- Test - lists.nanog.org

Weekly Routing Table Report
by Routing Analysis Role Account 30 Sep '11

30 Sep '11

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-stats(a)lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith <pfsinoz(a)gmail.com>. Routing Table Report 04:00 +10GMT Sat 01 Oct, 2011 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary ---------------- BGP routing table entries examined: 374848 Prefixes after maximum aggregation: 168719 Deaggregation factor: 2.22 Unique aggregates announced to Internet: 185153 Total ASes present in the Internet Routing Table: 38930 Prefixes per ASN: 9.63 Origin-only ASes present in the Internet Routing Table: 32252 Origin ASes announcing only one prefix: 15477 Transit ASes present in the Internet Routing Table: 5218 Transit-only ASes present in the Internet Routing Table: 137 Average AS path length visible in the Internet Routing Table: 4.4 Max AS path length visible: 33 Max AS path prepend of ASN (48687) 24 Prefixes from unregistered ASNs in the Routing Table: 1474 Unregistered ASNs in the Routing Table: 802 Number of 32-bit ASNs allocated by the RIRs: 1802 Number of 32-bit ASNs visible in the Routing Table: 1460 Prefixes from 32-bit ASNs in the Routing Table: 3347 Special use prefixes present in the Routing Table: 0 Prefixes being announced from unallocated address space: 103 Number of addresses announced to Internet: 2481536768 Equivalent to 147 /8s, 233 /16s and 63 /24s Percentage of available address space announced: 67.0 Percentage of allocated address space announced: 67.0 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 91.4 Total number of prefixes smaller than registry allocations: 156962 APNIC Region Analysis Summary ----------------------------- Prefixes being announced by APNIC Region ASes: 93945 Total APNIC prefixes after maximum aggregation: 30799 APNIC Deaggregation factor: 3.05 Prefixes being announced from the APNIC address blocks: 90409 Unique aggregates announced from the APNIC address blocks: 37945 APNIC Region origin ASes present in the Internet Routing Table: 4567 APNIC Prefixes per ASN: 19.80 APNIC Region origin ASes announcing only one prefix: 1260 APNIC Region transit ASes present in the Internet Routing Table: 707 Average APNIC Region AS path length visible: 4.5 Max APNIC Region AS path length visible: 19 Number of APNIC region 32-bit ASNs visible in the Routing Table: 90 Number of APNIC addresses announced to Internet: 628377696 Equivalent to 37 /8s, 116 /16s and 72 /24s Percentage of available APNIC address space announced: 79.7 APNIC AS Blocks 4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 131072-132095, 132096-133119 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary ---------------------------- Prefixes being announced by ARIN Region ASes: 143988 Total ARIN prefixes after maximum aggregation: 73994 ARIN Deaggregation factor: 1.95 Prefixes being announced from the ARIN address blocks: 116124 Unique aggregates announced from the ARIN address blocks: 47994 ARIN Region origin ASes present in the Internet Routing Table: 14694 ARIN Prefixes per ASN: 7.90 ARIN Region origin ASes announcing only one prefix: 5653 ARIN Region transit ASes present in the Internet Routing Table: 1557 Average ARIN Region AS path length visible: 4.0 Max ARIN Region AS path length visible: 25 Number of ARIN region 32-bit ASNs visible in the Routing Table: 12 Number of ARIN addresses announced to Internet: 804495360 Equivalent to 47 /8s, 243 /16s and 160 /24s Percentage of available ARIN address space announced: 63.9 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647, 29696-30719, 31744-33791 35840-36863, 39936-40959, 46080-47103 53248-55295, 393216-394239 ARIN Address Blocks 3/8, 4/8, 6/8, 7/8, 8/8, 9/8, 11/8, 12/8, 13/8, 15/8, 16/8, 17/8, 18/8, 19/8, 20/8, 21/8, 22/8, 23/8, 24/8, 26/8, 28/8, 29/8, 30/8, 32/8, 33/8, 34/8, 35/8, 38/8, 40/8, 44/8, 45/8, 47/8, 48/8, 50/8, 52/8, 53/8, 54/8, 55/8, 56/8, 57/8, 63/8, 64/8, 65/8, 66/8, 67/8, 68/8, 69/8, 70/8, 71/8, 72/8, 73/8, 74/8, 