoIK0ynVDnbtYiNjwCMy+EQFEUrDWhpl1 =kAhj -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software DHCP Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS Software DHCP Denial of Service Vulnerability Advisory ID: cisco-sa-20120926-dhcp Revision 1.0 For Public Release 2012 September 26 16:00 UTC (GMT) +- Summary === Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a single DHCP packet to or through an affected device, causing the device to reload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcp Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlBgeD4ACgkQUddfH3/BbTrJBgD8D/YGAbTV2hF3i3v0Gg8nFc2x jVoS/mVfTMurWAYQflIA/0HU8TpFR6A9Oegidg2Cjc27Vyx2RbAqah6Y57BceTco =WgD1 -END PGP SIGNATURE-
Cisco Security Advisory: Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability Advisory ID: cisco-sa-20120926-ecc Revision 1.0 For Public Release 2012 September 26 16:00 UTC (GMT) +- Summary === The Catalyst 4500E series switch with Supervisor Engine 7L-E contains a denial of service (DoS) vulnerability when processing specially crafted packets that can cause a reload of the device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ecc Note: The September 26, 2012, Cisco IOS Software Security Advisory bundled publication includes 9 Cisco Security Advisories. Eight of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlBgeD8ACgkQUddfH3/BbTptGQD+LJo6CaOPouQRBuPy+1jpi5SB EvY/pXj/6kA47NIeQtMA/A/K7sSoBEfEn/baeeTcOOvyJ4Yo4I9wekRMSMJFzxoz =kR+l -END PGP SIGNATURE-
[2.0 Update] Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS XR Software Route Processor Denial of Service Vulnerability Advisory ID: cisco-sa-20120530-iosxr Revision 2.0 For Public Release 2012 August 15 16:00 UTC (GMT) +- Summary === Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition. The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP-4G and RSP-8G), Route Switch Processor 440 (RSP440), and Cisco Carrier Routing System (CRS) Performance Route Processor (PRP). The vulnerability is a result of improper handling of crafted packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlArqykACgkQUddfH3/BbTp9qQD+JykExH3Qj2xaR74o4PomFAL4 vpajwSl1+1b6CtV5cQoA/0kwCOTFnjS4Te31QjkSx5+uhDpEPs5qjTb8F6EXiapD =Yc2a -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco IOS XR Software Route Processor Denial of Service Vulnerability Advisory ID: cisco-sa-20120530-iosxr Revision 1.0 For Public Release 2012 May 30 16:00 UTC (GMT) +- Summary === Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition. The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP440) and Cisco Carrier Routing System (CRS) Performance Route Processor (PRP). The vulnerability is a result of improper handling of crafted packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAk/GMvQACgkQQXnnBKKRMNDF2wD6A5yZWmZgCmk5x+RJ2mxIXzcW RXsu7/NENNspgbOJk2wA/RIJ9Fbzy+QZTRuQtg2vX0vCOhterMOVmN3Ue0VCzj52 =lCxE -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Zone-Based Firewall Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Zone-Based Firewall Vulnerabilities Advisory ID: cisco-sa-20120328-zbfw Revision 1.0 For Public Release 2012 March 28 16:00 UTC (GMT) +- Summary === Cisco IOS Software contains four vulnerabilities related to Cisco IOS Zone-Based Firewall features. These vulnerabilities are as follows: * Memory Leak Associated with Crafted IP Packets * Memory Leak in HTTP Inspection * Memory Leak in H.323 Inspection * Memory Leak in SIP Inspection Workarounds that mitigate these vulnerabilities are not available. Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw Note: The March 28, 2012, Cisco IOS Software Security Advisory bundled publication includes nine Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the March 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar12.html Affected Products = Vulnerable Products +-- Cisco IOS devices running vulnerable versions of Cisco IOS Software are affected by four vulnerabilities in the Cisco IOS Zone-Based Firewall. The vulnerabilities are independent of each other. Details to confirm affected configurations are provided below. To determine whether a device is configured with Zone-Based Firewall, log in to the device and issue the show zone security command-line interface (CLI) command. If the output shows a member interface under a zone name, the device is vulnerable. The following example shows a device with Zone-Based Firewall rules configured on both GigabitEthernet0/0 and GigabitEthernet0/1: Router#show zone security zone self Description: System defined zone zone inside Description: *** Inside Network *** Member Interfaces: GigabitEthernet0/0 zone outside Description: *** Outside Network *** Member Interfaces: GigabitEthernet0/1 Router# The following sections provide more details on the specific features containing the vulnerabilities. Memory Leak Associated with Crafted IP Packets +- There is no specific configuration necessary for a device to be vulnerable to the memory leak associated with crafted IP packets. If the Zone-Based Firewall is configured, the device is vulnerable. Memory Leak in HTTP Inspection +- For the device to be vulnerable to the memory leak associated with HTTP inspection, the Zone-Based Firewall must be configured to perform HTTP inspection with the Zone-Based Firewall. To determine whether a device is configured for HTTP inspection, enter the command show policy-map type inspect zone-pair | include Match: protocol http. The following example shows a vulnerable device configured with Cisco IOS Zone-Based Policy Firewall HTTP inspection: Router#show policy-map type inspect zone-pair | include Match: protocol http Match: protocol http Memory Leak in H.323 Inspection +-- For a device to be vulnerable to the memory leak associated with H.323 inspection, the Zone-Based Firewall must be configured to perform H.323 inspection. To determine if a device is configured for H.323 inspection enter the command show policy-map type inspect zone-pair | include Match: protocol h323. If the output contains Match: protocol h323 the device is vulnerable. The following example shows a vulnerable device configured with Cisco IOS Zone-Based Policy Firewall H.323 inspection: Router# show policy-map type inspect zone-pair | include Match: protocol h323 Match: protocol h323 Memory Leak in SIP Inspection + The device is vulnerable if the configuration has either a Layer 4 or Layer 7 Session Initiation Protocol (SIP) application-specific policy configured, and the policy is applied to any firewall zone. To determine whether a device is configured for SIP inspection enter the command show policy-map type inspect zone-pair | include Match: protocol sip. If the output contains Match: protocol sip the device is vulnerable. The following example shows a vulnerable device configured with Cisco IOS Zone-Based Policy Firewall SIP inspection: Router# show policy-map type inspect zone-pair | include Match: protocol sip Match: protocol sip To determine the Cisco IOS Software release that
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features Advisory ID: cisco-sa-20120328-mace Revision 1.0 For Public Release 2012 March 28 16:00 UTC (GMT) + Summary === Cisco IOS Software contains a denial of service (DoS) vulnerability in the Wide Area Application Services (WAAS) Express feature that could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Cisco IOS Software also contains a DoS vulnerability in the Measurement, Aggregation, and Correlation Engine (MACE) feature that could allow an unauthenticated, remote attacker to cause the router to reload. An attacker could exploit these vulnerabilities by sending transit traffic through a router configured with WAAS Express or MACE. Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Repeated exploits could allow a sustained DoS condition. Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-mace Note: The March 28, 2012, Cisco IOS Software Security Advisory bundled publication includes nine Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the March 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/ Cisco_ERP_mar12.html Affected Products = Vulnerable Products +-- Cisco devices that are running Cisco IOS Software are vulnerable when they are configured with the mace enable or waas enable interface configuration commands on one or more interfaces. Additional configuration is required for WAAS Express or MACE to be configured; more details follow. Note: Cisco IOS Software is vulnerable only when configured for WAAS Express or MACE. Cisco IOS Software configured for WAAS, not WAAS Express, is not vulnerable. For more information on WAAS Express, see http://www.cisco.com/en/US/products/ps11211/index.html. For more information about MACE, see http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps11709/ps11671/guide_c07-664643.html. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide at http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by these vulnerabilities. Details === The Cisco Wide Area Application Services (WAAS) Express feature allows optimization of the WAN bandwidth required to access centrally located applications. WAAS Express allows the traffic to be optimized by a Cisco Integrated Services Router (ISR G2), with no other devices required. The Cisco Measurement, Aggregation, and Correlation Engine (MACE) is a Cisco IOS feature that is used for measurement and analysis of network traffic. The feature may be used with WAAS Express to give details of optimized traffic or used by itself to help measure application performance. Cisco IOS Software contains a DoS vulnerability in the WAAS Express feature that could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. This vulnerability is documented in Cisco bug ID CSCtt45381 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-1314. Cisco IOS Software
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability Advisory ID: cisco-sa-20120328-nat Revision 1.0 For Public Release 2012 March 28 16:00 UTC (GMT) + Summary === The Cisco IOS Software Network Address Translation (NAT) feature contains a denial of service (DoS) vulnerability in the translation of Session Initiation Protocol (SIP) packets. The vulnerability is caused when packets in transit on the vulnerable device require translation on the SIP payload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates the vulnerability is available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-nat Note: The March 28, 2012, Cisco IOS Software Security Advisory bundled publication includes nine Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the March 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar12.html Affected Products = Vulnerable Products +-- Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for NAT and contain support for NAT for Session Initiation Protocol. There are two methods to determine if a device is configured for NAT: * Determine if NAT is active on a running device. * Determine if NAT commands are included in the device configuration. Determine if NAT is Active on a Running Device +- The preferred method to verify whether NAT is enabled on a Cisco IOS device is to log in to the device and issue the show ip nat statistics command. If NAT is active, the sections Outside interfaces and Inside interfaces will each include at least one interface. The following example shows a device on which the NAT feature is active: Router#show ip nat statistics Total translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: Serial0 Inside interfaces: Ethernet1 Hits: 135 Misses: 5 Expired translations: 2 Dynamic mappings: -- Inside Source access-list 1 pool mypool refcount 2 pool mypool: netmask 255.255.255.0 start 192.168.10.1 end 192.168.10.254 type generic, total addresses 14, allocated 2 (14%), misses 0 Depending on the Cisco IOS Software release, the interface lists can be in the lines following the Outside interfaces and Inside interfaces. In releases that support the section filter on show commands, the administrator can determine whether NAT is active by using the show ip nat statistics | section interfaces command, as illustrated in the following example: Router show ip nat statistics | section interfaces Outside interfaces: GigabitEthernet0/0 Inside interfaces: GigabitEthernet0/1 Router Determine if NAT Commands are Included in the Device Configuration +- Alternatively, to determine whether NAT has been enabled in the Cisco IOS Software configuration, either the ip nat inside or ip nat outside commands must be present in different interfaces, or in the case of the NAT Virtual Interface, the ip nat enable interface command will be present. Determine the Cisco IOS Software Release +--- To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software
Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability Advisory ID: cisco-sa-20120328-rsvp Revision 1.0 For Public Release 2012 March 28 16:00 UTC (GMT) +- Summary === Cisco IOS Software and Cisco IOS XE Software contain a vulnerability in the RSVP feature when used on a device configured with VPN routing and forwarding (VRF) instances. This vulnerability could allow an unauthenticated, remote attacker to cause an interface wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions. This vulnerability could be exploited repeatedly to cause an extended DoS condition. A workaround is available to mitigate this vulnerability. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-rsvp Note: The March 28, 2012, Cisco IOS Software Security Advisory bundled publication includes nine Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the March 2012 bundled publication. Individual publication links are in Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar12.html Affected Products = Vulnerable Products +-- Only devices with specific configurations are affected. Cisco devices that are running affected Cisco IOS Software or Cisco IOS XE Software versions are vulnerable when they are configured with RSVP and also have one or more VRF interfaces. A device is vulnerable if both the following criteria are met: * At least one VRF is configured without RSVP * At least one other interface (physical or virtual), not in the same VRF, is configured with RSVP Some example scenarios are as follows: * RSVP-Traffic Engineering (RSVP-TE) in Multiprotocol Label Switching (MPLS) infrastructures * Multi-VRF infrastructures * VRF-Lite infrastructures To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide at: http://www.cisco.com/web/about/security/intelligence/ios-ref.html Products Confirmed Not Vulnerable + Cisco IOS-XR software is not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details === Cisco IOS Software and Cisco IOS XE Software contain a vulnerability in the RSVP feature when used on a device configured with VPN routing and forwarding (VRF) instances. This vulnerability could allow an unauthenticated, remote attacker to cause an interface wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions. This vulnerability could be exploited repeatedly to cause an extended DoS condition. A device is vulnerable if it is configured with VRF and none of the interfaces in that VRF have RSVP enabled, but any other interface (physical or virtual) does have RSVP enabled. An attacker with some knowledge of the affected infrastructure could exploit this vulnerability by sending RSVP packets to vulnerable devices. Successful exploitation of the vulnerability could allow an attacker to wedge the receive queue of any RSVP ingress interface. A workaround is available to mitigate this vulnerability. In devices that meet the vulnerable configuration criteria, valid RSVP packets could trigger this vulnerability. An attacker with knowledge of the
Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability Advisory ID: cisco-sa-20110928-ipsla Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +- Summary === The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products = Vulnerable Products +-- Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for IP SLA, either as responders or as originators of vulnerable IP SLA operations. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example shows output from a device that runs a Cisco IOS Software image: Router show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at: http://www.cisco.com/web/about/security/intelligence/ios-ref.html Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by this vulnerability. Details === IP SLA is an embedded agent in Cisco IOS Software designed to measure and monitor common network performance metrics like jitter, latency (delay), and packet loss. The vulnerability that is described in this document is triggered by malformed UDP packets triggered by malformed IP SLA packets sent to the vulnerable device and port. A vulnerable device can be an IP SLA responder or the source device of a vulnerable IP SLA operation. This vulnerability is documented in Cisco bug ID CSCtk67073 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3272. Vulnerable IP SLA Responder Configurations +- A device configured either as an IP SLA general responder or a permanent IP SLA UDP responder is vulnerable. The general responder processes IP SLA control protocol packets on UDP port 1967 and then may dynamically open vulnerable UDP ports according to the IP SLA operations requested using the control protocol. The configuration for a general responder is as follows: ip sla responder The IP SLA UDP permanent responder is also vulnerable. An example configuration is as follows: ip sla responder udp-echo port 300 There is no default UDP port number for the UDP permanent responder Alternatively, both the general responder and the permanent responder can be identified with the show ip sla responder command. The general responder is vulnerable when it has been enabled. The permanent responder is vulnerable only when it has been enabled and the udpEcho Responder is present. In the Following example, the general responder is not vulnerable because it has not been enabled but the permanent responder is vulnerable because it has been enabled with a UDP echo responder:
Cisco Security Advisory: Cisco IOS Software Smart Install Remote Code Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Smart Install Remote Code Execution Vulnerability Advisory ID: cisco-sa-20110928-smart-install Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) + Summary === A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products = This vulnerability only affects Cisco Catalyst Switches and Cisco Integrated Services Routers with the Smart Install feature enabled. Vulnerable Products +-- Devices configured as a Smart Install client or director are affected by this vulnerability. To display Smart Install information, use the show vstack config privileged EXEC command on the Smart Install director or client. The outputs of the show commands are different when entered on the director or on the client. The following is the output of the show vstack config in a device configured as a Smart Install client: switch#show vstack config Role: Client Vstack Director IP address: 10.1.1.163 The following is the output of the show vstack config in a Cisco Catalyst Switch configured as a Smart Install director: Director# show vstack config Role: Director Vstack Director IP address: 10.1.1.163 Vstack Mode: Basic Vstack default management vlan: 1 Vstack management Vlans: none Vstack Config file: tftp://10.1.1.100/default-config.txt Vstack Image file: tftp://10.1.1.100/c3750e-universalk9-tar.122- Join Window Details: Window: Open (default) Operation Mode: auto (default) Vstack Backup Details: Mode: On (default) Repository: flash:/vstack (default) To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Products Confirmed Not Vulnerable + Cisco IOS XR Software is not affected by this vulnerability. Cisco IOS XE Software is not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details === Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches and Cisco Integrated Services Routers. This means that a customer can ship a device to a location, place it in the network and power it on with no configuration required on the device. A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an
Cisco Security Advisory: Cisco 10000 Series Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco 1 Series Denial of Service Vulnerability Advisory ID: cisco-sa-20110928-c10k Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +- Summary === The Cisco 1 Series Router is affected by a denial of service (DoS) vulnerability that can allow an attacker to cause a device reload by sending a series of ICMP packets. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are also available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-c10k.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products = Vulnerable Products +-- Cisco 1 Series Routers that are running an affected version of Cisco IOS are affected. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at: http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Products Confirmed Not Vulnerable + Cisco IOS XR Software is not affected by this vulnerability. Cisco IOS XE Software is not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details === The Cisco 1 Series Router is affected by a denial of service (DoS) vulnerability where an unauthenticated attacker could cause a device reload by sending a series of ICMP packets. Traffic destined to the device or transit traffic could trigger the effects of this vulnerability. This vulnerability is documented in Cisco Bug ID CSCtk62453 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3270. Vulnerability Scoring Details = Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtk62453 (Certain ICMP packets may cause device to reload) CVSS Base Score - 7.8 Access Vector -Network Access Complexity -Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level -Official-Fix Report Confidence -Confirmed Impact
Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability Advisory ID: cisco-sa-20110720-asr9k Revision 1.0 For Public Release 2011 July 20 1600 UTC (GMT) +- Summary === Cisco 9000 Series Aggregation Services Routers (ASR) running Cisco IOS XR Software version 4.1.0 contain a vulnerability that may cause a network processor in a line card to lock up while processing an IP version 4 (IPv4) packet. As a consequence of the network processor lockup, the line card that is processing the offending packet will automatically reload. Cisco has released a free software maintenance upgrade (SMU) to address this vulnerability. There are no workarounds for this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110720-asr9k.shtml Affected Products = Vulnerable Products +-- This vulnerability affects the following Cisco ASR 9000 Series devices when they are running Cisco IOS XR Software version 4.1.0 without the SMU asr9k-p-4.1.0.CSCtr26695.tar installed: * Cisco ASR 9006 router * Cisco ASR 9010 router To determine the software running on a Cisco ASR 9000 Series device, log in to the device and issue the show version brief command to display the system banner. The system banner confirms that the device is running Cisco IOS XR Software by displaying text similar to Cisco IOS XR Software. The software version is displayed after the text Cisco IOS XR Software. The following example identifies a Cisco ASR 9010 that is running Cisco IOS XR Software Release 4.1.0: RP/0/0/CPU0:Router#show version brief Fri Jul 8 18:54:39.222 CEST Cisco IOS XR Software, Version 4.1.0[Default] Copyright (c) 2011 by Cisco Systems, Inc. ROM: System Bootstrap, Version 1.05(20101118:025914) [ASR9K ROMMON], Router uptime is 9 weeks, 1 day, 5 hours, 53 minutes System image file is bootflash:disk0/asr9k-os-mbi-4.1.0/mbiasr9k-rp.vm cisco ASR9K Series (MPC8641D) processor with 4194304K bytes of memory. MPC8641D processor at 1333MHz, Revision 2.2 ASR-9010-CHASSIS 4 Management Ethernet 8 WANPHY controller(s) 8 TenGigE 8 DWDM controller(s) 40 GigabitEthernet 4 SONET/SDH 2 Packet over SONET/SDH 1 MgmtMultilink 219k bytes of non-volatile configuration memory. 975M bytes of compact flash card. 33994M bytes of hard disk. 1605616k bytes of disk0: (Sector size 512 bytes). 1605616k bytes of disk1: (Sector size 512 bytes). To determine which SMUs are active on the device, issue the show install active summary command. This command will return a list of all SMUs installed, as shown in the following example: RP/0/0/CPU0:Router#show install active summary Fri Jul 8 19:02:15.887 CEST Active Packages: disk0:asr9k-doc-p-4.1.0 disk0:asr9k-mini-p-4.1.0 disk0:asr9k-k9sec-p-4.1.0 disk0:asr9k-video-p-4.1.0 Note: The preceding output shows a device without the SMU asr9k-p-4.1.0.CSCtr26695.tar installed. Also note that Cisco IOS XR Software can include multiple SMUs and the output may differ from the preceding example. Products Confirmed Not Vulnerable + The following products are confirmed not vulnerable: * Cisco Carrier Routing System (CRS) running any version of Cisco IOS XR Software * Cisco XR 12000 Series Routers running any version of Cisco IOS XR Software * Cisco 12000 Series Routers running any version of Cisco IOS Software * Cisco IOS Software * Cisco IOS XE Software * Cisco NX-OS Software * Cisco ASR 1000 and 5000 Series routers running any version of software * Cisco ASR 9000 Series routers running any version of Cisco IOS XR Software other than 4.1.0 * Cisco ASR 9000 Series routers running Cisco IOS XR Software version 4.1.0 and with the SMU asr9k-p-4.1.0.CSCtr26695.tar installed To determine which SMUs are active on the device, issue the show install active summary command. This will return a list of all SMUs installed: RP/0/0/CPU0:Router#show install active summary Fri Jul 8 19:02:15.887 CEST Active Packages: disk0:asr9k-p-4.1.0.CSCtr26695-1.0.0 disk0:asr9k-p-4.1.0.CSCto96804-1.0.0 disk0:asr9k-p-4.1.0.CSCto95435-1.0.0 disk0:asr9k-doc-p-4.1.0 disk0:asr9k-mini-p-4.1.0 disk0:asr9k-k9sec-p-4.1.0 disk0:asr9k-video-p-4.1.0 Note: The preceding output shows a device with the SMU asr9k-p-4.1.0.CSCtr26695.tar installed (in bold). Also note that Cisco IOS XR Software can include multiple SMUs and the output may differ from the preceding example. Details === Cisco ASR 9000 Series routers are designed to provide carrier-class reliability using the Cisco IOS XR
