Test
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
September 2011
- 379 participants
- 181 discussions
On Fri, 30 Sep 2011 04:14:39 -0000, bmanning(a)vacation.karoshi.com said:
> > Tell me how that flys with the customers in your household...
>
> They are freeloaders, not customers. If they -PAID-
> for service, then it would be a different conversation.
Time to cue up "Move it on over" by George Thorogood, 'cause that kind of
talk will leave you sleeping in the doghouse tonight. ;)
2
1
I'd like to ask the list what products people are using to monitor their
environments. By this I'm referring to datacenters, and other equipment.
Temperature, humidity, airflow, cameras, dry contacts, door sensors, leak
detection, all that sort of thing.
I've used Netbotz in the past. Looking to see what else is out there that
people like.
Thanks
E
11
11
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG,
CaribNOG and the RIPE Routing Working Group.
Daily listings are sent to bgp-stats(a)lists.apnic.net
For historical data, please see http://thyme.rand.apnic.net.
If you have any comments please contact Philip Smith <pfsinoz(a)gmail.com>.
Routing Table Report 04:00 +10GMT Sat 01 Oct, 2011
Report Website: http://thyme.rand.apnic.net
Detailed Analysis: http://thyme.rand.apnic.net/current/
Analysis Summary
----------------
BGP routing table entries examined: 374848
Prefixes after maximum aggregation: 168719
Deaggregation factor: 2.22
Unique aggregates announced to Internet: 185153
Total ASes present in the Internet Routing Table: 38930
Prefixes per ASN: 9.63
Origin-only ASes present in the Internet Routing Table: 32252
Origin ASes announcing only one prefix: 15477
Transit ASes present in the Internet Routing Table: 5218
Transit-only ASes present in the Internet Routing Table: 137
Average AS path length visible in the Internet Routing Table: 4.4
Max AS path length visible: 33
Max AS path prepend of ASN (48687) 24
Prefixes from unregistered ASNs in the Routing Table: 1474
Unregistered ASNs in the Routing Table: 802
Number of 32-bit ASNs allocated by the RIRs: 1802
Number of 32-bit ASNs visible in the Routing Table: 1460
Prefixes from 32-bit ASNs in the Routing Table: 3347
Special use prefixes present in the Routing Table: 0
Prefixes being announced from unallocated address space: 103
Number of addresses announced to Internet: 2481536768
Equivalent to 147 /8s, 233 /16s and 63 /24s
Percentage of available address space announced: 67.0
Percentage of allocated address space announced: 67.0
Percentage of available address space allocated: 100.0
Percentage of address space in use by end-sites: 91.4
Total number of prefixes smaller than registry allocations: 156962
APNIC Region Analysis Summary
-----------------------------
Prefixes being announced by APNIC Region ASes: 93945
Total APNIC prefixes after maximum aggregation: 30799
APNIC Deaggregation factor: 3.05
Prefixes being announced from the APNIC address blocks: 90409
Unique aggregates announced from the APNIC address blocks: 37945
APNIC Region origin ASes present in the Internet Routing Table: 4567
APNIC Prefixes per ASN: 19.80
APNIC Region origin ASes announcing only one prefix: 1260
APNIC Region transit ASes present in the Internet Routing Table: 707
Average APNIC Region AS path length visible: 4.5
Max APNIC Region AS path length visible: 19
Number of APNIC region 32-bit ASNs visible in the Routing Table: 90
Number of APNIC addresses announced to Internet: 628377696
Equivalent to 37 /8s, 116 /16s and 72 /24s
Percentage of available APNIC address space announced: 79.7
APNIC AS Blocks 4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319,
58368-59391, 131072-132095, 132096-133119
APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8,
49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8,
106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
123/8, 124/8, 125/8, 126/8, 133/8, 175/8, 180/8,
182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8,
219/8, 220/8, 221/8, 222/8, 223/8,
ARIN Region Analysis Summary
----------------------------
Prefixes being announced by ARIN Region ASes: 143988
Total ARIN prefixes after maximum aggregation: 73994
ARIN Deaggregation factor: 1.95
Prefixes being announced from the ARIN address blocks: 116124
Unique aggregates announced from the ARIN address blocks: 47994
ARIN Region origin ASes present in the Internet Routing Table: 14694
ARIN Prefixes per ASN: 7.90
ARIN Region origin ASes announcing only one prefix: 5653
ARIN Region transit ASes present in the Internet Routing Table: 1557
Average ARIN Region AS path length visible: 4.0
Max ARIN Region AS path length visible: 25
Number of ARIN region 32-bit ASNs visible in the Routing Table: 12
Number of ARIN addresses announced to Internet: 804495360
Equivalent to 47 /8s, 243 /16s and 160 /24s
Percentage of available ARIN address space announced: 63.9
ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106
(pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153
3354-4607, 4865-5119, 5632-6655, 6912-7466
7723-8191, 10240-12287, 13312-15359, 16384-17407
18432-20479, 21504-23551, 25600-26591,
26624-27647, 29696-30719, 31744-33791
35840-36863, 39936-40959, 46080-47103
53248-55295, 393216-394239
ARIN Address Blocks 3/8, 4/8, 6/8, 7/8, 8/8, 9/8, 11/8,
12/8, 13/8, 15/8, 16/8, 17/8, 18/8, 19/8,
20/8, 21/8, 22/8, 23/8, 24/8, 26/8, 28/8,
29/8, 30/8, 32/8, 33/8, 34/8, 35/8, 38/8,
40/8, 44/8, 45/8, 47/8, 48/8, 50/8, 52/8,
53/8, 54/8, 55/8, 56/8, 57/8, 63/8, 64/8,
65/8, 66/8, 67/8, 68/8, 69/8, 70/8, 71/8,
72/8, 73/8, 74/8, 75/8, 76/8, 96/8, 97/8,
98/8, 99/8, 100/8, 104/8, 107/8, 108/8, 173/8,
174/8, 184/8, 199/8, 204/8, 205/8, 206/8, 207/8,
208/8, 209/8, 214/8, 215/8, 216/8,
RIPE Region Analysis Summary
----------------------------
Prefixes being announced by RIPE Region ASes: 89839
Total RIPE prefixes after maximum aggregation: 50430
RIPE Deaggregation factor: 1.78
Prefixes being announced from the RIPE address blocks: 82551
Unique aggregates announced from the RIPE address blocks: 54098
RIPE Region origin ASes present in the Internet Routing Table: 16005
RIPE Prefixes per ASN: 5.16
RIPE Region origin ASes announcing only one prefix: 7962
RIPE Region transit ASes present in the Internet Routing Table: 2506
Average RIPE Region AS path length visible: 4.7
Max RIPE Region AS path length visible: 33
Number of RIPE region 32-bit ASNs visible in the Routing Table: 1032
Number of RIPE addresses announced to Internet: 490070912
Equivalent to 29 /8s, 53 /16s and 227 /24s
Percentage of available RIPE address space announced: 78.9
RIPE AS Blocks 1877-1901, 2043, 2047, 2107-2136, 2585-2614
(pre-ERX allocations) 2773-2822, 2830-2879, 3154-3353, 5377-5631
6656-6911, 8192-9215, 12288-13311, 15360-16383
20480-21503, 24576-25599, 28672-29695
30720-31743, 33792-35839, 38912-39935
40960-45055, 47104-52223, 56320-58367
196608-198655
RIPE Address Blocks 2/8, 5/8, 25/8, 31/8, 37/8, 46/8, 51/8,
62/8, 77/8, 78/8, 79/8, 80/8, 81/8, 82/8,
83/8, 84/8, 85/8, 86/8, 87/8, 88/8, 89/8,
90/8, 91/8, 92/8, 93/8, 94/8, 95/8, 109/8,
176/8, 178/8, 185/8, 193/8, 194/8, 195/8, 212/8,
213/8, 217/8,
LACNIC Region Analysis Summary
------------------------------
Prefixes being announced by LACNIC Region ASes: 35011
Total LACNIC prefixes after maximum aggregation: 7797
LACNIC Deaggregation factor: 4.49
Prefixes being announced from the LACNIC address blocks: 34336
Unique aggregates announced from the LACNIC address blocks: 18003
LACNIC Region origin ASes present in the Internet Routing Table: 1530
LACNIC Prefixes per ASN: 22.44
LACNIC Region origin ASes announcing only one prefix: 449
LACNIC Region transit ASes present in the Internet Routing Table: 279
Average LACNIC Region AS path length visible: 4.5
Max LACNIC Region AS path length visible: 19
Number of LACNIC region 32-bit ASNs visible in the Routing Table: 322
Number of LACNIC addresses announced to Internet: 89805184
Equivalent to 5 /8s, 90 /16s and 81 /24s
Percentage of available LACNIC address space announced: 59.5
LACNIC AS Blocks 26592-26623, 27648-28671, 52224-53247,
262144-263167 plus ERX transfers
LACNIC Address Blocks 177/8, 179/8, 181/8, 186/8, 187/8, 189/8, 190/8,
200/8, 201/8,
AfriNIC Region Analysis Summary
-------------------------------
Prefixes being announced by AfriNIC Region ASes: 8547
Total AfriNIC prefixes after maximum aggregation: 2002
AfriNIC Deaggregation factor: 4.27
Prefixes being announced from the AfriNIC address blocks: 6606
Unique aggregates announced from the AfriNIC address blocks: 1963
AfriNIC Region origin ASes present in the Internet Routing Table: 488
AfriNIC Prefixes per ASN: 13.54
AfriNIC Region origin ASes announcing only one prefix: 153
AfriNIC Region transit ASes present in the Internet Routing Table: 103
Average AfriNIC Region AS path length visible: 4.6
Max AfriNIC Region AS path length visible: 25
Number of AfriNIC region 32-bit ASNs visible in the Routing Table: 4
Number of AfriNIC addresses announced to Internet: 27644160
Equivalent to 1 /8s, 165 /16s and 209 /24s
Percentage of available AfriNIC address space announced: 41.2
AfriNIC AS Blocks 36864-37887, 327680-328703 & ERX transfers
AfriNIC Address Blocks 41/8, 102/8, 105/8, 197/8,
APNIC Region per AS prefix count summary
----------------------------------------
ASN No of nets /20 equiv MaxAgg Description
4766 2509 11048 962 Korea Telecom (KIX)
17974 1986 519 33 PT TELEKOMUNIKASI INDONESIA
7545 1607 303 86 TPG Internet Pty Ltd
4755 1546 638 176 TATA Communications formerly
24560 1184 346 195 Bharti Airtel Ltd., Telemedia
9829 1158 989 28 BSNL National Internet Backbo
7552 1105 1064 7 Vietel Corporation
9583 1086 80 502 Sify Limited
4808 1074 2096 303 CNCGROUP IP network: China169
18101 952 165 142 Reliance Infocom Ltd Internet
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-APNIC
ARIN Region per AS prefix count summary
---------------------------------------
ASN No of nets /20 equiv MaxAgg Description
6389 3557 3817 225 bellsouth.net, inc.