75/8, 76/8, 96/8, 97/8, 98/8, 99/8, 100/8, 104/8, 107/8, 108/8, 173/8, 174/8, 184/8, 199/8, 204/8, 205/8, 206/8, 207/8, 208/8, 209/8, 214/8, 215/8, 216/8, RIPE Region Analysis Summary ---------------------------- Prefixes being announced by RIPE Region ASes: 89839 Total RIPE prefixes after maximum aggregation: 50430 RIPE Deaggregation factor: 1.78 Prefixes being announced from the RIPE address blocks: 82551 Unique aggregates announced from the RIPE address blocks: 54098 RIPE Region origin ASes present in the Internet Routing Table: 16005 RIPE Prefixes per ASN: 5.16 RIPE Region origin ASes announcing only one prefix: 7962 RIPE Region transit ASes present in the Internet Routing Table: 2506 Average RIPE Region AS path length visible: 4.7 Max RIPE Region AS path length visible: 33 Number of RIPE region 32-bit ASNs visible in the Routing Table: 1032 Number of RIPE addresses announced to Internet: 490070912 Equivalent to 29 /8s, 53 /16s and 227 /24s Percentage of available RIPE address space announced: 78.9 RIPE AS Blocks 1877-1901, 2043, 2047, 2107-2136, 2585-2614 (pre-ERX allocations) 2773-2822, 2830-2879, 3154-3353, 5377-5631 6656-6911, 8192-9215, 12288-13311, 15360-16383 20480-21503, 24576-25599, 28672-29695 30720-31743, 33792-35839, 38912-39935 40960-45055, 47104-52223, 56320-58367 196608-198655 RIPE Address Blocks 2/8, 5/8, 25/8, 31/8, 37/8, 46/8, 51/8, 62/8, 77/8, 78/8, 79/8, 80/8, 81/8, 82/8, 83/8, 84/8, 85/8, 86/8, 87/8, 88/8, 89/8, 90/8, 91/8, 92/8, 93/8, 94/8, 95/8, 109/8, 176/8, 178/8, 185/8, 193/8, 194/8, 195/8, 212/8, 213/8, 217/8, LACNIC Region Analysis Summary ------------------------------ Prefixes being announced by LACNIC Region ASes: 35011 Total LACNIC prefixes after maximum aggregation: 7797 LACNIC Deaggregation factor: 4.49 Prefixes being announced from the LACNIC address blocks: 34336 Unique aggregates announced from the LACNIC address blocks: 18003 LACNIC Region origin ASes present in the Internet Routing Table: 1530 LACNIC Prefixes per ASN: 22.44 LACNIC Region origin ASes announcing only one prefix: 449 LACNIC Region transit ASes present in the Internet Routing Table: 279 Average LACNIC Region AS path length visible: 4.5 Max LACNIC Region AS path length visible: 19 Number of LACNIC region 32-bit ASNs visible in the Routing Table: 322 Number of LACNIC addresses announced to Internet: 89805184 Equivalent to 5 /8s, 90 /16s and 81 /24s Percentage of available LACNIC address space announced: 59.5 LACNIC AS Blocks 26592-26623, 27648-28671, 52224-53247, 262144-263167 plus ERX transfers LACNIC Address Blocks 177/8, 179/8, 181/8, 186/8, 187/8, 189/8, 190/8, 200/8, 201/8, AfriNIC Region Analysis Summary ------------------------------- Prefixes being announced by AfriNIC Region ASes: 8547 Total AfriNIC prefixes after maximum aggregation: 2002 AfriNIC Deaggregation factor: 4.27 Prefixes being announced from the AfriNIC address blocks: 6606 Unique aggregates announced from the AfriNIC address blocks: 1963 AfriNIC Region origin ASes present in the Internet Routing Table: 488 AfriNIC Prefixes per ASN: 13.54 AfriNIC Region origin ASes announcing only one prefix: 153 AfriNIC Region transit ASes present in the Internet Routing Table: 103 Average AfriNIC Region AS path length visible: 4.6 Max AfriNIC Region AS path length visible: 25 Number of AfriNIC region 32-bit ASNs visible in the Routing Table: 4 Number of AfriNIC addresses announced to Internet: 27644160 Equivalent to 1 /8s, 165 /16s and 209 /24s Percentage of available AfriNIC address space announced: 41.2 AfriNIC AS Blocks 36864-37887, 327680-328703 & ERX transfers AfriNIC Address Blocks 41/8, 102/8, 105/8, 197/8, APNIC Region per AS prefix count summary ---------------------------------------- ASN No of nets /20 equiv MaxAgg Description 4766 2509 11048 962 Korea Telecom (KIX) 17974 1986 519 33 PT TELEKOMUNIKASI INDONESIA 7545 1607 303 86 TPG Internet Pty Ltd 4755 1546 638 176 TATA Communications formerly 24560 1184 346 195 Bharti Airtel Ltd., Telemedia 9829 1158 989 28 BSNL National Internet Backbo 