Deferral Announcement for the March 2011 Cisco IOS Software Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco PSIRT regularly discloses vulnerabilities in Cisco IOS Software on the fourth Wednesday in March and September via the Cisco IOS Security Advisory bundle. The next bundled disclosure was planned for Wednesday, March 23, 2011, but Cisco will defer this disclosure until the next scheduled Cisco IOS bundle on September 28, 2011. Cisco has a long-standing policy of disclosing vulnerabilities to customers and the public simultaneously to ensure equal access to patched software. Based on recent events in Japan and eastern Asia, we are sensitive to the fact that customers globally are impacted directly or indirectly by these events and may not be able to respond effectively to the scheduled disclosure event. This regional disaster has not affected the ability of Cisco to disclose vulnerability information. In keeping with our policy, if we see evidence of active exploitation of a vulnerability that could lead to increased risk for Cisco customers, we will disclose appropriate information out of cycle. Please direct any questions about this announcement to either ps...@cisco.com or your local Cisco support team. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk2CKzMACgkQQXnnBKKRMNBLjgD/bPLtpIYQd/8DSNfx9/PQg1jA Wmpe6qGaHA3L1YXSzP0A/i7Kyal+nGaJJnqwSsAzaQeV+Lh261Ah9fozXSBba0Kb =kX8s -END PGP SIGNATURE-
Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities Advisory ID: cisco-sa-20110126-csg2 http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml Revision 1.0 For Public Release 2011 January 26 1600 UTC (GMT) +- Summary === A service policy bypass vulnerability exists in the Cisco Content Services Gateway - Second Generation (CSG2), which runs on the Cisco Service and Application Module for IP (SAMI). Under certain configurations this vulnerability could allow: * Customers to access sites that would normally match a billing policy to be accessed without being charged to the end customer * Customers to access sites that would normally be denied based on configured restriction policies Additionally, Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2. These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets. A three-way handshake is not required to exploit either of these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml. Affected Products = The service policy bypass vulnerability affects all versions of the Cisco IOS Software for the CSG2 prior to the first fixed release, as indicated in the Software Versions and Fixes section of this advisory. The two denial of service vulnerabilities only affect Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2. No other Cisco IOS Software releases are affected. Vulnerable Products +-- To determine the version of Cisco IOS Software that is running on the Cisco CSG2, issue the show module command from Cisco IOS Software on the switch on which the Cisco CSG2 module is installed to identify what modules and sub-modules are installed on the system. Cisco CSG2 runs on the Cisco Service and Application Module for IP (SAMI) card, and is identified in the following example in slot 2 via the WS-SVC-SAMI-BB-K9 identification: C7600#show module Mod Ports Card Type Model Serial No. --- - -- -- --- 12 Supervisor Engine 720 (Active) WS-SUP720-3BXL JAF1226ARQS 21 SAMI Module (csgk9)WS-SVC-SAMI-BB-K9 SAD113906P1 4 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL1127T6XY Mod MAC addresses HwFw Sw Status --- -- -- --- 1 001e.be6e.a018 to 001e.be6e.a01b 5.6 8.5(2) 12.2(33)SRC5 Ok 2 001d.45f8.f3dc to 001d.45f8.f3e3 2.1 8.7(0.22)FW1 12.4(2010040 Ok 4 001c.587a.ef20 to 001c.587a.ef4f 2.6 12.2(14r)S5 12.2(33)SRC5 Ok Mod Sub-Module Model Serial Hw Status --- -- --- --- --- 1 Policy Feature Card 3 WS-F6K-PFC3BXL JAF1226BNQM 1.8Ok 1 MSFC3 Daughterboard WS-SUP720 JAF1226BNMC 3.1Ok 2 SAMI Daughterboard 1SAMI-DC-BB SAD114400L9 1.1 Other 2 SAMI Daughterboard 2SAMI-DC-BB SAD114207FU 1.1 Other 4 Centralized Forwarding Card WS-F6700-CFC SAL1029VGFK 2.0Ok Mod Online Diag Status --- 1 Pass 2 Pass 4 Pass C7600# After locating the correct slot, issue the session slot module number processor 3-9 command to open a console connection to the respective Cisco CSG2. Once connected to the Cisco CSG2, perform the show version command: The following example shows that the Cisco CSG2 is running software Release 12.4(24)MD1: CSG2#show version Cisco IOS Software, SAMI Software (SAMI-CSGK9-M), Version 12.4(24)MD1, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Wed 07-Apr-10 09:50 by prod_rel_team --- output truncated --- Products Confirmed Not Vulnerable + The Cisco Content Services Gateway - 1st Generation (CSG) is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details === The Cisco Content Services Gateway - Second Generation (CSG2) provides intelligent network capabilities such as flexible policy management and billing based on deep-packet
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities Advisory ID: cisco-sa-20100922-cucmsip http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucmsip.shtml Revision 1.0 For Public Release 2010 September 22 1600 UTC (GMT) - - Summary === Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of voice services. To address these vulnerabilities, Cisco has released free software updates. There is a workaround for these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucmsip.shtml Note: Cisco IOS Software is also affected by the vulnerabilities described in this advisory. A companion advisory for Cisco IOS software is available at: http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier: http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html Affected Products = Vulnerable Products +-- The following products are affected by the vulnerabilities that are described in this advisory: * Cisco Unified Communications Manager 6.x * Cisco Unified Communications Manager 7.x * Cisco Unified Communications Manager 8.x Administrators of systems that are running Cisco Unified Communications Manager versions 6.x, 7.x and 8.x can determine the software version by viewing the main page of the Cisco Unified Communications Manager Administration interface. The software version can also be determined by running the show version active command via the command-line interface. Products Confirmed Not Vulnerable + Cisco Unified Communications Manager version 4.x is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details === Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, VoIP gateways, and multimedia applications. Cisco Unified Communications Manager contains two DoS vulnerabilities that involve the processing of SIP messages. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, which could result in the disruption of voice services. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060 and 5061) are affected. The first SIP DoS vulnerability is documented in Cisco Bug ID CSCta31358 ( registered customers only) and has been assigned the CVE identifier CVE-2010-2835. This vulnerability is fixed in Cisco Unified Communications Manager versions 6.1(5), 7.0(2a)su3, 7.1(3b) su2, 7.1(5) and 8.0(1). The corresponding IOS defect is CSCta20040. The second SIP DoS vulnerability is documented in Cisco Bug ID CSCtf14987 ( registered customers only) and has been assigned the CVE identifier CVE-2010-2834. The second vulnerability is fixed in Cisco Unified Communications Manager versions 6.1(5)SU1, 7.1(5) and 8.0(2). The corresponding IOS defect is CSCtf72678. Vulnerability Scoring Details = Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for
Cisco Security Advisory: Cisco IOS Software TCP Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software TCP Denial of Service Vulnerability Advisory ID: cisco-sa-20100812-tcp http://www.cisco.com/warp/public/707/cisco-sa-20100812-tcp.shtml Revision 1.0 For Public Release 2010 August 12 2130 UTC (GMT) +- Summary === Cisco IOS Software Release, 15.1(2)T is affected by a denial of service (DoS) vulnerability during the TCP establishment phase. The vulnerability could cause embryonic TCP connections to remain in a SYNRCVD or SYNSENT state. Enough embryonic TCP connections in these states could consume system resources and prevent an affected device from accepting or initiating new TCP connections, including any TCP-based remote management access to the device. No authentication is required to exploit this vulnerability. An attacker does not need to complete a three-way handshake to trigger this vulnerability; therefore, this this vunerability can be exploited using spoofed packets. This vulnerability may be triggered by normal network traffic. Cisco has released Cisco IOS Software Release 15.1(2)T0a to address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100812-tcp.shtml. Affected Products = This vulnerability affects only Cisco IOS Software Release 15.1(2)T. No other Cisco IOS Software Releases are affected. Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software are not affected by this vulnerability. Vulnerable Products +-- A Cisco device is vulnerable when it is running Cisco IOS Software Release 15.1(2)T. To determine the Cisco IOS Software Release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software Release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.1(2)T with an installed image name of C2800NM-ENTSERVICES-M: Router#show version Cisco IOS Software, 2800 Software (C2800NM-ENTSERVICES-M), Version 15.1(2)T, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Mon 19-Jul-10 16:38 by prod_rel_team output truncated Additional information about Cisco IOS Software Release naming conventions is available in the White Paper: Cisco IOS Reference Guide. Products Confirmed Not Vulnerable + No other Cisco IOS Software versions are affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details === TCP provides reliable data transmission services in packet-switched network environments. TCP corresponds to the transport layer (Layer 4) of the OSI reference model. Among the services TCP provides are stream data transfer, reliability, efficient flow control, full-duplex operation, and multiplexing. When TCP connections are terminated in Cisco IOS Software, they are allocated a transmission control block (TCB). All allocated TCBs, associated TCP port numbers, and the TCP state are displayed in the output of the show tcp brief all command-line interface (CLI) command. Cisco IOS Software version 15.1(2)T contains a vulnerability that could cause an embryonic TCP connection to remain in SYNRCVD or SYNSENT state without a further TCP state transition. Examining the output of the show tcp brief all command multiple times will indicate if TCP sessions remain in one of these states. This vulnerability is triggered only by TCP traffic that is terminated by or originated from the device. Transit traffic will not trigger this vulnerability. Both connections to and from the router could trigger this vulnerability. An example of a connection to the router is that you may still be able to ping the device, but fail to establish a TELNET or SSH connection to the device. For example, an administrator may still be able to ping the device but fail to establish a Telnet or SSH connection to the device. Administrators who attempt a Telnet or a SSH connection to a remote device from the CLI prompt will encounter a hung session and the Trying ip address|hostname ... prompt. The connection that is initiated or terminated by the router can be removed from the socket table by clearing the associated TCB with the clear tcp tcb 0xaddress command. Devices could be vulnerable if examining the output of the CLI command debug ip tcp transactions, displays the error messages connection