18566 1915 366 239 Covad Communications
1785 1829 680 124 PaeTec Communications, Inc.
7029 1720 1008 194 Windstream Communications Inc
4323 1625 1082 391 Time Warner Telecom
20115 1595 1542 635 Charter Communications
22773 1456 2907 100 Cox Communications, Inc.
19262 1395 4728 400 Verizon Global Networks
30036 1390 252 666 Mediacom Communications Corp
7018 1338 7051 874 AT&T WorldNet Services
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-ARIN
RIPE Region per AS prefix count summary
---------------------------------------
ASN No of nets /20 equiv MaxAgg Description
8402 1224 352 13 Corbina telecom
34984 577 108 180 BILISIM TELEKOM
6830 557 1873 333 UPC Distribution Services
20940 530 178 408 Akamai Technologies European
3320 501 8169 383 Deutsche Telekom AG
3292 479 2082 408 TDC Tele Danmark
12479 474 593 7 Uni2 Autonomous System
8866 459 133 26 Bulgarian Telecommunication C
29049 423 31 55 AzerSat LLC.
8551 404 354 44 Bezeq International
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-RIPE
LACNIC Region per AS prefix count summary
-----------------------------------------
ASN No of nets /20 equiv MaxAgg Description
10620 1681 310 155 TVCABLE BOGOTA
8151 1410 2823 344 UniNet S.A. de C.V.
28573 1368 1013 70 NET Servicos de Comunicao S.A
7303 1164 683 175 Telecom Argentina Stet-France
14420 742 58 87 CORPORACION NACIONAL DE TELEC
22047 581 322 17 VTR PUNTO NET S.A.
6503 577 450 69 AVANTEL, S.A.
27947 573 71 83 Telconet S.A
3816 536 232 98 Empresa Nacional de Telecomun
11172 521 85 93 Servicios Alestra S.A de C.V
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-LACNIC
AfriNIC Region per AS prefix count summary
------------------------------------------
ASN No of nets /20 equiv MaxAgg Description
24863 813 147 37 LINKdotNET AS number
8452 663 445 11 TEDATA
15475 449 74 8 Nile Online
36992 293 415 14 Etisalat MISR
3741 278 939 231 The Internet Solution
15706 244 32 6 Sudatel Internet Exchange Aut
6713 242 519 14 Itissalat Al-MAGHRIB
33776 239 13 8 Starcomms Nigeria Limited
12258 198 28 58 Vodacom Internet Company
29571 192 17 11 Ci Telecom Autonomous system
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-AFRINIC
Global Per AS prefix count summary
----------------------------------
ASN No of nets /20 equiv MaxAgg Description
6389 3557 3817 225 bellsouth.net, inc.
4766 2509 11048 962 Korea Telecom (KIX)
17974 1986 519 33 PT TELEKOMUNIKASI INDONESIA
18566 1915 366 239 Covad Communications
1785 1829 680 124 PaeTec Communications, Inc.
7029 1720 1008 194 Windstream Communications Inc
10620 1681 310 155 TVCABLE BOGOTA
4323 1625 1082 391 Time Warner Telecom
7545 1607 303 86 TPG Internet Pty Ltd
20115 1595 1542 635 Charter Communications
Complete listing at http://thyme.rand.apnic.net/current/data-ASnet
Global Per AS Maximum Aggr summary
----------------------------------
ASN No of nets Net Savings Description
17974 1986 1953 PT TELEKOMUNIKASI INDONESIA
1785 1829 1705 PaeTec Communications, Inc.
18566 1915 1676 Covad Communications
4766 2509 1547 Korea Telecom (KIX)
7029 1720 1526 Windstream Communications Inc
10620 1681 1526 TVCABLE BOGOTA
7545 1607 1521 TPG Internet Pty Ltd
4755 1546 1370 TATA Communications formerly
22773 1456 1356 Cox Communications, Inc.
28573 1368 1298 NET Servicos de Comunicao S.A
Complete listing at http://thyme.rand.apnic.net/current/data-CIDRnet
List of Unregistered Origin ASNs (Global)
-----------------------------------------
Bad AS Designation Network Transit AS Description
15132 UNALLOCATED 12.9.150.0/24 7018 AT&T WorldNet Servic
32567 UNALLOCATED 12.14.170.0/24 4323 Time Warner Telecom
32567 UNALLOCATED 12.25.107.0/24 4323 Time Warner Telecom
26973 UNALLOCATED 12.39.152.0/24 7018 AT&T WorldNet Servic
26973 UNALLOCATED 12.39.154.0/23 7018 AT&T WorldNet Servic
26973 UNALLOCATED 12.39.155.0/24 7018 AT&T WorldNet Servic
26973 UNALLOCATED 12.39.159.0/24 7018 AT&T WorldNet Servic
25639 UNALLOCATED 12.41.169.0/24 7018 AT&T WorldNet Servic
13317 UNALLOCATED 12.44.10.0/24 7018 AT&T WorldNet Servic
23502 UNALLOCATED 12.44.44.0/24 7018 AT&T WorldNet Servic
Complete listing at http://thyme.rand.apnic.net/current/data-badAS
Advertised Unallocated Addresses
--------------------------------
Network Origin AS Description
24.225.128.0/18 36377 Comcast Telecommunications, I
24.225.192.0/23 36377 Comcast Telecommunications, I
24.225.192.0/18 36377 Comcast Telecommunications, I
24.225.224.0/21 36377 Comcast Telecommunications, I
24.225.237.0/24 36377 Comcast Telecommunications, I
24.225.248.0/21 36377 Comcast Telecommunications, I
41.222.79.0/24 36938 >>UNKNOWN<<
41.223.92.0/22 36936 >>UNKNOWN<<
62.61.220.0/24 24974 Tachyon Europe BV - Wireless
62.61.221.0/24 24974 Tachyon Europe BV - Wireless
Complete listing at http://thyme.rand.apnic.net/current/data-add-IANA
Number of prefixes announced per prefix length (Global)
-------------------------------------------------------
/1:0 /2:0 /3:0 /4:0 /5:0 /6:0
/7:0 /8:19 /9:12 /10:27 /11:81 /12:235
/13:463 /14:802 /15:1420 /16:11981 /17:5988 /18:10044
/19:19827 /20:26999 /21:27144 /22:36733 /23:34891 /24:194773
/25:1132 /26:1345 /27:752 /28:171 /29:4 /30:0
/31:0 /32:5
Advertised prefixes smaller than registry allocations
-----------------------------------------------------
ASN No of nets Total ann. Description
6389 2194 3557 bellsouth.net, inc.
18566 1870 1915 Covad Communications
10620 1576 1681 TVCABLE BOGOTA
7029 1417 1720 Windstream Communications Inc
30036 1351 1390 Mediacom Communications Corp
8402 1185 1224 Corbina telecom
11492 1115 1153 Cable One
1785 1054 1829 PaeTec Communications, Inc.
7011 1052 1173 Citizens Utilities
22773 945 1456 Cox Communications, Inc.
Complete listing at http://thyme.rand.apnic.net/current/data-sXXas-nos
Number of /24s announced per /8 block (Global)
----------------------------------------------
1:381 2:393 4:15 5:1 6:3 8:353
12:1956 13:1 14:532 15:13 16:3 17:7
20:10 23:36 24:1688 27:959 31:564 32:65
33:4 34:2 36:4 38:746 40:108 41:2639
42:48 44:3 46:993 47:3 49:263 50:432
52:13 55:3 56:2 57:38 58:879 59:492
60:365 61:1178 62:1089 63:1935 64:4052 65:2306
66:3979 67:1952 68:1102 69:3194 70:814 71:377
72:1849 74:2458 75:350 76:341 77:883 78:829
79:480 80:1122 81:835 82:503 83:501 84:622
85:1118 86:408 87:876 88:352 89:1591 90:268
91:4143 92:535 93:1339 94:1318 95:964 96:440
97:277 98:905 99:37 101:209 103:331 106:70
107:56 108:47 109:1034 110:663 111:796 112:322
113:449 114:569 115:681 116:870 117:689 118:866
119:1208 120:334 121:678 122:1605 123:1013 124:1353
125:1393 128:244 129:178 130:163 131:580 132:112
133:21 134:214 135:54 136:213 137:139 138:288
139:122 140:494 141:292 142:388 143:416 144:482
145:63 146:471 147:215 148:641 149:264 150:155
151:193 152:446 153:177 154:6 155:385 156:207
157:361 158:150 159:465 160:322 161:206 162:336
163:178 164:511 165:374 166:536 167:432 168:739
169:147 170:865 171:85 172:1 173:1641 174:648
175:417 176:246 177:291 178:1031 180:1090 181:37
182:627 183:215 184:355 185:1 186:1493 187:676
188:923 189:826 190:5177 192:5916 193:5011 194:3528
195:3078 196:1257 197:174 198:3626 199:4140 200:5520
201:1641 202:8580 203:8492 204:4258 205:2357 206:2676
207:2824 208:4041 209:3464 210:2696 211:1463 212:2044
213:1776 214:785 215:90 216:4897 217:1594 218:561
219:338 220:1227 221:514 222:342 223:263
End of report
1
0
I am tearing my hair out with an issue, and I hope someone can point something out to me that I am missing.