7552 1105 1064 7 Vietel Corporation 9583 1086 80 502 Sify Limited 4808 1074 2096 303 CNCGROUP IP network: China169 18101 952 165 142 Reliance Infocom Ltd Internet Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-APNIC ARIN Region per AS prefix count summary --------------------------------------- ASN No of nets /20 equiv MaxAgg Description 6389 3557 3817 225 bellsouth.net, inc. 18566 1915 366 239 Covad Communications 1785 1829 680 124 PaeTec Communications, Inc. 7029 1720 1008 194 Windstream Communications Inc 4323 1625 1082 391 Time Warner Telecom 20115 1595 1542 635 Charter Communications 22773 1456 2907 100 Cox Communications, Inc. 19262 1395 4728 400 Verizon Global Networks 30036 1390 252 666 Mediacom Communications Corp 7018 1338 7051 874 AT&T WorldNet Services Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-ARIN RIPE Region per AS prefix count summary --------------------------------------- ASN No of nets /20 equiv MaxAgg Description 8402 1224 352 13 Corbina telecom 34984 577 108 180 BILISIM TELEKOM 6830 557 1873 333 UPC Distribution Services 20940 530 178 408 Akamai Technologies European 3320 501 8169 383 Deutsche Telekom AG 3292 479 2082 408 TDC Tele Danmark 12479 474 593 7 Uni2 Autonomous System 8866 459 133 26 Bulgarian Telecommunication C 29049 423 31 55 AzerSat LLC. 8551 404 354 44 Bezeq International Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-RIPE LACNIC Region per AS prefix count summary ----------------------------------------- ASN No of nets /20 equiv MaxAgg Description 10620 1681 310 155 TVCABLE BOGOTA 8151 1410 2823 344 UniNet S.A. de C.V. 28573 1368 1013 70 NET Servicos de Comunicao S.A 7303 1164 683 175 Telecom Argentina Stet-France 14420 742 58 87 CORPORACION NACIONAL DE TELEC 22047 581 322 17 VTR PUNTO NET S.A. 6503 577 450 69 AVANTEL, S.A. 27947 573 71 83 Telconet S.A 3816 536 232 98 Empresa Nacional de Telecomun 11172 521 85 93 Servicios Alestra S.A de C.V Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-LACNIC AfriNIC Region per AS prefix count summary ------------------------------------------ ASN No of nets /20 equiv MaxAgg Description 24863 813 147 37 LINKdotNET AS number 8452 663 445 11 TEDATA 15475 449 74 8 Nile Online 36992 293 415 14 Etisalat MISR 3741 278 939 231 The Internet Solution 15706 244 32 6 Sudatel Internet Exchange Aut 6713 242 519 14 Itissalat Al-MAGHRIB 33776 239 13 8 Starcomms Nigeria Limited 12258 198 28 58 Vodacom Internet Company 29571 192 17 11 Ci Telecom Autonomous system Complete listing at http://thyme.rand.apnic.net/current/data-ASnet-AFRINIC Global Per AS prefix count summary ---------------------------------- ASN No of nets /20 equiv MaxAgg Description 6389 3557 3817 225 bellsouth.net, inc. 4766 2509 11048 962 Korea Telecom (KIX) 17974 1986 519 33 PT TELEKOMUNIKASI INDONESIA 18566 1915 366 239 Covad Communications 1785 1829 680 124 PaeTec Communications, Inc. 7029 1720 1008 194 Windstream Communications Inc 10620 1681 310 155 TVCABLE BOGOTA 4323 1625 1082 391 Time Warner Telecom 7545 1607 303 86 TPG Internet Pty Ltd 20115 1595 1542 635 Charter Communications Complete listing at http://thyme.rand.apnic.net/current/data-ASnet Global Per AS Maximum Aggr summary ---------------------------------- ASN No of nets Net Savings Description 17974 1986 1953 PT TELEKOMUNIKASI INDONESIA 1785 1829 1705 PaeTec Communications, Inc. 18566 1915 1676 Covad Communications 4766 2509 1547 Korea Telecom (KIX) 7029 1720 1526 Windstream Communications Inc 10620 1681 1526 TVCABLE BOGOTA 7545 1607 1521 TPG Internet Pty Ltd 4755 1546 1370 TATA Communications formerly 22773 1456 1356 Cox Communications, Inc. 28573 1368 1298 NET Servicos de Comunicao S.A Complete listing at http://thyme.rand.apnic.net/current/data-CIDRnet List of Unregistered Origin ASNs (Global) ----------------------------------------- Bad AS Designation Network Transit AS Description 15132 UNALLOCATED 12.9.150.0/24 7018 AT&T WorldNet Servic 32567 UNALLOCATED 12.14.170.0/24 4323 Time Warner Telecom 32567 UNALLOCATED 12.25.107.0/24 4323 Time