Cisco Security Advisory: Cisco IOS XR Software SSH Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS XR Software SSH Denial of Service Vulnerability Advisory ID: cisco-sa-20100120-xr-ssh Revision 1.0 For Public Release 2010 January 20 1600 UTC (GMT) +- Summary === The SSH server implementation in Cisco IOS XR Software contains a vulnerability that an unauthenticated, remote user could exploit to cause a denial of service condition. An attacker could trigger this vulnerability by sending a crafted SSH version 2 packet that may cause a new SSH connection handler process to crash. Repeated exploitation may cause each new SSH connection handler process to crash and lead to a significant amount of memory being consumed, which could introduce instability that may adversely impact other system functionality. During this event, the parent SSH daemon process will continue to function normally. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100120-xr-ssh.shtml. Affected Products = Vulnerable Products +-- This vulnerability affects Cisco IOS XR systems that are running an affected version of Cisco IOS XR Software and have the SSH server feature enabled. A system with the SSH server feature enabled will have the command ssh server [v2] present in its configuration. Refer to the Cisco IOS XR System Security Configuration Guide at http://www.cisco.com/en/US/docs/routers/crs/software/crs_r3.9/security/configuration/guide/sc39ssh.html#wp1044523 for additional details regarding configuration of the SSH server in Cisco IOS XR Software. The SSH server can only be enabled in Cisco IOS XR Software if the security Package Information Envelope (PIE) is installed. Administrators can issue the show install summary command to confirm if the security PIE is installed. This command will display an active package similar to platform-k9sec-version or, for example, c12k-k9sec-3.6.1 if the security PIE is installed. Refer to the Software Version and Fixes section of this advisory for information on specific affected software versions. Products Confirmed Not Vulnerable + SSH server implementations in Cisco IOS Software and Cisco IOS XE Software are not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details === Cisco IOS XR Software is a member of the Cisco IOS Software family that uses a microkernel-based distributed operating system infrastructure. Cisco IOS XR Software runs on the Cisco CRS-1 Carrier Routing System, Cisco 12000 Series Routers, and Cisco ASR 9000 Series Aggregation Services Routers. More information on Cisco IOS XR Software is available at http://www.cisco.com/en/US/products/ps5845/index.html. The SSH protocol was developed as a secure replacement for the Telnet, FTP, rlogin, remote shell (rsh), and Remote Copy Protocol (RCP) protocols, which allow for remote device access. SSH varies from these older protocols in that it provides strong authentication and confidentiality and uses encrypted transactions. The SSH server implementation in Cisco IOS XR Software contains a vulnerability that an unauthenticated, remote user could exploit to cause a denial of service condition. The vulnerability is triggered when a new SSH handler process handles a crafted SSH version 2 packet, which may cause the process to crash. During this event, a significant amount of memory may be consumed. Repeated exploitation may impact other system functionality, depending upon the size of the available memory and the duration of attack. Although exploitation of this vulnerability does not require user authentication, the TCP three-way handshake must be completed, and some SSH protocol negotiation must occur. The SSH service will continue to function normally during an after an attack. During exploitation of this vulnerability, the system may generate the following messages: RP/0/RP1/CPU0:Jan 14 16:56:34.885 : dumper[59]: %OS-DUMPER-7-DUMP_ATTRIBUTE : Dump request with attribute 407 for process pkg/bin/sshd_child_handler RP/0/RP1/CPU0:Jan 14 16:56:34.897 : dumper[59]: %OS-DUMPER-7-SIGSEGV : Thread 1 received SIGSEGV RP/0/RP1/CPU0:Jan 14 16:56:34.901 : dumper[59]: %OS-DUMPER-7-BUS_ADRERR : Accessed BadAddr 50199000 at PC 4a280c64 RP/0/RP1/CPU0:Jan 14 16:56:34.906 : dumper[59]: %OS-DUMPER-4-CRASH_INFO : Crashed pid = 21733716 (pkg/bin/sshd_child_handler) This vulnerability is documented in Cisco bug ID CSCsu10574 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0137. Vulnerability Scoring Details = Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability Advisory ID: cisco-sa-20091109-tls http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml Revision 1.0 For Public Release 2009 November 9 1600 UTC (GMT) Summary === An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml. Affected Products = Cisco is currently evaluating products for possible exposure to these TLS issues. Products will only be listed in the Vulnerable Products or Products Confirmed Not Vulnerable sections of this advisory when a final determination about product exposure is made. Products that are not listed in either of these two sections are still being evaluated. Vulnerable Products - --- This section will be updated when more information is available. Products Confirmed Not Vulnerable - - The following products are confirmed not vulnerable: * Cisco AnyConnect VPN Client This section will be updated when more information is available. Details === TLS and its predecessor, SSL, are cryptographic protocols that provide security for communications over IP data networks such as the Internet. An industry-wide vulnerability exists in the TLS protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. The following Cisco Bug IDs are being used to track potential exposure to the SSL and TLS issues. The bugs listed below do not confirm that a product is vulnerable, but rather that the product is under investigation by the appropriate product teams. Registered Cisco customers can view these bugs via Cisco's Bug Toolkit: http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl ++ | Product |Bug ID | |+---| | Cisco Adaptive Security| CSCtd01491| | Device Manager (ASDM) | | |+---| | Cisco AON Software | CSCtd01646| || | |+---| | Cisco AON Healthcare for | CSCtd01652| | HIPAA and ePrescription| | |+---| | Cisco Application and | CSCtd01529| | Content Networking System | | | (ACNS) Software| | |+---| | Cisco Application | CSCtd01480| | Networking Manager | | |+---| | Cisco ASA 5500 Series | CSCtd00697| | Adaptive Security | | | Appliances | | |+---| | Cisco ASA Advanced | | | Inspection and Prevention | CSCtd01539| | (AIP) Security Services| | | Module | | |+---| | Cisco AVS 3100 Series | CSCtd01566| | Application Velocity | | | System | | |+---| | Cisco Catalyst 6500 Series | CSCtd06389| | SSL Services Module| | |+---| | Firewall Services Module | CSCtd04061| | FWSM | | |+---| | Cisco CSS 11000 Series | CSCtd01636| | Content Services Switches | | |+---| | Cisco Unified SIP Phones | CSCtd01446| || |
Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability Advisory ID: cisco-sa-20090923-acl Revision 1.0 For Public Release 2009 September 23 +- Summary === A vulnerability exists in Cisco IOSĀ® software where an unauthenticated attacker could bypass access control policies when the Object Groups for Access Control Lists (ACLs) feature is used. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability other than disabling the Object Groups for ACLs feature. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Ten of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products = Vulnerable Products +-- Any Cisco device configured with ACLs using the object group feature and running an affected Cisco IOS software version is affected by this vulnerability. Note: The Object Groups for ACLs feature was introduced in Cisco IOS software version 12.4(20)T. To verify whether object groups are configured in a Cisco IOS device, use the show object-group command in user EXEC or privileged EXEC mode. The following example displays a sample output from the show object-group command when object groups are configured: Router# show object-group Network object group my_host_group host 172.18.104.123 Service object group my_allowed_services tcp eq www tcp eq 443 Alternatively, administrators can also use the show running config | include ^ (permit|deny) .*object-group command to verify whether object groups are configured, as shown in the following example: Router#show running-config | include ^ (permit|deny) .*object-group permit object-group my_allowed_services host 10.10.1.1 host 10.20.1.1 permit tcp any object-group my_host_group eq 22 To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Products Confirmed Not Vulnerable + Cisco devices that are not configured with object groups are not vulnerable. Cisco IOS XE Software and Cisco IOS XR Software are not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details === In Cisco IOS Software an object group can contain a single object (such as a single IP address, network, or subnet) or multiple objects (such as a combination of multiple IP addresses, networks, or subnets). In an ACL that is based on an object group, administrators can create a single access control entry (ACE) that uses an object group name instead of
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20090923-cm Revision 1.0 For Public Release 2009 September 23 +- Summary === Cisco Unified Communications Manager, which was formerly Cisco Unified CallManager, contains a denial of service (DoS) vulnerability in the Session Initiation Protocol (SIP) service. An exploit of this vulnerability may cause an interruption in voice services. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cm.shtml Note: Cisco IOSĀ® Software is also affected by the vulnerability described in this advisory. A companion advisory for Cisco IOS software is available at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Ten of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products = The vulnerability described in this document applies to the Cisco Unified Communications Manager. Vulnerable Products +-- The following Cisco Unified Communications Manager versions are affected: * Cisco Unified Communications Manager 5.x versions prior to 5.1(3g) * Cisco Unified Communications Manager 6.x versions prior to 6.1(4) * Cisco Unified Communications Manager 7.0.x versions prior to 7.0(2a)su1 * Cisco Unified Communications Manager 7.1.x versions prior to 7.1(2) Cisco Unified CallManager versions 4.x are not affected by this vulnerability. Administrators of systems that are running Cisco Unified Communications Manager versions 5.x, 6.x and 7.x can determine the software version by viewing the main page of the Cisco Unified Communications Manager Administration interface. The software version can also be determined by running the show version active command via the command-line interface. A SIP trunk must be configured for the Cisco Unified CallManager server to begin listening for SIP messages on TCP and UDP port 5060 and TCP/5061. However, in Cisco Unified Communications Manager versions 5.x and later, the use of SIP as a call signaling protocol is enabled by default and cannot be disabled. Cisco IOS Software is also affected by this vulnerability, but it is associated with different Cisco bug IDs. A companion security advisory for Cisco IOS Software is available at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml Products Confirmed Not Vulnerable + Cisco Unified CallManager versions 4.x are not affected by this vulnerability. With the exception of Cisco IOS software, no other Cisco products are currently known to be affected by this vulnerability. Details === Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, voice-over-IP gateways, and multimedia applications. SIP is a popular signaling protocol that manages voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol is flexible enough to accommodate other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP port 5061) as the underlying transport protocol. A DoS vulnerability exists in the SIP implementation of the Cisco Unified Communications Manager. This vulnerability could be triggered when Cisco Unified Communications Manager processes crafted SIP messages. An exploit could lead to a reload of the main Cisco Unified Communications Manager process. This vulnerability is documented in Cisco bug ID CSCsz95423 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2864. Vulnerability Scoring Details