I am setting up 2-port LACP sets on a Cisco 2960G-24TS-L, which then need to be 802.1q trunk ports.
I have set it up as follows:
interface Port-channel1
switchport mode trunk
!
interface Port-channel2
switchport mode trunk
!
interface Port-channel3
switchport mode trunk
!
interface Port-channel4
switchport mode trunk
!
interface GigabitEthernet0/1
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet0/2
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet0/3
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet0/4
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet0/5
channel-protocol lacp
channel-group 3 mode active
!
interface GigabitEthernet0/6
channel-protocol lacp
channel-group 3 mode active
!
interface GigabitEthernet0/7
switchport mode trunk
channel-protocol lacp
channel-group 4 mode active
!
interface GigabitEthernet0/8
switchport mode trunk
channel-protocol lacp
channel-group 4 mode active
The problem is that after some period of time (sometimes minutes, sometimes hours), port-channel1 loses the "switchport mode trunk"
It just disappears from the config. If I try to put it back, it adds "switchport mode trunk" to the member ports (Gi0/1, Gi0/2) as well, which does not work. I have to tear it all out and start again. It will then work for a while again.
port-channel2 and port-channel3 are not in use yet, but port-channel4 is, and works just fine.
It is running IOS 15.0(1)SE. It was running 12.2 before, and it was doing the same thing, so I upgraded it to the latest available.
What could be the issue?
thanks,
-Randy
2
2
This is my first post to Nanog. I apologize if it is off-topic but I
have been driving myself crazy trying to figure this out.
Is anyone familiar with configuring LACP between Riverstone RS8000
(Running ROS 9.4.0.4) and a Cisco ASX9000.
I am attempting to bring in 2 Gigabit Fiber links from NTT and bond
them using LACP we will be using these links for a full BGP feed.
Any help would be appreciated, replies on or off list are alright with me.
--
Regards,
Christopher Young
Network Operations
InterMetro Communications, Inc.
805-433-8000 Main
805-433-0050 Direct
805-433-2589 Mobile
805-582-1006 Fax
*** Contact our NOC at 866-446-2662 or via email 'network.operations(a)intermetro.net' ***
*** The information contained within this E-Mail and any attached document(s) is confidential and/or privileged. It is intended solely for the use of the addressee(s) named above. Unauthorized disclosure, photocopying, distribution or use of the information contained herein is prohibited. If you believe that you have received this E-Mail in error, please notify the sender by reply transmission or call 805-433-8000 and delete the message without reviewing, copying or disclosing the message, any attachments or any contents thereof.
1
0
There's a packet filtering problem on your peering link with Godaddy
in Phoenix. Ongoing for about 7 or 8 hours now. Details in your ticket
#CI000596124.
Front line techs insist that, "This is godaddy's problem. We're
sending them packets." Apparently you're not in contact with godaddy
to resolve the problem even though it seems to only affect twtelecom's
peering link with godaddy.
Requests using the same source and destination IP address pairs routed
via Qwest or Sprint succeed.
Thanks in advanced,
Bill Herrin
--
William D. Herrin ................ herrin(a)dirtside.com bill(a)herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
1
0
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerabilities
by Cisco Systems Product Security Incident Response Team 28 Sep '11
by Cisco Systems Product Security Incident Response Team 28 Sep '11
28 Sep '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Unified Communications Manager Session
Initiation Protocol Memory Leak Vulnerability
Advisory ID: cisco-sa-20110928-cucm
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+--------------------------------------------------------------------
Summary
=======
Cisco Unified Communications Manager contains a memory leak
vulnerability that could be triggered through the processing of
malformed Session Initiation Protocol (SIP) messages. Exploitation of
this vulnerability could cause an interruption of voice services.
Cisco has released free software updates for supported Cisco Unified
Communications Manager versions to address the vulnerability. A
workaround exists for this SIP vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of
the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory
as well as the Cisco IOS Software releases that correct all
vulnerabilities in the September 2011 Bundled Publication.
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
Cisco IOS Software is affected by the SIP vulnerability described in
this advisory. A separate Cisco Security Advisory has been published
to disclose the vulnerabilities that affect the Cisco IOS software at
the following location:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml.
Affected Products
=================
Vulnerable Products
+------------------
The following products are affected by the vulnerability that is
described in this advisory:
* Cisco Unified Communications Manager 6.x
* Cisco Unified Communications Manager 7.x
* Cisco Unified Communications Manager 8.x
Note: Cisco Unified Communications Manager version 6.1 reached the
End of Software Maintenance on September 3, 2011. Customers using
Cisco Unified Communications Manager 6.x versions, should contact
their Cisco support team for assistance in upgrading to a supported
version of Cisco Unified Communications Manager.
Products Confirmed Not Vulnerable
+--------------------------------
Cisco Unified Communications Manager version 4.x is not affected by
this vulnerability. No other Cisco products are currently known to be
affected by this vulnerability.
Details
=======
Cisco Unified Communications Manager is the call processing component
of the Cisco IP Telephony solution that extends enterprise telephony
features and functions to packet telephony network devices, such as
IP phones, media processing devices, VoIP gateways, and multimedia
applications.
Memory Leak Vulnerability in SIP
+-------------------------------
Cisco Unified Communications Manager contains a vulnerability that
involves the processing of SIP messages. Cisco Unified Communications
Manager may leak session control buffers (SCBs) when processing a
malformed SIP message. Continued exploitation of the vulnerability
may cause a critical process to fail, which could result in the
disruption of voice services. All SIP ports (TCP ports 5060 and 5061
and UDP ports 5060 and 5061) are affected.
This SIP vulnerability is documented in Cisco bug ID CSCtl86047 and
has been assigned the CVE identifier CVE-2011-2072. This vulnerability
is fixed in Cisco Unified Communications Manager versions 8.6(1),
8.5(1)su2, and 7.1(5b)su4. [Note: there is not a software Service Update
for the 6.x version that contains the fix.]
Note: This vulnerability also affects Cisco IOS Software. The
corresponding Cisco bug ID is CSCto88686. Refer to the separate Cisco
Security Advisory for the Cisco IOS Software for additional details.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtl86047
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerability that is described in
this advisory could allow a remote attacker to trigger a memory leak
that could result in the interruption of voice services. Cisco
Unified Communications Manager will restart the affected processes,
but repeated attacks may result in a sustained denial of service
(DoS) condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution. Cisco recommends upgrading
to a release equal to or later than the release in the "Recommended
Releases" column of the table.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Additionally, the Cisco IOS Software Checker is available on
the Cisco Security Intelligence Operations (SIO) portal at
http://tools.cisco.com/security/center/selectIOSVersion.x. It provides
several features for checking which Security Advisories affect specified
versions of Cisco IOS Software.
+---------------------------------------+
| Cisco Unified | Recommended |
| Communication Manager | Release |
| Version | |
|-------------------------+-------------|
| 7.x | 7.1(5b)su4 |
|-------------------------+-------------|
| 8.x* | 8.5(1)su2, |
| | 8.6(1) |
+---------------------------------------+
*The recommended releases listed in the table above are the latest
Cisco Unified Communications Manager versions available at the
publication of this advisory. Software updates for 6.1 and 8.0 are
not available for CSCtl86047. Customers using these versions should
consult their Cisco support team for assistance in upgrading to a
supported release.
Cisco Unified Communications Manager software can be downloaded from
the following link:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=268439621
Workarounds
===========
A workaround exists for customers who do not require SIP in their
environment. Cisco Unified Communication Manager versions 6.1(4), 7.1
(2) and 8.0(1) introduced the ability to disable SIP processing. SIP
processing is enabled by default. Use the following instructions to
disable SIP processing:
* Step 1: Log in to the Cisco Unified CM Administration web
interface.
* Step 2: Navigate to "System > Service Parameters" and select the
appropriate Cisco Unified Communications Manager server and the
Cisco CallManager service.
* Step 3: Change the SIP Interoperability Enabled parameter to
False and click "Save".
Note: For a SIP processing change to take effect, the Cisco
CallManager Service must be restarted. For information on how to
restart the service, refer to the "Restarting the Cisco
CallManager Service" section of the document at
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dp…
It is possible to mitigate this vulnerability by implementing
filtering on screening devices and permitting access to TCP ports
5060 and 5061 and UDP ports 5060 and 5061 only from networks that
require SIP access to Cisco Unified Communications Manager
servers.
Additional mitigations that can be deployed on Cisco devices in
the network are available in the companion document "Cisco
Applied Mitigation Bulletin: Identifying and Mitigating
Exploitation of the Multiple Vulnerabilities in Cisco Voice
Products" which is available at the following location:
http://www.cisco.com/warp/public/707/cisco-amb-20110928-voice.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature
sets they have purchased. By installing, downloading, accessing
or otherwise using such software upgrades, customers agree to be
bound by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac(a)cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was found during internal testing and the
troubleshooting of customer service requests.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce(a)cisco.com
* first-bulletins(a)lists.first.org
* bugtraq(a)securityfocus.com
* vulnwatch(a)vulnwatch.org
* cisco(a)spot.colorado.edu
* cisco-nsp(a)puck.nether.net
* full-disclosure(a)lists.grok.org.uk
* comp.dcom.sys.cisco(a)newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2011-September-28 | Initial public release. |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities
in Cisco products, obtaining assistance with security
incidents, and registering to receive security information
from Cisco, is available on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.….
This includes instructions for press inquiries regarding
Cisco security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk6Cp2AACgkQQXnnBKKRMNBjhAD9GKvtDztX+sVsYR4zpP3A2D3S
wcFSudybB1DabA/OxwgA/iSVEqO/rJRHx5V9BrnZqLdvqmzcMjo5oLTgbKdlGIG8
=5svm
-----END PGP SIGNATURE-----
1
0
Cisco Security Advisory: Cisco IOS Software Data-Link Switching Vulnerability
by Cisco Systems Product Security Incident Response Team 28 Sep '11
by Cisco Systems Product Security Incident Response Team 28 Sep '11
28 Sep '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS Software Data-Link Switching
Vulnerability
Advisory ID: cisco-sa-20110928-dlsw
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco IOS Software contains a memory leak vulnerability in the
Data-Link Switching (DLSw) feature that could result in a device
reload when processing crafted IP Protocol 91 packets.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-dlsw.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
Affected Products
=================
Vulnerable Products
+------------------
Cisco IOS devices with the DLSw promiscuous feature enabled are affected
by the vulnerability described in this advisory. Devices with the DLSw
promiscuous feature enabled contain a line in the configuration defining
a local DLSw peer with the promiscuous keyword. This configuration
can be observed by issuing the command "show running-config". Systems
configured with the DLSw promiscuous feature enabled contain a line
similar to one of the following:
dlsw local-peer promiscuous
or
dlsw local-peer peer-id <IP address> promiscuous
To determine the software that runs on a Cisco IOS device, log in to
the device and issue the "show version" command to display the system
banner. Cisco IOS Software identifies itself as "Cisco Internetwork
Operating System Software" or "Cisco IOS Software." Other Cisco devices
do not have the "show version" command or give different output.
The following example shows output from a device running IOS version
15.0(1)M1:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
Additional information about Cisco IOS Software release naming
conventions is available in the white paper Cisco IOS and NX-OS
Software Reference Guide at:
http://www.cisco.com/web/about/security/intelligence/ios-ref.html.
Products Confirmed Not Vulnerable
+--------------------------------
No other Cisco products are currently known to be affected by this
vulnerability.
Details
=======
DLSw provides a means of transporting IBM Systems Network
Architecture (SNA) and network BIOS (NetBIOS) traffic over an IP
network. The Cisco implementation of DLSw over Fast Sequence
Transport (FST) uses IP Protocol 91. The promiscuous DLSw feature
permits the local peer to establish connection with remote peers that
are not statically configured.
A Cisco IOS device that is configured for DLSw listens for IP
protocol 91 packets. Depending on the DLSw configuration, UDP port
2067, and, one or more TCP ports can also be opened. The
vulnerability described in this document can only be exploited via IP
Protocol 91 and can not be exploited using either the UDP or TCP
transports.
Devices with only statically configured DLSw peers are not affected
by this vulnerability.
This vulnerability is documented in Cisco bug ID CSCth69364 and has been
assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0945.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCth69364 ("DLSw FST Memory Leak")
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerability may result in a memory
leak that can lead to a denial of service condition. Memory
exhaustion can cause an affected Cisco IOS device to reload or become
unresponsive; a power cycle might be required to recover from the
condition.
To identify the memory leak caused by this vulnerability, issue the
"show dlsw peers | include FST.*DISCONN" command; a monotonically
increasing list of FST peers that remain in the DISCONN state indicates
that memory is being held, as shown in the following example:
Router> show dlsw peers | include FST.*DISCONN
FST 176.74.146.194 DISCONN 1 0 prom 0 - - -
FST 9.180.128.186 DISCONN 1 0 prom 0 - - -
FST 139.71.105.39 DISCONN 1 0 prom 0 - - -
FST 138.150.39.18 DISCONN 1 0 prom 0 - - -
FST 253.240.220.167 DISCONN 1 0 prom 0 - - -
FST 252.186.119.224 DISCONN 1 0 prom 0 - - -
FST 41.255.172.252 DISCONN 1 0 prom 0 - - -
! --- Output truncated
Router>
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Additionally, the Cisco IOS Software Checker is available on
the Cisco Security Intelligence Operations (SIO) portal at
http://tools.cisco.com/security/center/selectIOSVersion.x. It provides
several features for checking which Security Advisories affect specified
versions of Cisco IOS Software.
Cisco IOS Software
+-----------------
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2011 Bundled Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+-----------------------------------------------|
| Affected | | First Fixed Release |
| 12.0-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------------------------------------------------------|
| There are no affected 12.0-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release |
| 12.1-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.1E | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 12.2-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| 12.2 | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | |
| | fixed in Release 12.4 | |
| 12.2B | | Vulnerable; first |
| | Releases up to and | fixed in Release 12.4 |
| | including 12.2(2)B7 | |
| | are not vulnerable. | |
|------------+-----------------------+-----------------------|
| 12.2BC | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2BW | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | |
| | fixed in Release | |
| | 12.2SB | Vulnerable; first |
| 12.2BX | | fixed in Release |
| | Releases up to and | 12.2SB |
| | including 12.2(15)BX | |
| | are not vulnerable. | |
|------------+-----------------------+-----------------------|
| 12.2BY | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2BZ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2CX | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2CY | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2CZ | Not vulnerable | fixed in Release |
| | | 12.2SB |
|------------+-----------------------+-----------------------|
| 12.2DA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2DD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2DX | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2EU | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Releases up to and |
| 12.2EW | Not vulnerable | including 12.2(20)EW4 |
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+-----------------------+-----------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
|------------+-----------------------+-----------------------|
| | | Vulnerable; migrate |
| 12.2EZ | Not vulnerable | to any release in |
| | | 15.0SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2FX | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2FY | Not vulnerable | fixed in Release |
| | | 12.2EX |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2FZ | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | Vulnerable; migrate | Vulnerable; migrate |
| 12.2IRA | to any release in | to any release in |
| | 12.2IRG | 12.2IRG |
|------------+-----------------------+-----------------------|
| | Vulnerable; migrate | Vulnerable; migrate |
| 12.2IRB | to any release in | to any release in |
| | 12.2IRG | 12.2IRG |
|------------+-----------------------+-----------------------|
| | Vulnerable; migrate | Vulnerable; migrate |
| 12.2IRC | to any release in | to any release in |
| | 12.2IRG | 12.2IRG |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IRD | 12.2(33)IRD1 | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IRE | 12.2(33)IRE3 | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; migrate | Vulnerable; migrate |
| 12.2IRF | to any release in | to any release in |
| | 12.2IRG | 12.2IRG |
|------------+-----------------------+-----------------------|
| 12.2IRG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXA | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXB | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXC | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXD | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXE | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXF | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXG | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXH | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2JA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2JK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2MB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2MC | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2MRA | Not vulnerable | fixed in Release |
| | | 12.2SRD |
|------------+-----------------------+-----------------------|
| 12.2MRB | Not vulnerable | 12.2(33)MRB5 |
|------------+-----------------------+-----------------------|
| | Releases prior to | Releases prior to |
| | 12.2(30)S are | 12.2(30)S are |
| | vulnerable; Releases | vulnerable; Releases |
| 12.2S | 12.2(30)S and later | 12.2(30)S and later |
| | are not vulnerable. | are not vulnerable. |
| | First fixed in | First fixed in |
| | Release 12.2SB | Release 12.2SB |
|------------+-----------------------+-----------------------|
| | 12.2(31)SB20 | 12.2(31)SB2012.2(33) |
| 12.2SB | | SB10 |
| | 12.2(33)SB10 | |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SBC | fixed in Release | fixed in Release |
| | 12.2SB | 12.2SB |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SCA | fixed in Release | fixed in Release |
| | 12.2SCC | 12.2SCC |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SCB | fixed in Release | fixed in Release |
| | 12.2SCC | 12.2SCC |
|------------+-----------------------+-----------------------|
| 12.2SCC | 12.2(33)SCC7 | 12.2(33)SCC7 |
|------------+-----------------------+-----------------------|
| | 12.2(33)SCD6 | |
| 12.2SCD | | 12.2(33)SCD6 |
| | 12.2(33)SCD7 | |
|------------+-----------------------+-----------------------|
| | 12.2(33)SCE1 | 12.2(33)SCE112.2(33) |
| 12.2SCE | | SCE2 |
| | 12.2(33)SCE2 | |
|------------+-----------------------+-----------------------|
| 12.2SCF | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SE | Not vulnerable | 12.2(55)SE312.2(58)SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEA | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEB | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEC | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SED | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEE | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEF | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Releases prior to |
| | | 12.2(25)SEG4 are |
| | | vulnerable; Releases |
| 12.2SEG | Not vulnerable | 12.2(25)SEG4 and |
| | | later are not |
| | | vulnerable. First |
| | | fixed in Release |
| | | 12.2EX |
|------------+-----------------------+-----------------------|
| | Releases prior to | Releases prior to |
| | 12.2(40)SG are | 12.2(53)SG4 are |
| 12.2SG | vulnerable; Releases | vulnerable; Releases |
| | 12.2(40)SG and later | 12.2(53)SG4 and later |
| | are not vulnerable. | are not vulnerable. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2SGA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2SL | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2SM | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2SO | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SQ | Not vulnerable | 12.2(50)SQ3 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SRA | fixed in Release | fixed in Release |
| | 12.2SRD | 12.2SRD |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SRB | fixed in Release | fixed in Release |
| | 12.2SRD | 12.2SRD |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SRC | fixed in Release | fixed in Release |
| | 12.2SRD | 12.2SRD |
|------------+-----------------------+-----------------------|
| 12.2SRD | 12.2(33)SRD6 | 12.2(33)SRD6 |
|------------+-----------------------+-----------------------|
| 12.2SRE | 12.2(33)SRE3 | 12.2(33)SRE4 |
|------------+-----------------------+-----------------------|
| 12.2STE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SU | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Releases prior to | Releases prior to |
| | 12.2(29a)SV are | 12.2(29a)SV are |
| | vulnerable; Releases | vulnerable; Releases |
| 12.2SV | 12.2(29a)SV and later | 12.2(29a)SV and later |
| | are not vulnerable. | are not vulnerable. |
| | Migrate to any | Migrate to any |
| | release in 12.2SVD | release in 12.2SVD |
|------------+-----------------------+-----------------------|
| 12.2SVA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SVC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SVD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SVE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Releases prior to | Vulnerable; contact |
| | 12.2(25)SW12 are | your support |
| | vulnerable; Releases | organization per the |
| 12.2SW | 12.2(25)SW12 and | instructions in the |
| | later are not | Obtaining Fixed |
| | vulnerable. | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SX | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SXA | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SXB | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SXD | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SXE | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| 12.2SXF | 12.2(18)SXF17b | 12.2(18)SXF17b |
|------------+-----------------------+-----------------------|
| 12.2SXH | 12.2(33)SXH8a | 12.2(33)SXH8a |
|------------+-----------------------+-----------------------|
| 12.2SXI | 12.2(33)SXI6 | 12.2(33)SXI6 |
|------------+-----------------------+-----------------------|
| 12.2SXJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SY | 12.2(50)SY | 12.2(50)SY |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SZ | fixed in Release | fixed in Release |
| | 12.2SB | 12.2SB |
|------------+-----------------------+-----------------------|
| 12.2T | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2TPC | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2XA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XB | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2XC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XF | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XH | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XI | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XL | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XM | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XN | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XNA | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XNB | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XNC | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XND | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XNE | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XNF | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | | Releases prior to |
| | | 12.2(54)XO are |
| 12.2XO | Not vulnerable | vulnerable; Releases |
| | | 12.2(54)XO and later |