Cisco Security Advisory: Cisco Unified Communications Manager Express Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Express Vulnerability Advisory ID: cisco-sa-20090923-cme Revision 1.0 For Public Release 2009 September 23 +- Summary === Cisco IOSĀ® devices that are configured for Cisco Unified Communications Manager Express (CME) and the Extension Mobility feature are vulnerable to a buffer overflow vulnerability. Successful exploitation of this vulnerability may result in the execution of arbitrary code or a Denial of Service (DoS) condition on an affected device. Cisco has released free software updates that address this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-cme.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Ten of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products = Cisco IOS devices, including Cisco Unified Communications 500 Series, that are configured for Cisco Unified CME and the Extension Mobility feature are affected. Vulnerable Products +-- A Cisco IOS device that is configured for Cisco Unified CME and Extension Mobility contains the following output when the show running-config command is issued: ephone [Ethernet phone tag] ... logout-profile [logout-profile tag] To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name is displayed in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS Reference Guide at the following link: http://www.cisco.com/warp/public/620/1.html . Products Confirmed Not Vulnerable + Cisco IOS devices that are configured for Survivable Remote Site Telephony (SRST) Mode are not affected. Cisco IOS XR is not affected. Cisco IOS XE is not affected. Cisco Unified Communications Manager is not affected. Cisco Unified CME is not affected unless configured to use the Extension Mobility feature. No other Cisco products are currently known to be affected by these vulnerabilities. Details === Cisco Unified CME is the call processing component of an enhanced IP telephony solution that is integrated into Cisco IOS. The Extension Mobility feature in Cisco Unified CME provides the benefit of phone mobility for end users. A user login service allows phone users to temporarily access a physical phone other than their own phone and utilize their personal settings, such as directory number, speed-dial lists, and services, that is assigned to their own desk phone. The phone user can make and receive calls on that phone using the same personal directory number as is on their own desk phone. More information on Extension Mobility
Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability Advisory ID: cisco-sa-20090923-ios-fw Revision 1.0 For Public Release 2009 September 23 +- Summary === Cisco IOSĀ® devices that are configured with Cisco IOS Zone-Based Policy Firewall Session Initiation Protocol (SIP) inspection are vulnerable to denial of service (DoS) attacks when processing a specific SIP transit packet. Exploitation of the vulnerability could result in a reload of the affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Ten of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products = This vulnerability affects a limited number of Cisco IOS Software releases. Consult the Software Versions and Fixes section of this advisory for the details of affected releases. Only devices that are configured with Cisco IOS Zone-Based Policy Firewall SIP inspection (UDP port 5060, TCP ports 5060, and 5061) are vulnerable. Cisco IOS devices that are configured with legacy Cisco IOS Firewall Support for SIP (context-based access control (CBAC)) are not vulnerable. Vulnerable Products +-- To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright Ā©) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright Ā©) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS Reference Guide at the following link: http://www.cisco.com/warp/public/620/1.html The device is vulnerable if the configuration has either a layer 3 or layer 7 SIP application-specific policy configured, and these policies are applied to any firewall zone. To determine whether the device is running a vulnerable configuration, log in to the device and issue the command line interface (CLI) command show policy-map type inspect zone-pair | include atch: access|protocol sip. If the output contains Match: protocol sip, the device is vulnerable. If the output contains Match: access-group number, then the device is only vulnerable if, the referenced access list permits the SIP protocol (UDP port 5060, or TCP ports 5060 and 5061). The following example shows a vulnerable device configured with Cisco IOS Zone-Based Policy Firewall SIP inspection: Router#show policy-map type inspect zone-pair | include atch: access|protocol sip Match: protocol sip Router# The following example shows a vulnerable device configured with SIP inspection by way of an applied access list: Router#show policy-map type inspect zone-pair | include atch:
Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability Advisory ID: cisco-sa-20090923-ntp Revision 1.0 For Public Release 2009 September 23 +- Summary === Cisco IOSĀ® Software with support for Network Time Protocol (NTP) version (v4) contains a vulnerability processing specific NTP packets that will result in a reload of the device. This results in a remote denial of service (DoS) condition on the affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Ten of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products = Vulnerable Products +-- Cisco IOS Software devices are vulnerable if they support NTPv4 and are configured for NTP operations. NTP is not enabled in Cisco IOS Software by default. To see if a device supports NTPv4, log into the device and via configuration mode of the command line interface (CLI), enter the command ntp peer 127.0.0.1 version ?. If the output has the number 4 as an option, then the device supports NTPv4. The following example identifies a Cisco device that is running a Cisco IOS Software release that does support NTPv4: Router#configure terminal Router(config)#ntp peer 127.0.0.1 version ? 2-4 NTP version number The following example identifies a Cisco device that is running a Cisco IOS Software release that does not support NTPv4: Router(config)#ntp peer 127.0.0.1 version ? 1-3 NTP version number To see if a device is configured with NTP, log into the device and issue the CLI command show running-config | include ntp. If the output returns either of the following commands listed then the device is vulnerable: ntp master any following commands ntp peer any following commands ntp server any following commands ntp broadcast client ntp multicast client The following example identifies a Cisco device that is configured with NTP: router#show running-config | include ntp ntp peer 192.168.0.12 The following example identifies a Cisco device that is not configured with NTP: router#show running-config | include ntp router# To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright Ā©) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih output truncated The following example shows a product that is running Cisco IOS Software release 12.4(20)T with an image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright Ā©) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team output truncated Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS Reference Guide at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable + The following products and features are not
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20090923-sip Revision 1.0 For Public Release 2009 September 23 +- Summary === A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOSĀ® Software that could allow an unauthenticated attacker to cause a denial of service (DoS) condition on an affected device when the Cisco Unified Border Element feature is enabled. Cisco has released free software updates that address this vulnerability. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Ten of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products = This vulnerability only affects devices running Cisco IOS Software with SIP voice services enabled. Vulnerable Products +-- Cisco devices running affected Cisco IOS Software versions that are configured to process SIP messages with the Cisco Unified Border Element feature are affected. Cisco IOS devices that are not configured for SIP and Cisco Unified Border Element feature are not affected by this vulnerability. Note: Cisco Unified Border Element feature (previously known as the Cisco Multiservice IP-to-IP Gateway) is a special Cisco IOS Software image that runs on Cisco multiservice gateway platforms. It provides a network-to-network interface point for billing, security, call admission control, quality of service, and signaling interworking. Cisco Unified Border Element feature requires the voice service voip command and the allow-connections subcommand. An example of an affected configuration is as follows: voice service voip allow-connections from-type to to-type ... ! Recent versions of Cisco IOS Software do not process SIP messages by default. Creating a dial peer by issuing the command dial-peer voice will start the SIP processes, causing the Cisco IOS device to process SIP messages. In addition, several features within Cisco Unified Communications Manager Express, such as ePhones, once configured will also automatically start the SIP process, which will cause the device to start processing SIP messages. An example of an affected configuration is as follows: dial-peer voice Voice dial-peer tag voip ... ! In addition to inspecting the Cisco IOS device configuration for a dial-peer command that causes the device to process SIP messages, administrators can also use the command show processes | include SIP to determine whether Cisco IOS Software is running the processes that handle SIP messages. In the following example, the presence of the processes CCSIP_UDP_SOCKET or CCSIP_TCP_SOCKET indicates that the Cisco IOS device is processing SIP messages: Router#show processes | include SIP 149 Mwe 40F482544 1400023108/24000 0 CCSIP_UDP_SOCKET 150 Mwe 40F480344 1400023388/24000 0 CCSIP_TCP_SOCKET warning Warning: Since there are several ways a device running Cisco IOS Software can start processing SIP messages, it is recommended that the show processes | include SIP command be used to determine whether the device is processing SIP messages instead of relying on the presence of specific configuration commands. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with
Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20090923-tls Revision 1.0 For Public Release 2009 September 23 +- Summary === Cisco IOSĀ® Software contains a vulnerability that could allow an attacker to cause a Cisco IOS device to reload by remotely sending a crafted encryption packet. Cisco has released free software updates that address this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090923-tls.shtml Note: The September 23, 2009, Cisco IOS Security Advisory bundled publication includes eleven Security Advisories. Ten of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 23, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html Affected Products = Vulnerable Products +-- Devices running affected versions of Cisco IOS Software are susceptible if configured with any of the following features: * Secure Socket Layer (SSL) Virtual Private Network (VPN) * Secure Shell (SSH) * Internet Key Exchange (IKE) Encrypted Nonces Note: Other SSL/HTTPS related features than WebVPN and SSL VPN are not affected by this vulnerability. To determine whether SSLVPN is enabled on a device, log in to the device and issue the command-line interface (CLI) command show running-config | include webvpn. If the device returns any output then SSLVPN is configured and the device may be vulnerable. Vulnerable configurations vary depending on whether the device is supporting Cisco IOS WebVPN (introduced in Release 12.3(14)T) or Cisco IOS SSLVPNs (introduced in Release 12.4(6)T). The following methods describe how to confirm if the device is vulnerable: If the output from show running-config | include webvpn contains webvpn enable then the device is configured with the original Cisco IOS WebVPN. The only way to determine whether the device is vulnerable is to examine the output of show running-config to confirm that webvpn is enabled via the command webvpn enable and that a ssl trustpoint has been configured. The following example shows a vulnerable device configured with Cisco IOS WebVPN: webvpn enable ! webvpn ssl trustpoint TP-self-signed-29742012 If the output from show running-config | include webvpn contains webvpn gateway word then the device is supporting the Cisco IOS SSLVPN feature. A device is vulnerable if it has the inservice command in at least one of the webvpn gateway sections. The following example shows a vulnerable device configured with Cisco IOS SSLVPN: Router# show running | section webvpn webvpn gateway Gateway ip address 10.1.1.1 port 443 ssl trustpoint Gateway-TP inservice ! Router# A device that supports the Cisco IOS SSLVPN is not vulnerable if it has no webvpn gateways configured or all the configured webvpn gateways contain the no inservice webvpn gateway command. To determine if SSH is enabled use the show ip ssh command, as shown in the following example: Router#show ip ssh SSH Enabled - version 1.99 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key size : 1024 bits To determine if the IKE encrypted nonces feature is enabled, use the show running-config | include rsa-encr command as follows: Router#show running-config | inc rsa-encr authentication rsa-encr To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support:
Cisco Security Advisory: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability Advisory ID: cisco-sa-20090818-bgp http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml Revision 1.0 For Public Release 2009 August 18 1500 UTC (GMT) - - Summary === Cisco IOS XR will reset a Border Gateway Protocol (BGP) peering session when receiving a specific invalid BGP update. The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. The peering session will flap until the sender stops sending the invalid/corrupt update. This is a different vulnerability to what was disclosed in the Cisco Security Advisory Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities disclosed on the 2009 July 29 1600 UTC at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Cisco is preparing to release free software maintenance upgrade (SMU) that address this vulnerability. This advisory will be updated once the SMU is available. A workaround that mitigates this vulnerability is available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml Affected Products = This vulnerability affects all Cisco IOS XR software devices after and including software release 3.4.0 configured with BGP routing. Vulnerable Products +-- To determine the Cisco IOS XR Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS XR Software by displaying text similar to Cisco IOS XR Software. The software version is displayed after the text Cisco IOS XR Software. The following example identifies a Cisco CRS-1 that is running Cisco IOS XR Software Release 3.6.2: RP/0/RP0/CPU0:CRS#show version Tue Aug 18 14:25:17.407 AEST Cisco IOS XR Software, Version 3.6.2[00] Copyright (c) 2008 by Cisco Systems, Inc. ROM: System Bootstrap, Version 1.49(20080319:195807) [CRS-1 ROMMON], CRS uptime is 4 weeks, 4 days, 1 minute System image file is disk0:hfr-os-mbi-3.6.2/mbihfr-rp.vm cisco CRS-8/S (7457) processor with 4194304K bytes of memory. 7457 processor at 1197Mhz, Revision 1.2 17 Packet over SONET/SDH network interface(s) 1 DWDM controller(s) 17 SONET/SDH Port controller(s) 8 TenGigabitEthernet/IEEE 802.3 interface(s) 2 Ethernet/IEEE 802.3 interface(s) 1019k bytes of non-volatile configuration memory. 38079M bytes of hard disk. 981440k bytes of ATA PCMCIA card at disk 0 (Sector size 512 bytes). Configuration register on node 0/0/CPU0 is 0x102 Boot device on node 0/0/CPU0 is mem: !--- output truncated The following example identifies a Cisco 12404 router that is running Cisco IOS XR Software Release 3.7.1: RP/0/0/CPU0:GSR#show version Cisco IOS XR Software, Version 3.7.1[00] Copyright (c) 2008 by Cisco Systems, Inc. ROM: System Bootstrap, Version 12.0(20051020:160303) SOFTWARE Copyright (c) 1994-2005 by cisco Systems, Inc. GSR uptime is 3 weeks, 6 days, 3 hours, 20 minutes System image file is disk0:c12k-os-mbi-3.7.1/mbiprp-rp.vm cisco 12404/PRP (7457) processor with 2097152K bytes of memory. 7457 processor at 1266Mhz, Revision 1.2 1 Cisco 12000 Series Performance Route Processor 1 Cisco 12000 Series - Multi-Service Blade Controller 1 1 Port ISE Packet Over SONET OC-48c/STM-16 Controller (1 POS) 1 Cisco 12000 Series SPA Interface Processor-601/501/401 3 Ethernet/IEEE 802.3 interface(s) 1 SONET/SDH Port controller(s) 1 Packet over SONET/SDH network interface(s) 4 PLIM QoS controller(s) 8 FastEthernet/IEEE 802.3 interface(s) 1016k bytes of non-volatile configuration memory. 1000496k bytes of disk0: (Sector size 512 bytes). 65536k bytes of Flash internal SIMM (Sector size 256k). Configuration register on node 0/0/CPU0 is 0x2102 Boot device on node 0/0/CPU0 is disk0: !--- output truncated Additional information about Cisco IOS XR software release naming conventions is available in the White Paper: Cisco IOS Reference Guide at the following link: http://www.cisco.com/warp/public/620/1.html#t6 Additional information about Cisco IOS XR software time-based release model is available in the White Paper: Guidelines for Cisco IOS XR Software at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8803/ps5845/product_bulletin_c25-478699.html BGP is configured in
Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities Advisory ID: cisco-sa-20090729-bgp http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Revision: 1.0 = For Public Release 2009 July 29 1600 UTC (GMT) Summary === Recent versions of Cisco IOS Software support RFC4893 (BGP Support for Four-octet AS Number Space) and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates. These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured. The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems. The second vulnerability could cause an affected device to reload when the affected device processes a malformed BGP update that has been crafted to trigger the issue. Cisco has released free software updates to address these vulnerabilities. No workarounds are available for the first vulnerability. A workaround is available for the second vulnerability. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Affected Products = Vulnerable Products +-- These vulnerabilities affect only devices running Cisco IOS and Cisco IOS XE Software (here after both referred to as simply Cisco IOS) with support for RFC4893 and that have been configured for BGP routing. The software table in the section Software Versions and Fixes of this advisory indicates all affected Cisco IOS Software versions that have support for RFC4893 and are affected by this vulnerability. A Cisco IOS software version that has support for RFC4893 will allow configuration of AS numbers using 4 Bytes. The following example identifies a Cisco device that has 4 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? 1-65535Autonomous system number 1.0-XX.YY 4 Octets Autonomous system number Or: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? 1-4294967295 Autonomous system number 1.0-XX.YY Autonomous system number The following example identifies a Cisco device that has 2 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? 1-65535 Autonomous system number A router that is running the BGP process will contain a line in the configuration that defines the autonomous system number (AS number), which can be seen by issuing the command line interface (CLI) command show running-config. The canonical textual representation of four byte AS Numbers is standardized by the IETF through RFC5396 (Textual Representation of Autonomous System (AS) Numbers). Two major ways for textual representation have been defined as ASDOT and ASPLAIN. Cisco IOS routers support both textual representations of AS numbers. For further information about textual representation of four byte AS numbers in Cisco IOS Software consult the document Explaining 4-Byte Autonomous System (AS) ASPLAIN and ASDOT Notation for Cisco IOS at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html Cisco IOS Software with support for RFC4893 is affected by both vulnerabilities if BGP routing is configured using either ASPLAIN or ASDOT notation. The following example identifies a Cisco device that is configured for BGP using ASPLAIN notation: router bgp 65536 The following example identifies a Cisco device that is configured for BGP using ASDOT notation: router bgp 1.0 To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The image name displays in parentheses, followed by Version and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability Advisory ID: cisco-sa-20090325-ctcp http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml Revision 1.0 For Public Release 2009 March 25 1600 UTC (GMT) - - Summary === A series of TCP packets may cause a denial of service (DoS) condition on Cisco IOS devices that are configured as Easy VPN servers with the Cisco Tunneling Control Protocol (cTCP) encapsulation feature. Cisco has released free software updates that address this vulnerability. No workarounds are available; however, the IPSec NAT traversal (NAT-T) feature can be used as an alternative. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml Note: The March 25, 2009, Cisco IOS Security Advisory bundled publication includes eight Security Advisories. All of the advisories address vulnerabilities in Cisco IOS Software. Each advisory lists the releases that correct the vulnerability or vulnerabilities in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published in Cisco Security Advisories on March 25, 2009, or earlier. http://www.cisco.com/warp/public/707/cisco-sa-20090325-bundle.shtml Individual publication links are listed below: * Cisco IOS cTCP Denial of Service Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml * Cisco IOS Software Multiple Features IP Sockets Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml * Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml * Cisco IOS Software Secure Copy Privilege Escalation Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml * Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml * Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml * Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml * Cisco IOS Software WebVPN and SSLVPN Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml Affected Products = Vulnerable Products +-- Cisco IOS devices running versions 12.4(9)T or later and configured for Cisco Tunneling Control Protocol (cTCP) encapsulation for EZVPN server are vulnerable. Note: The cTCP encapsulation feature was introduced in Cisco IOS version 12.4(9)T. The cTCP encapsulation feature is disabled by default. Cisco IOS devices configured for EZVPN client are not affected by this vulnerability. Only devices configured as EZVPN servers are vulnerable. To configure the cTCP encapsulation feature for Easy VPN, use the crypto ctcp command in global configuration mode. You can optionally specify the port number that the device will listen to with the crypto ctcp port port command. Up to ten numbers can be configured and the port value can be from 1 through 65535. If the port keyword is not configured, the default port number is 1. In the following example, the Cisco IOS device is configured to listen for cTCP messages on port 1. crypto ctcp port 1 Note: The port keyword is configured only on the Cisco IOS device acting as an EZVPN server. To determine the version of the Cisco IOS software running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS software will identify itself as Internetwork Operating System Software or simply IOS. On the next line of output, the image name will be displayed between parentheses, followed by Version and the IOS release name. Other Cisco devices will not have the show version command or will give different output. The following example identifies a Cisco product running Cisco IOS Software release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih output truncated The next example shows a product running Cisco IOS Software release 12.4(20)T with an image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport
Cisco Security Advisory: Cisco IOS IPS Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS IPS Denial of Service Vulnerability Advisory ID: cisco-sa-20080924-iosips http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosips.shtml Revision 1.0 For Public Release 2008 September 24 1600 UTC (GMT) - - Summary === The Cisco IOS Intrusion Prevention System (IPS) feature contains a vulnerability in the processing of certain IPS signatures that use the SERVICE.DNS engine. This vulnerability may cause a router to crash or hang, resulting in a denial of service condition. Cisco has released free software updates that address this vulnerability. There is a workaround for this vulnerability. Note: This vulnerability is not related in any way to CVE-2008-1447 - Cache poisoning attacks. Cisco Systems has published a Cisco Security Advisory for that vulnerability, which can be found at http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosips.shtml Note: The September 24, 2008 IOS Advisory bundled publication includes twelve Security Advisories. Eleven of the advisories address vulnerabilities in Cisco's IOS software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each Advisory lists the releases that correct the vulnerability described in the Advisory. Please reference the following software table to find a release that fixes all published IOS software Advisories as of September 24th, 2008: http://www.cisco.com/warp/public/707/cisco-sa-20080924-bundle.shtml Individual publication links are listed below: * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-mfi.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml Affected Products = Vulnerable Products +-- Any Cisco IOS device configured with the Cisco IOS IPS feature is vulnerable, regardless if it is configured to use the built-in signatures or an external signature file. Devices using either version 4 or version 5 signatures are affected by this vulnerability. The Cisco IOS IPS feature is not enabled by default. The command show ip ips interfaces can be used to determine if the Cisco IOS IPS feature has been configured and applied to any interface on the device, as in the following example: Router#show ip ips interfaces Interface Configuration Interface FastEthernet0/0 Inbound IPS rule is ios-ips-incoming Outgoing IPS rule is not set Interface FastEthernet0/1 Inbound IPS rule is not set Outgoing IPS rule is ios-ips-outgoing Router# The output of the show ip ips interfaces command when the Cisco IOS IPS feature has not been configured is dependent on which Cisco IOS release is installed and running on the device. It may be similar to the following example: Router#show ip ips interfaces Router# or it may be similar to the following: Router#show ip ips interfaces Interface Configuration IPS is not configured on any interface Router# Any version of Cisco IOS prior to the versions which are listed in the Software Versions and Fixes section below is vulnerable. To determine the version of the Cisco IOS software running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS software will identify itself as Internetwork Operating System Software or simply IOS. On the next line of output, the image name will be displayed between parentheses, followed by Version and the IOS release name. Other Cisco devices will not have the show version command or will give different output. The following example identifies a Cisco product running Cisco IOS Software release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih output truncated Router# The next example shows a product running
Cisco Security Advisory: Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability Advisory ID: cisco-sa-20080924-l2tp http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml Revision 1.0 For Public Release 2008 September 24 1600 UTC (GMT) - - Summary === A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases. Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable. This vulnerability will result in a reload of the device when processing a specially crafted L2TP packet. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml Note: The September 24, 2008 IOS Advisory bundled publication includes twelve Security Advisories. Eleven of the advisories address vulnerabilities in Cisco's IOS software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each Advisory lists the releases that correct the vulnerability described in the Advisory. Please reference the following software table to find a release that fixes all published IOS software Advisories as of September 24th, 2008: http://www.cisco.com/warp/public/707/cisco-sa-20080924-bundle.shtml Individual publication links are listed below: * http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosips.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-mfi.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml Affected Products = All devices running affected versions of 12.2 or 12.4 Cisco IOS system software and that have a vulnerable configuration are affected by this vulnerability. Vulnerable Products +-- To determine if a device is vulnerable, first confirm that the device is running an affected version of 12.2 or 12.4 Cisco IOS system software. Then check for the process L2TP mgmt daemon running on the device. To determine the software version running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS software will identify itself as Internetwork Operating System Software or simply IOS. On the next line of output, the image name will be displayed between parentheses, followed by Version and the IOS release name. Other Cisco devices will not have the show version command or will give different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(11)T2: Router#show version Cisco IOS Software, 7200 Software (C7200-ADVSECURITYK9-M), Version 12.4(11)T2, RELEASE SOFTWARE (fc4) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Tue 01-May-07 04:19 by prod_rel_team output truncated Additional information on the Cisco IOS release naming conventions can be found in the document entitled White Paper: Cisco IOS Reference Guide, which is available at http://www.cisco.com/warp/public/620/1.html To check if the process L2TP mgmt daemon is running on a device, log into the command line interface (CLI) and issue the command show processes | include L2TP . (NOTE: The command is case sensitive.) If the output returns a line with the process name L2TP mgmt daemon, the device is vulnerable. The following example shows a device running the L2TP mgmt daemon process: Router#show processes | include L2TP 158 Mwe 62590FE44 3133322900/24000 0 L2TP mgmt daemon Router# The L2TP mgmt daemon is started by several different types of configurations that may be deployed in networks that leverage the L2TP protocol. If any of the following commands appear within a device's configuration, show running-config, then the device will have started the L2TP mgmt daemon and is vulnerable.
Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet Advisory ID: cisco-sa-20080924-ssl http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml Revision 1.0 For Public Release 2008 September 24 1600 UTC (GMT) - - Summary === A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange. Cisco has released free software updates that address this vulnerability. Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml Note: The September 24, 2008 IOS Advisory bundled publication includes twelve Security Advisories. Eleven of the advisories address vulnerabilities in Cisco's IOS software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each Advisory lists the releases that correct the vulnerability described in the Advisory. Please reference the following software table to find a release that fixes all published IOS software Advisories as of September 24th, 2008: http://www.cisco.com/warp/public/707/cisco-sa-20080924-bundle.shtml Individual publication links are listed below: * http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosips.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-mfi.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml Affected Products = Vulnerable Products +-- Devices running Cisco IOS and using SSL-based services are susceptible to this vulnerability. Some of the services that utilize SSL are: * HTTP server supporting SSL encryption (HTTPS) The following example shows a device that has the standard Cisco IOS HTTP server disabled, but the SSL-enabled Cisco IOS HTTP server enabled: Router#show running-config | include ip http no ip http server ip http secure-server Router# * SSL Virtual Private Network (SSL VPN) also known as AnyConnect VPN The following example shows a device that has the SSL VPN feature enabled: Router#show running-config | include webvpn webvpn enable webvpn Router# * Open Settlement Protocol (OSP) for Packet Telephony feature The following example shows a device that has the OSP feature enabled and uses HTTPS protocol that is vulnerable: Router#show running-config | include url url https://host_ip_address:443/ Router# The Cisco IOS Bug Toolkit may not accurately reflect the affected releases for this advisory. The affected releases are as follows: * 12.4(16)MR, 12.4(16)MR1, 12.4(16)MR2 * 12.4(17) To determine the version of the Cisco IOS software running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS Software will identify itself as Internetwork Operating System Software or simply IOS. On the next line of output, the image name will be displayed between parentheses, followed by Version and the IOS release name. Other Cisco devices will not have the show version command or will give different output. Router#show version Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(15)T2, RELEASE SOFTWARE (fc7) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 17-Jan-08 23:12 by prod_rel_team Additional information about Cisco IOS software release naming is available at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable + No other Cisco products and Cisco IOS releases are currently known to be affected by this vulnerability. Details === This vulnerability is triggered during the termination of an SSL session. Possession of valid credentials such as a username, password or a certificate is not required. SSL protocol uses TCP as a transport protocol. The requirement of the complete TCP 3-way handshake reduces the probability that this
Cisco Security Advisory: Cisco uBR10012 Series Devices SNMP Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco uBR10012 Series Devices SNMP Vulnerability Advisory ID: cisco-sa-20080924-ubr http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml Revision 1.0 For Public Release 2008 September 24 1600 UTC (GMT) - - Summary === Cisco uBR10012 series devices automatically enable Simple Network Management Protocol (SNMP) read/write access to the device if configured for linecard redundancy. This can be exploited by an attacker to gain complete control of the device. Only Cisco uBR10012 series devices that are configured for linecard redundancy are affected. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml NOTE: The September 24, 2008 IOS Advisory bundled publication includes twelve Security Advisories. Eleven of the advisories address vulnerabilities in Cisco's IOS^ software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each Advisory lists the releases that correct the vulnerability described in the Advisory. Please reference the following software table to find a release that fixes all published IOS software Advisories as of September 24th, 2008: http://www.cisco.com/warp/public/707/cisco-sa-20080924-bundle.shtml Individual publication links are listed below: * http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosips.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-mfi.