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| 12.2XQ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XR | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XS | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XT | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XU | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XV | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XW | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Releases prior to | |
| | 12.2(4)YA8 are | |
| | vulnerable; Releases | Vulnerable; first |
| 12.2YA | 12.2(4)YA8 and later | fixed in Release 12.4 |
| | are not vulnerable. | |
| | First fixed in | |
| | Release 12.4 | |
|------------+-----------------------+-----------------------|
| 12.2YB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YF | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YG | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YH | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | Releases prior to | your support |
| | 12.2(8)YJ1 are | organization per the |
| 12.2YJ | vulnerable; Releases | instructions in the |
| | 12.2(8)YJ1 and later | Obtaining Fixed |
| | are not vulnerable. | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2YK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YL | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2YM | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YN | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2YO | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YP | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YQ | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YR | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YS | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YT | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YU | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | Releases prior to | your support |
| | 12.2(11)YV1 are | organization per the |
| 12.2YV | vulnerable; Releases | instructions in the |
| | 12.2(11)YV1 and later | Obtaining Fixed |
| | are not vulnerable. | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YW | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YX | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YY | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YZ | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2ZA | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2ZB | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2ZC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2ZD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2ZE | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2ZF | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2ZG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Releases prior to | |
| | 12.2(13)ZH6 are | |
| | vulnerable; Releases | Vulnerable; first |
| 12.2ZH | 12.2(13)ZH6 and later | fixed in Release 12.4 |
| | are not vulnerable. | |
| | First fixed in | |
| | Release 12.4 | |
|------------+-----------------------+-----------------------|
| 12.2ZJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2ZL | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2ZP | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2ZU | fixed in Release | fixed in Release |
| | 12.2SXH | 12.2SXH |
|------------+-----------------------+-----------------------|
| 12.2ZX | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2ZY | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2ZYA | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 12.3-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| 12.3 | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3B | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.3BC | Not vulnerable | fixed in Release |
| | | 12.2SCC |
|------------+-----------------------+-----------------------|
| 12.3BW | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3JA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3JEA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3JEB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3JEC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3JED | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Releases up to and | Releases up to and |
| | including 12.3(2)JK3 | including 12.3(2)JK3 |
| | are not vulnerable. | are not vulnerable. |
| 12.3JK | Releases 12.3(8)JK1 | Releases 12.3(8)JK1 |
| | and later are not | and later are not |
| | vulnerable. First | vulnerable. First |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3JL | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3JX | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3T | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | Releases up to and | your support |
| | including 12.3(4) | organization per the |
| 12.3TPC | TPC11a are not | instructions in the |
| | vulnerable. | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.3VA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Releases prior to | |
| | 12.3(2)XA7 are | |
| | vulnerable; Releases | Vulnerable; first |
| 12.3XA | 12.3(2)XA7 and later | fixed in Release 12.4 |
| | are not vulnerable. | |
| | First fixed in | |
| | Release 12.4 | |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.3XB | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.3XC | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3XD | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3XE | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.3XF | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.3XG | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3XI | fixed in Release | fixed in Release |
| | 12.2SB | 12.2SB |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.3XJ | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.3XK | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3XL | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.3XQ | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3XR | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3XS | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3XU | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.3XW | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.3XX | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3XY | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3XZ | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3YA | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3YD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3YF | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3YG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3YH | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3YI | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3YJ | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.3YK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3YM | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3YQ | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | |
| | fixed in Release | |
| | 12.4T | Vulnerable; first |
| 12.3YS | | fixed in Release |
| | Releases up to and | 12.4T |
| | including 12.3(11)YS1 | |
| | are not vulnerable. | |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3YT | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3YU | fixed in Release | fixed in Release |
| | 12.4XB | 12.4XB |
|------------+-----------------------+-----------------------|
| | Vulnerable; migrate | Vulnerable; first |
| 12.3YX | to any release in | fixed in Release |
| | 12.4XR | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.3YZ | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3ZA | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 12.4-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| 12.4 | 12.4(25e) | 12.4(25f) |
|------------+-----------------------+-----------------------|
| 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 |
|------------+-----------------------+-----------------------|
| 12.4JA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JAX | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JDA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JDC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JHA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JHB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JHC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JL | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JMA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JMB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; migrate |
| | | to any release in |
| | | 12.4JA |
| 12.4JX | Not vulnerable | |
| | | Releases up to and |
| | | including 12.4(21a)JX |
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| 12.4JY | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4MD | Not vulnerable | 12.4(24)MD6 on |
| | | 28-Oct-2011 |
|------------+-----------------------+-----------------------|
| 12.4MDA | Not vulnerable | 12.4(24)MDA7 |
|------------+-----------------------+-----------------------|
| 12.4MDB | Not vulnerable | 12.4(24)MDB3 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.4MR | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.4MRA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.4MRB | Not vulnerable | fixed in Release |
| | | 12.4T |
|------------+-----------------------+-----------------------|
| 12.4SW | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | 12.4(15)T15 | 12.4(15)T16 |
| 12.4T | | |
| | 12.4(24)T5 | 12.4(24)T6 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XA | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.4XB | 12.4(2)XB12 | 12.4(2)XB12 |
|------------+-----------------------+-----------------------|
| 12.4XC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XD | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.4XE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.4XF | Not vulnerable | fixed in Release |
| | | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XG | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.4XJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4XK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.4XL | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Releases up to and | |
| | including 12.4(15)XM | |
| | are not vulnerable. | |
| | | Vulnerable; first |
| 12.4XM | Releases 12.4(15)XM3 | fixed in Release |
| | and later are not | 12.4T |
| | vulnerable. First | |
| | fixed in Release | |
| | 12.4T | |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.4XN | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.4XP | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.4XQ | Not vulnerable | fixed in Release |
| | | 12.4T |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.4XR | Not vulnerable | fixed in Release |
| | | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XT | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.4XV | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XW | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XY | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XZ | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4YA | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.4YB | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.4YD | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; fixed in |
| | | 12.4(22)YE6 on |
| 12.4YE | Not vulnerable | 30-Sept-2011; 12.4 |
| | | (24)YE7 available on |
| | | 17-Oct-2011 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.4YG | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 15.0-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| | 15.0(1)M4 | |
| 15.0M | | 15.0(1)M7 |
| | 15.0(1)M5a | |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.0MR | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.0MRA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | 15.0(1)S3a | |
| | | 15.0(1)S4 |
| | 15.0(1)S4 | |
| 15.0S | | Cisco IOS XE devices: |
| | Cisco IOS XE devices: | Please see Cisco |
| | Please see Cisco | IOS-XE Software |
| | IOS-XE Software | Availability |
| | Availability | |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.0SA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 15.0SE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Cisco IOS XE devices: | Cisco IOS XE devices: |
| 15.0SG | Please see Cisco | Please see Cisco |
| | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 15.0XA | fixed in Release | fixed in Release |
| | 15.1T | 15.1T |
|------------+-----------------------+-----------------------|
| | Cisco IOS XE devices: | Cisco IOS XE devices: |
| 15.0XO | Please see Cisco | Please see Cisco |
| | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 15.1-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.1EY | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 15.1GC | Not vulnerable | fixed in Release |
| | | 15.1T |
|------------+-----------------------+-----------------------|
| 15.1M | Not vulnerable | 15.1(4)M2; Available |
| | | on 30-SEP-11 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.1MR | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | 15.1(1)S1 | 15.1(2)S2 |
| | | |
| | 15.1(2)S | 15.1(3)S |
| 15.1S | | |
| | Cisco IOS XE devices: | Cisco IOS XE devices: |
| | Please see Cisco | Please see Cisco |
| | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | 15.1(1)T3 | |
| | | |
| | 15.1(2)T2 | 15.1(2)T4 15.1(1)T4 |
| 15.1T | | on 8-Dec-2011 |
| | 15.1(2)T2a | |
| | | |
| | 15.1(3)T | |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 15.1XB | fixed in Release | fixed in Release |
| | 15.1T | 15.1T |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 15.2-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------------------------------------------------------|
| There are no affected 15.2-based releases |
+------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
Cisco IOS XE Software is affected by the vulnerability disclosed in
this document.
+------------------------------------------------------------+
| Cisco | First | First Fixed Release for All |
| IOS XE | Fixed | Advisories in the September 2011 |
| Release | Release | Bundled Publication |
|----------+------------+------------------------------------|
| 2.1.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.2.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.3.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.4.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.5.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.6.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.1.xS | 3.1.3S | Vulnerable; migrate to 3.3.2S or |
| | | later |
|----------+------------+------------------------------------|
| 3.1.xSG | Not | Vulnerable; migrate to 3.2.0SG or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.2.xS | 3.2.1S | Vulnerable; migrate to 3.3.2S or |
| | | later |
|----------+------------+------------------------------------|
| 3.2.xSG | Not | Not vulnerable |
| | vulnerable | |
|----------+------------+------------------------------------|
| 3.3.xS | Not | 3.3.2S |
| | vulnerable | |
|----------+------------+------------------------------------|
| 3.4.xS | Not | Not vulnerable |
| | vulnerable | |
+------------------------------------------------------------+
For mapping of Cisco IOS XE to Cisco IOS releases, please refer to
the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and
Cisco IOS XE 3SG Release Notes.