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml Affected Products = Vulnerable Products +-- Cisco uBR10012 series devices that are running Cisco IOS and configured for linecard redundancy are affected. Cisco uBR10012 series devices can be identified by issuing the show version command. The following example shows output from a Cisco uBR10012 series device running Cisco IOS software release 12.3(17b)BC7: ubr10k#show version | include IOS IOS (tm) 1 Software (UBR10K-K8P6U2-M), Version 12.3(17b)BC7, RELEASE SOFTWARE (fc1) ubr10k# Please refer to the document entitled White Paper: Cisco IOS Reference Guide for additional information on the Cisco IOS release naming conventions. This document is available at the following link: http://www.cisco.com/warp/public/620/1.html A Cisco uBR10012 series device configured for linecard redundancy will have a line similar to the following in the output of show running-config command: member subslot slot/card working or hccp group protect worker-member-id worker-ip-address Any version of Cisco IOS prior to the versions listed in the Software Versions and Fixes section below is vulnerable. Products Confirmed Not Vulnerable + Cisco uBR10012 series devices that are not configured for linecard redundancy are not affected. Cisco 1 series devices are not affected even if they are configured for linecard redundancy. Other uBR platforms are not affected. No other Cisco products are currently known to be affected by this vulnerability. Details === Cisco uBR10012 series devices need to communicate with an RF Switch when configured for linecard redundancy. This communication is based on SNMP (Simple Network Management Protocol). When linecard redundancy is enabled on a Cisco uBR10012 series device, SNMP is also automatically enabled with a default community string of private that has read/write privileges. Since there are no access restrictions on this community string, it may be exploited by an attacker to gain complete control of the device. Changing the default community string, adding access restrictions on SNMP or doing both will mitigate this vulnerability. The recommended mitigation is to do both. This vulnerability is documented in the Cisco Bug ID CSCek57932 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2008-3807. Vulnerability Scoring Details = Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080924-cucm http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml Revision 1.0 For Public Release 2008 September 24 1600 UTC (GMT) - - Summary === Cisco Unified Communications Manager, formerly Cisco Unified CallManager, contains two denial of service (DoS) vulnerabilities in the Session Initiation Protocol (SIP) service. An exploit of these vulnerabilities may cause an interruption in voice services. Cisco will release free software updates that address these vulnerabilities and this advisory will be updated as fixed software becomes available. There are no workarounds for these vulnerabilities. Note: Cisco IOS software is also affected by the vulnerabilities described in this advisory. A companion advisory for Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml Affected Products = The vulnerabilities described in this document apply to the Cisco Unified Communications Manager. Vulnerable Products +-- The following Cisco Unified Communications Manager versions are affected: * Cisco Unified CallManager 4.1 versions prior to 4.1.3SR8 * Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR4b * Cisco Unified CallManager 4.3 versions prior to 4.3(2)SR1a * Cisco Unified Communications Manager 5.x versions prior to 5.1 (3d) * Cisco Unified Communications Manager 6.x versions prior to 6.1(2) su1 Administrators of systems running Cisco Unified CallManager version 4.x can determine the software version by navigating to Help About Cisco Unified CallManager and selecting the Details button via the Cisco Unified Communications Manager Administration interface. Administrators of systems that are running Cisco Unified Communications Manager versions 5.x and 6.x can determine the software version by viewing the main page of the Cisco Unified Communications Manager Administration interface. The software version can also be determined by running the command show version active via the command line interface. In Cisco Unified CallManager version 4.x, the use of SIP as a call signaling protocol is not enabled by default, and for the Cisco Unified CallManager server to start listening for SIP messages on TCP and UDP ports 5060 and 5061 a SIP trunk needs to be configured. In Cisco Unified Communications Manager versions 5.x and later, the use of SIP as a call signaling protocol is enabled by default in Cisco Unified Communications Manager and cannot be disabled. Cisco IOS software is also affected by these vulnerabilities, although they are tracked by different Cisco bug IDs. A companion security advisory for Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml Products Confirmed Not Vulnerable + With the exception of Cisco IOS software, no other Cisco products are currently known to be vulnerable to the issues described in this advisory. Cisco Unified Communications Manager version 7.x is not affected by these vulnerabilities. Cisco Unified CallManager version 4.x is not affected by these vulnerabilities if it does not have any SIP trunks configured. Details === Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, voice-over-IP gateways, and multimedia applications. SIP is a popular signaling protocol that is used to manage voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol is flexible to accommodate for other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or TLS (TCP port 5061) as the underlying transport protocol. Two DoS vulnerabilities exist in the SIP implementation of the Cisco Unified Communications Manager. These vulnerabilities can be triggered while processing specific and valid SIP messages and can lead to a reload of the main Cisco Unified Communications Manager process. Version 4.x of Cisco Unified CallManager do not have SIP enabled by default unless a SIP trunk is configured. Versions 5.x and later of the Cisco Unified Communications Manager have SIP is enabled by default and cannot be disabled. The vulnerabilities are being tracked by the following Cisco bug IDs: * CSCsu38644, assigned CVE ID
Cisco Security Advisory: Cisco IOS MPLS VPN May Leak Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS MPLS VPN May Leak Information Advisory ID: cisco-sa-20080924-vpn http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml Revision 1.0 For Public Release 2008 September 24 1600 UTC (GMT) - - Summary === Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs. Workarounds are available to help mitigate this vulnerability. This issue is triggered by a logic error when processing extended communities on the PE device. This issue cannot be deterministically exploited by an attacker. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml NOTE: The September 24, 2008 IOS Advisory bundled publication includes twelve Security Advisories. Eleven of the advisories address vulnerabilities in Cisco's IOS software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each Advisory lists the releases that correct the vulnerability described in the Advisory. Please reference the following software table to find a release that fixes all published IOS software Advisories as of September 24th, 2008: http://www.cisco.com/warp/public/707/cisco-sa-20080924-bundle.shtml Individual publication links are listed below: * http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosips.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-mfi.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml * http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml Affected Products = Products running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for MPLS VPNs or VRF Lite are potentially affected. Cisco IOS releases based on 12.1 are not affected. Vulnerable Products +-- Cisco IOS devices are vulnerable if they are configured for MPLS VPN or VRF Lite and have a BGP session between the CE and PE devices, and process extended communities. If a device is configured for MPLS VPN or VRF Lite the command address-family ipv4 vrf vrf-name or address-family ipv6 vrf vrf-name will be present in the device configuration. The following shows a command executed on a device configured for MPLS VPN: router#show running-config | include address-family [ipv4|ipv6] address-family ipv4 vrf vrf-name The following shows a PE device configured for an IPv4 BGP session between the PE and the CE: router bgp Local AS address-family ipv4 vrf one neighbor neighbor IP remote-as Remote AS neighbor neighbor IP activate To determine the software running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS software will identify itself as Internetwork Operating System Software or simply IOS. On the next line of output, the image name will be displayed between parentheses, followed by Version and the IOS release name. Other Cisco devices will not have the show version command or will give different output. The following example identifies a Cisco product that is running Cisco IOS release 12.4(11)T2: Router#show version Cisco IOS Software, 7200 Software (C7200-ADVSECURITYK9-M), Version 12.4(11)T2, RELEASE SOFTWARE (fc4) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Tue 01-May-07 04:19 by prod_rel_team output truncated Additional information on the Cisco IOS release naming conventions can be found on the document entitled White Paper: Cisco IOS Reference Guide, which is available at http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable + Cisco products not configured for MPLS VPNs or VRF Lite are unaffected by this vulnerability. Cisco products that do not run IOS are unaffected by this vulnerability. Cisco IOS-XR is not affected. No other Cisco products are currently known to be affected by this
Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080521-ssh http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml Revision 1.0 For Public Release 2008 May 21 1600 UTC (GMT) + Summary === The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device. The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities. Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159 has been assigned to this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtm Affected Products = Vulnerable Products +-- Cisco devices running certain 12.4-based IOS releases and configured to be managed via SSH may be affected by this issue. The IOS secure shell server is disabled by default. To determine if SSH is enabled, use the show ip ssh command. Router#show ip ssh SSH Enabled - version 2.0 Authentication timeout: 120 secs; Authentication retries: 3 The previous output shows that SSH is enabled on this device and that the SSH protocol major version that is being supported is 2.0. If the text SSH Disabled is displayed, the device is not vulnerable. Possible values for the SSH protocol version reported by IOS are: * 1.5: only SSH protocol version 1 is enabled * 1.99: SSH protocol version 2 with SSH protocol version 1 compatibility enabled * 2.0: only SSH protocol version 2 is enabled For more information about SSH versions in IOS, please check the following URL: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_ssh2.html The SSH server is not available in all IOS images. Devices that do not support SSH are not vulnerable. Please consult the table of fixed software in the Software Version and Fixes section for the specific 12.4-based IOS releases that are affected. To determine the software running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS software will identify itself as Internetwork Operating System Software or simply IOS. The image name will be displayed between parentheses on the next line of output followed by Version and the IOS release name. Other Cisco devices will not have the show version command or will give different output. The following example identifies a Cisco product running IOS release 12.4(17): Cisco IOS Software, C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.4(17), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Fri 07-Sep-07 16:05 by prod_rel_team ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1) Router uptime is 1 week, 5 hours, 5 minutes System returned to ROM by power-on System image file is flash:c2600-adventerprisek9-mz.124-17.bin Additional information about Cisco IOS release naming is available at http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable + Cisco devices that do not run IOS are not affected. Cisco IOS devices that do not have the SSH server feature enabled are not affected. IOS-XR images are not affected. The following IOS release trains are not affected: * 10-based releases * 11-based releases * 12.0-based releases * 12.1-based releases * 12.2-based releases * 12.3-based releases IOS releases prior to 12.4(7), 12.4(13d)JA, and 12.4(9)T are not affected by this vulnerability. No other Cisco products are currently known to be affected by these vulnerabilities. Details === Secure shell (SSH) was developed as a secure replacement for the telnet, ftp, rlogin, rsh, and rcp protocols, which allow for the remote access of devices. The main difference between SSH and older protocols is that SSH provides strong authentication, guarantees confidentiality, and uses encrypted transactions. The server side of the SSH implementation in Cisco IOS contains multiple vulnerabilities that allow an unauthenticated user to generate a spurious memory access or, in certain cases, reload the device. If the attacker is able to reload the device, these vulnerabilities could be repeatedly exploited to cause an extended Denial of Service (DoS) condition. A