Cisco IOS XR Software
+--------------------
Cisco IOS XR Software is not affected by any of the vulnerabilities
in the September 2011 bundled publication.
Workarounds
===========
This vulnerability can be mitigated by using Control Plane Policing
(CoPP) to only allow IP Protocol 91 packets sent by valid peers.
Mitigation techniques that can be deployed on Cisco devices within
the network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20110928-dlsw.shtml
Control Plane Policing
+---------------------
Control Plane Policing (CoPP) can be used to block untrusted IP
Protocol 91 packets sent to the affected device. Cisco IOS Software
Releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the
CoPP feature. CoPP may be configured on a device to protect the
management and control planes to minimize the risk and effectiveness
of direct infrastructure attacks by explicitly permitting, and if
configured, rate-limiting only authorized traffic that is sent to
infrastructure devices in accordance with existing security policies
and configurations. The following example, which uses 192.168.100.1
to represent a trusted host, can be adapted to your network.
!-- Deny FST traffic on IP protocol 91 from trusted
!-- hosts to all IP addresses configured on all interfaces of the affected device
!-- so that it will be allowed by the CoPP feature
access-list 111 deny 91 host 192.168.100.1 any
!-- Permit all other FST traffic on IP protocol 91
!-- sent to all IP addresses configured on all interfaces of the affected
!-- device so that it will be policed and dropped by the CoPP feature
access-list 111 permit 91 any any
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3
!-- and Layer4 traffic in accordance with existing security
!-- policies and configurations for traffic that is authorized
!-- to be sent to infrastructure devices
!-- Create a Class-Map for traffic to be policed by
!-- the CoPP feature
class-map match-all drop-fst-91-class
match access-group 111
!-- Create a Policy-Map that will be applied to the
!-- Control-Plane of the device.
policy-map input-CoPP-policy
class drop-fst-91-class
drop
!-- Apply the Policy-Map to the Control-Plane of the
!-- device
control-plane
service-policy input input-CoPP-policy
In the above CoPP example, the access control list entries (ACEs)
that match the potential exploit packets with the "permit" action
result in these packets being discarded by the policy map "drop"
function, while packets that match the deny action (not shown) are
not affected by the policy-map drop function. Note that in the 12.2S
and 12.0S Cisco IOS trains the policy-map syntax is different, as
shown in the following example:
policy-map input-CoPP-policy
class drop-fst-91-class
police 32000 1500 1500 conform-action drop exceed-action drop
Additional information on the CoPP feature is available at: Control
Plane Policing Implementation Best Practices.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature
sets they have purchased. By installing, downloading, accessing
or otherwise using such software upgrades, customers agree to be
bound by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac(a)cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was discovered during Cisco internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110323-dlsw.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce(a)cisco.com
* first-bulletins(a)lists.first.org
* bugtraq(a)securityfocus.com
* vulnwatch(a)vulnwatch.org
* cisco(a)spot.colorado.edu
* cisco-nsp(a)puck.nether.net
* full-disclosure(a)lists.grok.org.uk
* comp.dcom.sys.cisco(a)newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2011-September-28 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities
in Cisco products, obtaining assistance with security
incidents, and registering to receive security information
from Cisco, is available on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.….
This includes instructions for press inquiries regarding
Cisco security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk6Cp2EACgkQQXnnBKKRMNDlUwD/RunFKu5OItJXD8gTi5PtkxMz
CoIx3+/EIJjznWKJnBoA/3bh8zYaW5Et3pvnmF9Hm2nImvFT1jMZOIv1zWfAMsXX
=oqzZ
-----END PGP SIGNATURE-----
1
0
Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability
by Cisco Systems Product Security Incident Response Team 28 Sep '11
by Cisco Systems Product Security Incident Response Team 28 Sep '11
28 Sep '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS Software IP Service Level
Agreement Vulnerability
Advisory ID: cisco-sa-20110928-ipsla
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a
denial of service (DoS) vulnerability. The vulnerability is triggered
when malformed UDP packets are sent to a vulnerable device. The
vulnerable UDP port numbers depend on the device configuration.
Default ports are not used for the vulnerable UDP IP SLA operation or
for the UDP responder ports.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
Affected Products
=================
Vulnerable Products
+------------------
Cisco devices that are running Cisco IOS Software are vulnerable when
they are configured for IP SLA, either as responders or as
originators of vulnerable IP SLA operations.
To determine the Cisco IOS Software release that is running on a Cisco
product, administrators can log in to the device and issue the "show
version" command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or "Cisco
IOS Software." The image name displays in parentheses, followed by
"Version" and the Cisco IOS Software release name. Other Cisco devices
do not have the "show version" command or may provide different output.
The following example shows output from a device that runs a Cisco
IOS Software image:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release naming
conventions is available in the white paper Cisco IOS and NX-OS
Software Reference Guide available at:
http://www.cisco.com/web/about/security/intelligence/ios-ref.html
Products Confirmed Not Vulnerable
+--------------------------------
No other Cisco products are currently known to be affected by this
vulnerability.
Details
=======
IP SLA is an embedded agent in Cisco IOS Software designed to measure
and monitor common network performance metrics like jitter, latency
(delay), and packet loss.
The vulnerability that is described in this document is triggered by
malformed UDP packets triggered by malformed IP SLA packets sent to
the vulnerable device and port. A vulnerable device can be an IP SLA
responder or the source device of a vulnerable IP SLA operation.
This vulnerability is documented in Cisco bug ID CSCtk67073 and has been
assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3272.
Vulnerable IP SLA Responder Configurations
+-----------------------------------------
A device configured either as an IP SLA general responder or a
permanent IP SLA UDP responder is vulnerable.
The general responder processes IP SLA control protocol packets on
UDP port 1967 and then may dynamically open vulnerable UDP ports
according to the IP SLA operations requested using the control
protocol. The configuration for a general responder is as follows:
ip sla responder
The IP SLA UDP permanent responder is also vulnerable. An example
configuration is as follows:
ip sla responder udp-echo port 300
There is no default UDP port number for the UDP permanent responder
Alternatively, both the general responder and the permanent responder
can be identified with the "show ip sla responder" command. The general
responder is vulnerable when it has been enabled. The permanent
responder is vulnerable only when it has been enabled and the "udpEcho
Responder" is present. In the Following example, the general responder
is not vulnerable because it has not been enabled but the permanent
responder is vulnerable because it has been enabled with a UDP echo
responder:
Router# show ip sla responder
General IP SLA Responder on Control port 1967
General IP SLA Responder is: Disabled
Permanent Port IP SLA Responder
Permanent Port IP SLA Responder is: Enabled
udpEcho Responder:
IP Address Port
0.0.0.0 300
Vulnerable IP SLA Source Device Configurations
+---------------------------------------------
An IP SLA source device is a Cisco IOS device that has at least one
IP SLA operation configured. To be vulnerable a probe originator
needs to have at least one scheduled probe that uses either of the
following IP SLA operations:
* udp-jitter probe
* udp-echo
A vulnerable IP SLA source device configuration includes all the
following commands:
* An "ip sla" global configuration command to define an IP SLA
operation
* Either a "udp-echo" or a "udp-jitter" IP SLA configuration command
* An "ip sla schedule" global configuration command that activates
one of the probes that uses a vulnerable IP SLA operation
The following examples show a source device that is configured for IP
SLA UDP echo and UDP jitter probes:
ip sla 201
udp-echo 192.168.134.21 201
ip sla schedule 201 start-time now
ip sla 301
udp-jitter 192.168.134.121 122
ip sla schedule 301 start-time now
The destination UDP ports for the probes need to be configured. If
the source UDP port is not configured an available port number will
be used when the probe is started. A device that originates a
vulnerable operation will be vulnerable on the source UDP ports of
the probe and a responder will be vulnerable on the destination UDP
port used for the probe.
IP SLA probes can be configured using Simple Network Management
Protocol (SNMP). In that case, by default, the "show running
configuration" command will not include the IP SLA probe
configuration. The "show ip sla configuration" command can be used to
verify whether a probe has been configured either by the command line
or via SNMP.
Router# show ip sla configuration | include operation
Type of operation to perform: udp-jitter
Type of operation to perform: udp-echo
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtk67073 ("IP SLA Memory Corruption Vulnerability")
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerability described in this
document may result in the reload of a vulnerable device. Repeated
exploitation could result in a DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Additionally, the Cisco IOS Software Checker is available on
the Cisco Security Intelligence Operations (SIO) portal at
http://tools.cisco.com/security/center/selectIOSVersion.x. It provides
several features for checking which Security Advisories affect specified
versions of Cisco IOS Software.
Cisco IOS Software
+-----------------
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2011 Bundled Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+-----------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.0-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.1-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.2-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.3-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.4-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 15.0-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+------------------+----------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.1EY | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+------------------+----------------------------|
| | Vulnerable; | Vulnerable; first fixed in |
| 15.1GC | first fixed in | Release 15.1T |
| | Release 15.1T | |
|------------+------------------+----------------------------|
| 15.1M | Not vulnerable | 15.1(4)M2; Available on |
| | | 30-SEP-11 |
|------------+------------------+----------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.1MR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this advisory. |
|------------+------------------+----------------------------|
| | 15.1(2)S | 15.1(2)S2 |
| | | |
| | Cisco IOS XE | 15.1(3)S |
| 15.1S | devices: Please | |
| | see Cisco IOS-XE | Cisco IOS XE devices: |
| | Software | Please see Cisco IOS-XE |
| | Availability | Software Availability |
|------------+------------------+----------------------------|
| | 15.1(1)T3 | 15.1(1)T4; Available on |
| | | 08-DEC-11 |
| 15.1T | 15.1(2)T4 | |
| | | 15.1(2)T4 |
| | 15.1(3)T2 | |
| | | 15.1(3)T2 |
|------------+------------------+----------------------------|
| | Vulnerable; | Vulnerable; first fixed in |
| 15.1XB | first fixed in | Release 15.1T |
| | Release 15.1T | |
|------------+------------------+----------------------------|
| Affected | | First Fixed Release for |
| 15.2-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 15.2-based releases |
+------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
Cisco IOS XE Software is affected by the vulnerability disclosed in
this document.
+------------------------------------------------------------+
| Cisco | First Fixed | First Fixed Release for All |
| IOS XE | Release | Advisories in the September |
| Release | | 2011 Bundled Publication |
|---------+-----------------+--------------------------------|
| | Vulnerable; | Vulnerable; migrate to 3.3.2S |
| 2.1.x | migrate to | or later |
| | 3.3.2S or later | |
|---------+-----------------+--------------------------------|
| | Vulnerable; | Vulnerable; migrate to 3.3.2S |
| 2.2.x | migrate to | or later |
| | 3.3.2S or later | |
|---------+-----------------+--------------------------------|
| | Vulnerable; | Vulnerable; migrate to 3.3.2S |
| 2.3.x | migrate to | or later |
| | 3.3.2S or later | |
|---------+-----------------+--------------------------------|
| | Vulnerable; | Vulnerable; migrate to 3.3.2S |
| 2.4.x | migrate to | or later |
| | 3.3.2S or later | |
|---------+-----------------+--------------------------------|
| | Vulnerable; | Vulnerable; migrate to 3.3.2S |
| 2.5.x | migrate to | or later |
| | 3.3.2S or later | |
|---------+-----------------+--------------------------------|
| | Vulnerable; | Vulnerable; migrate to 3.3.2S |
| 2.6.x | migrate to | or later |
| | 3.3.2S or later | |
|---------+-----------------+--------------------------------|
| | Vulnerable; | Vulnerable; migrate to 3.3.2S |
| 3.1.xS | migrate to | or later |
| | 3.3.2S or later | |
|---------+-----------------+--------------------------------|
| | Vulnerable; | |
| 3.1.xSG | migrate to | Vulnerable; migrate to 3.2.0SG |
| | 3.2.0SG or | or later |
| | later | |
|---------+-----------------+--------------------------------|
| | Vulnerable; | Vulnerable; migrate to 3.3.2S |
| 3.2.xS | migrate to | or later |
| | 3.3.2S or later | |
|---------+-----------------+--------------------------------|
| 3.2.xSG | Not vulnerable | Not vulnerable |
|---------+-----------------+--------------------------------|
| 3.3.xS | 3.3.0S | 3.3.2S |
|---------+-----------------+--------------------------------|
| 3.4.xS | Not vulnerable | Not vulnerable |
+------------------------------------------------------------+
For mapping of Cisco IOS XE to Cisco IOS releases, please refer to
the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and
Cisco IOS XE 3SG Release Notes.
Cisco IOS XR Software
+--------------------
Cisco IOS XR Software is not affected by any of the vulnerabilities
in the September 2011 bundled publication.
Workarounds
===========
There are no workarounds for this vulnerability, but there are
mitigations that can be deployed on a general IP SLA responder to
reduce the exposure to this vulnerability.
General IP SLA Responder Mitigation
+----------------------------------
For devices that are configured as general responders, a mitigation
is to restrict IP SLA control packets on UDP port 1967 that are
addressed to the vulnerable device to permit only trusted probe
originators to open UDP ports that could be exploited. This can be
accomplished using techniques such as Infrastructure Access list or
Control Plane Protection.
For devices configured as general responders, mitigation techniques
that can be deployed on Cisco devices within the network are
available in the Cisco Applied Mitigation Bulletin companion document
for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20110928-ipsla.shtml
IP SLA Permanent Responder Mitigation
+------------------------------------
For the permanent responder, the mitigation is to filter UDP packets
addressed to the configured UDP port of each permanent responder to
permit packets from the IP addresses of trusted devices.
IP SLA Source Devices Mitigation
+-------------------------------
For IP SLA source devices, a mitigation is to allow only UDP packets
from trusted devices (that is, devices that are the target of IP SLA
operations).
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature
sets they have purchased. By installing, downloading, accessing
or otherwise using such software upgrades, customers agree to be
bound by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac(a)cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was found during Cisco internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce(a)cisco.com
* first-bulletins(a)lists.first.org
* bugtraq(a)securityfocus.com
* vulnwatch(a)vulnwatch.org
* cisco(a)spot.colorado.edu
* cisco-nsp(a)puck.nether.net
* full-disclosure(a)lists.grok.org.uk
* comp.dcom.sys.cisco(a)newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2011-Sep-28 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities
in Cisco products, obtaining assistance with security
incidents, and registering to receive security information
from Cisco, is available on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.….
This includes instructions for press inquiries regarding
Cisco security notices. All Cisco security advisories are available at
http://www.cisco.com/ go/psirt.
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk6Cp2MACgkQQXnnBKKRMNBZ6gD/WbLQXIuIcQjySn9TOSycPflx
p7H07864wibshk3qznsA/37viRZKYBrkXc+mgT5C5kIs9Elx3l+L5v0EDJ1K+jZI
=OF08
-----END PGP SIGNATURE-----
1
0
Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service Vulnerability
by Cisco Systems Product Security Incident Response Team 28 Sep '11
by Cisco Systems Product Security Incident Response Team 28 Sep '11
28 Sep '11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service
Vulnerability
Advisory ID: cisco-sa-20110928-ipv6
Revision 1.0
For Public Release 2011 September 28 1600 UTC (GMT)
+--------------------------------------------------------------------
Summary
=======
Cisco IOS Software contains a vulnerability in the IP version 6
(IPv6) protocol stack implementation that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device that has IPv6 enabled. The vulnerability may be triggered when
the device processes a malformed IPv6 packet.
Cisco has released free software updates that address this
vulnerability. There are no workarounds to mitigate this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
Affected Products
=================
This vulnerability affects devices that are running Cisco IOS
Software and configured for IPv6 operation. IPv6 is not enabled by
default in Cisco IOS Software.
Vulnerable Products
+------------------
Cisco devices that are running an affected version of Cisco IOS
Software and configured for IPv6 operation are vulnerable. A device
that is running Cisco IOS Software and that has IPv6 enabled will
show some interfaces with assigned IPv6 addresses when the "show ipv6
interface brief" command is executed.
The "show ipv6 interface brief" command will produce an error message
if the version of Cisco IOS Software in use does not support IPv6, or
will not show any interfaces with IPv6 address if IPv6 is disabled.
The system is not vulnerable in these scenarios.
Sample output of the "show ipv6 interface brief" command on a system
that is configured for IPv6 operation follows:
router>show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::222:90FF:FEB0:1098
2001:DB8:2:93::3
200A:1::1
FastEthernet0/1 [up/up]
FE80::222:90FF:FEB0:1099
2001:DB8:2:94::1
Serial0/0/0 [down/down]
unassigned
Serial0/0/0.4 [down/down]
unassigned
Serial0/0/0.5 [down/down]
unassigned
Serial0/0/0.6 [down/down]
unassigned
Alternatively, the IPv6 protocol is enabled if the interface
configuration command "ipv6 address <IPv6 address>" or "ipv6 enable"
is present in the configuration. Both may be present, as shown in the
vulnerable configuration in the following example shows:
interface FastEthernet0/1
ipv6 address 2001:0DB8:C18:1::/64 eui-64
!
interface FastEthernet0/2
ipv6 enable
A device that is running Cisco IOS Software and that has IPv6 enabled
on a physical or logical interface is vulnerable even if ipv6
unicast-routing is globally disabled (that is, the device is not
routing IPv6 packets).
To determine the Cisco IOS Software release that is running on a Cisco
product, administrators can log in to the device and issue the "show
version" command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or "Cisco
IOS Software." The image name displays in parentheses, followed by
"Version" and the Cisco IOS Software release name. Other Cisco devices
do not have the "show version" command or may provide different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release
naming conventions is available in the white paper Cisco
IOS and NX-OS Software Reference Guide available at
http://www.cisco.com/web/about/security/intelligence/ios-ref.html.
Products Confirmed Not Vulnerable
+--------------------------------
Cisco IOS XR Software and Cisco IOS XE Software are not affected by
this vulnerability.
No other Cisco products are currently known to be affected by this
vulnerability.
Details
=======
IPv6, which was designed by the Internet Engineering Task Force
(IETF), is intended to replace the current version, IP Version 4
(IPv4).
A vulnerability exists when Cisco IOS Software processes IPv6
packets. An attacker could exploit this vulnerability by sending
malformed IPv6 packets to physical or logical interfaces that are
configured to process IPv6 traffic. Transit traffic cannot trigger
this vulnerability. Exploitation could cause an affected system to
reload.
This vulnerability is documented in Cisco bug ID CSCtj41194, and
has been assigned Common Vulnerabilities and Exposures (CVE) ID
CVE-2011-0944.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtj41194 ("Crafted IPv6 packet causes device reload")
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerability that is described in
this advisory may cause a reload of an affected device. Repeated
exploitation could result in a sustained denial of service condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Additionally, the Cisco IOS Software Checker is available on
the Cisco Security Intelligence Operations (SIO) portal at
http://tools.cisco.com/security/center/selectIOSVersion.x. It provides
several features for checking which Security Advisories affect specified
versions of Cisco IOS Software.
Cisco IOS Software
+-----------------
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2011 Bundled Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+-----------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.0 based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 12.1E | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 12.2 | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2B | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2BC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2BW | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2BX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2BY | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2BZ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2CX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2CY | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2CZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2DA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2DD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2DX | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2EU | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Releases up to and |
| 12.2EW | Not vulnerable | including 12.2(20)EW4 |
| | | are not vulnerable. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2EWA | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+--------------------+--------------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
|------------+--------------------+--------------------------|
| 12.2EZ | Not vulnerable | Vulnerable; migrate to |
| | | any release in 15.0SE |
|------------+--------------------+--------------------------|
| 12.2FX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2FY | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2EX |
|------------+--------------------+--------------------------|
| 12.2FZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2IRA | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| 12.2IRB | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| 12.2IRC | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IRD | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IRE | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2IRF | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| 12.2IRG | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXB | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXC | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXD | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXE | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXF | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXG | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXH | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2JA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2JK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2MB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2MC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2MRA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2MRB | Not vulnerable | 12.2(33)MRB5 |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (30)S are vulnerable; |
| 12.2S | Not vulnerable | Releases 12.2(30)S and |
| | | later are not |
| | | vulnerable. First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2SB | Not vulnerable | 12.2(31)SB2012.2(33)SB10 |
|------------+--------------------+--------------------------|
| 12.2SBC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2SCA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SCC |
|------------+--------------------+--------------------------|
| 12.2SCB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SCC |
|------------+--------------------+--------------------------|
| 12.2SCC | Not vulnerable | 12.2(33)SCC7 |
|------------+--------------------+--------------------------|
| 12.2SCD | Not vulnerable | 12.2(33)SCD6 |
|------------+--------------------+--------------------------|
| 12.2SCE | Not vulnerable | 12.2(33)SCE112.2(33)SCE2 |
|------------+--------------------+--------------------------|
| 12.2SCF | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SE | Not vulnerable | 12.2(55)SE312.2(58)SE |
|------------+--------------------+--------------------------|
| 12.2SEA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SED | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEE | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEF | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (25)SEG4 are vulnerable; |
| 12.2SEG | Not vulnerable | Releases 12.2(25)SEG4 |
| | | and later are not |
| | | vulnerable. First fixed |
| | | in Release 12.2EX |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (53)SG4 are vulnerable; |
| 12.2SG | Not vulnerable | Releases 12.2(53)SG4 and |
| | | later are not |
| | | vulnerable. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2SGA | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2SL | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2SM | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2SO | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SQ | Not vulnerable | 12.2(50)SQ3 |
|------------+--------------------+--------------------------|
| 12.2SRA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2SRB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2SRC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2SRD | Not vulnerable | 12.2(33)SRD6 |
|------------+--------------------+--------------------------|
| 12.2SRE | Not vulnerable | 12.2(33)SRE4 |
|------------+--------------------+--------------------------|
| 12.2STE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SU | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (29a)SV are vulnerable; |
| 12.2SV | Not vulnerable | Releases 12.2(29a)SV and |
| | | later are not |
| | | vulnerable. Migrate to |
| | | any release in 12.2SVD |
|------------+--------------------+--------------------------|
| 12.2SVA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SVC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SVD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SVE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2SW | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2SX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXD | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXE | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXF | Not vulnerable | 12.2(18)SXF17b |
|------------+--------------------+--------------------------|
| 12.2SXH | Not vulnerable | 12.2(33)SXH8a |
|------------+--------------------+--------------------------|
| 12.2SXI | Not vulnerable | 12.2(33)SXI6 |
|------------+--------------------+--------------------------|
| 12.2SXJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SY | Not vulnerable | 12.2(50)SY |
|------------+--------------------+--------------------------|
| 12.2SZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2T | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2TPC | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2XA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2XC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XF | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XG | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XH | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XI | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XL | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XM | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XN | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNA | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNB | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNC | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XND | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNE | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNF | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (54)XO are vulnerable; |
| 12.2XO | Not vulnerable | Releases 12.2(54)XO and |
| | | later are not |
| | | vulnerable. |
|------------+--------------------+--------------------------|
| 12.2XQ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XR | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XS | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XT | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XU | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XV | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XW | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2YB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YF | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YG | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YH | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YJ | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2YK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YL | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2YM | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YN | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2YO | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YP | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YQ | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YS | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YT | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YU | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YV | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YW | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YX | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YY | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YZ | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2ZA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZB | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2ZC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZE | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2ZF | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2ZG | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZH | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2ZJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZL | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2ZP | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZU | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXH |
|------------+--------------------+--------------------------|
| 12.2ZX | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZY | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZYA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.3 based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 12.4 | Not vulnerable | 12.4(25f) |
|------------+--------------------+--------------------------|
| 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 |
|------------+--------------------+--------------------------|
| 12.4JA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JAX | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JDA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JDC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JHA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JHB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JHC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JL | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JMA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JMB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; migrate to |
| | | any release in 12.4JA |
| 12.4JX | Not vulnerable | |
| | | Releases up to and |
| | | including 12.4(21a)JX |
| | | are not vulnerable. |
|------------+--------------------+--------------------------|
| 12.4JY | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4MD | Not vulnerable | 12.4(24)MD6 on |
| | | 28-Oct-2011 |
|------------+--------------------+--------------------------|
| 12.4MDA | Not vulnerable | 12.4(24)MDA7 |
|------------+--------------------+--------------------------|
| 12.4MDB | Not vulnerable | 12.4(24)MDB3 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4MR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4MRA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.4MRB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4SW | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | Only 12.4(24)T | |
| | through 12.4(24)T4 | 12.4(24)T6 |
| 12.4T | are affected; | |
| | first fixed in | 12.4(15)T16 |
| | 12.4(24)T3c and | |
| | 12.4(24)T5 | |
|------------+--------------------+--------------------------|
| 12.4XA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XB | Not vulnerable | 12.4(2)XB12 |
|------------+--------------------+--------------------------|
| 12.4XC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XD | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XF | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XG | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4XL | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.4XM | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4XN | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4XP | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.4XQ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XR | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XT | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XV | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XW | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XY | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4YA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4YB | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4YD | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; fixed in |
| | | 12.4(22)YE6 on |
| 12.4YE | Not vulnerable | 30-Sept-2011; 12.4(24) |
| | | YE7 available on |
| | | 17-Oct-2011 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4YG | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 15.0M | 15.0(1)M5 | 15.0(1)M7 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.0MR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.0MRA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | Not vulnerable | 15.0(1)S4 |
| | | |
| 15.0S | Cisco IOS XE | Cisco IOS XE devices: |
| | devices: see Cisco | see Cisco IOS-XE |
| | IOS-XE Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.0SA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 15.0SE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | Cisco IOS XE | Cisco IOS XE devices: |
| 15.0SG | devices: see Cisco | see Cisco IOS-XE |
| | IOS-XE Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | Vulnerable; First | Vulnerable; First fixed |
| 15.0XA | fixed in Release | in Release 15.1T |
| | 15.1T | |
|------------+--------------------+--------------------------|
| | Cisco IOS XE | |
| | devices: Please | Cisco IOS XE devices: |
| 15.0XO | see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.1EY | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 15.1GC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 15.1T |
|------------+--------------------+--------------------------|
| 15.1M | Not vulnerable | 15.1(4)M2; Available on |
| | | 30-SEP-11 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.1MR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | Not vulnerable | 15.1(2)S2 |
| | | |
| | Cisco IOS XE | 15.1(3)S |
| 15.1S | devices: See Cisco | |
| | IOS-XE Software | Cisco IOS XE devices: |
| | Availability | See Cisco IOS-XE |
| | | Software Availability |
|------------+--------------------+--------------------------|
| | 15.1(1)T3 | |
| | | 15.1(2)T4 15.1(1)T4 on |
| 15.1T | 15.1(2)T3 | 8-Dec-2011 |
| | | |
| | 15.1(3)T1 | |
|------------+--------------------+--------------------------|
| | Vulnerable; First | Vulnerable; First fixed |
| 15.1XB | fixed in Release | in Release 15.1T |
| | 15.1T | |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 15.2-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 15.2 based releases |
+------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
+------------------------------------------------------------+
| Cisco | First | First Fixed Release for All |
| IOS XE | Fixed | Advisories in the September 2011 |
| Release | Release | Bundled Publication |
|----------+------------+------------------------------------|
| 2.1.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.2.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.3.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.4.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.5.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.6.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.1.xS | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.1.xSG | Not | Vulnerable; migrate to 3.2.0SG or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.2.xS | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.2.xSG | Not | Not vulnerable |
| | vulnerable | |
|----------+------------+------------------------------------|
| 3.3.xS | Not | 3.3.2S |
| | vulnerable | |
|----------+------------+------------------------------------|
| 3.4.xS | Not | Not vulnerable |
| | vulnerable | |
+------------------------------------------------------------+
For mapping of Cisco IOS XE to Cisco IOS releases, please refer to
the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and
Cisco IOS XE 3SG Release Notes.
Cisco IOS XR Software
+--------------------
Cisco IOS XR Software is not affected by any of the vulnerabilities
in the September 2011 bundled publication.
Workarounds
===========
There are no workarounds for this vulnerability if IPv6 configuration
is required.
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature
sets they have purchased. By installing, downloading, accessing
or otherwise using such software upgrades, customers agree to be
bound by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac(a)cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability that is described in this advisory.
This vulnerability was discovered by Cisco during internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce(a)cisco.com
* first-bulletins(a)lists.first.org
* bugtraq(a)securityfocus.com
* vulnwatch(a)vulnwatch.org
* cisco(a)spot.colorado.edu
* cisco-nsp(a)puck.nether.net
* full-disclosure(a)lists.grok.org.uk
* comp.dcom.sys.cisco(a)newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2011-September-28 | Initial public release. |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities
in Cisco products, obtaining assistance with security
incidents, and registering to receive security information
from Cisco, is available on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.….
This includes instructions for press inquiries regarding
Cisco security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk6Cp2UACgkQQXnnBKKRMNDOnwD/dwZvi6wHRpTsYyfLbLrCfyOs
8+WevPYlJBddySoqwHYA/14o6NuZ2rculYMYCusovUgM/SZf3N+euXWs897W6V5M
=uQiZ
-----END PGP SIGNATURE-----
1
0