Warner Telecom 26973 UNALLOCATED 12.39.152.0/24 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.154.0/23 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.155.0/24 7018 AT&T WorldNet Servic 26973 UNALLOCATED 12.39.159.0/24 7018 AT&T WorldNet Servic 25639 UNALLOCATED 12.41.169.0/24 7018 AT&T WorldNet Servic 13317 UNALLOCATED 12.44.10.0/24 7018 AT&T WorldNet Servic 23502 UNALLOCATED 12.44.44.0/24 7018 AT&T WorldNet Servic Complete listing at http://thyme.rand.apnic.net/current/data-badAS Advertised Unallocated Addresses -------------------------------- Network Origin AS Description 24.225.128.0/18 36377 Comcast Telecommunications, I 24.225.192.0/23 36377 Comcast Telecommunications, I 24.225.192.0/18 36377 Comcast Telecommunications, I 24.225.224.0/21 36377 Comcast Telecommunications, I 24.225.237.0/24 36377 Comcast Telecommunications, I 24.225.248.0/21 36377 Comcast Telecommunications, I 41.222.79.0/24 36938 >>UNKNOWN<< 41.223.92.0/22 36936 >>UNKNOWN<< 62.61.220.0/24 24974 Tachyon Europe BV - Wireless 62.61.221.0/24 24974 Tachyon Europe BV - Wireless Complete listing at http://thyme.rand.apnic.net/current/data-add-IANA Number of prefixes announced per prefix length (Global) ------------------------------------------------------- /1:0 /2:0 /3:0 /4:0 /5:0 /6:0 /7:0 /8:19 /9:12 /10:27 /11:81 /12:235 /13:463 /14:802 /15:1420 /16:11981 /17:5988 /18:10044 /19:19827 /20:26999 /21:27144 /22:36733 /23:34891 /24:194773 /25:1132 /26:1345 /27:752 /28:171 /29:4 /30:0 /31:0 /32:5 Advertised prefixes smaller than registry allocations ----------------------------------------------------- ASN No of nets Total ann. Description 6389 2194 3557 bellsouth.net, inc. 18566 1870 1915 Covad Communications 10620 1576 1681 TVCABLE BOGOTA 7029 1417 1720 Windstream Communications Inc 30036 1351 1390 Mediacom Communications Corp 8402 1185 1224 Corbina telecom 11492 1115 1153 Cable One 1785 1054 1829 PaeTec Communications, Inc. 7011 1052 1173 Citizens Utilities 22773 945 1456 Cox Communications, Inc. Complete listing at http://thyme.rand.apnic.net/current/data-sXXas-nos Number of /24s announced per /8 block (Global) ---------------------------------------------- 1:381 2:393 4:15 5:1 6:3 8:353 12:1956 13:1 14:532 15:13 16:3 17:7 20:10 23:36 24:1688 27:959 31:564 32:65 33:4 34:2 36:4 38:746 40:108 41:2639 42:48 44:3 46:993 47:3 49:263 50:432 52:13 55:3 56:2 57:38 58:879 59:492 60:365 61:1178 62:1089 63:1935 64:4052 65:2306 66:3979 67:1952 68:1102 69:3194 70:814 71:377 72:1849 74:2458 75:350 76:341 77:883 78:829 79:480 80:1122 81:835 82:503 83:501 84:622 85:1118 86:408 87:876 88:352 89:1591 90:268 91:4143 92:535 93:1339 94:1318 95:964 96:440 97:277 98:905 99:37 101:209 103:331 106:70 107:56 108:47 109:1034 110:663 111:796 112:322 113:449 114:569 115:681 116:870 117:689 118:866 119:1208 120:334 121:678 122:1605 123:1013 124:1353 125:1393 128:244 129:178 130:163 131:580 132:112 133:21 134:214 135:54 136:213 137:139 138:288 139:122 140:494 141:292 142:388 143:416 144:482 145:63 146:471 147:215 148:641 149:264 150:155 151:193 152:446 153:177 154:6 155:385 156:207 157:361 158:150 159:465 160:322 161:206 162:336 163:178 164:511 165:374 166:536 167:432 168:739 169:147 170:865 171:85 172:1 173:1641 174:648 175:417 176:246 177:291 178:1031 180:1090 181:37 182:627 183:215 184:355 185:1 186:1493 187:676 188:923 189:826 190:5177 192:5916 193:5011 194:3528 195:3078 196:1257 197:174 198:3626 199:4140 200:5520 201:1641 202:8580 203:8492 204:4258 205:2357 206:2676 207:2824 208:4041 209:3464 210:2696 211:1463 212:2044 213:1776 214:785 215:90 216:4897 217:1594 218:561 219:338 220:1227 221:514 222:342 223:263 End of report

1 0

Cisco switch LACP + 802.1q
by Randy Carpenter 29 Sep '11

29 Sep '11

I am tearing my hair out with an issue, and I hope someone can point something out to me that I am missing. I am setting up 2-port LACP sets on a Cisco 2960G-24TS-L, which then need to be 802.1q trunk ports. I have set it up as follows: interface Port-channel1 switchport mode trunk ! interface Port-channel2 switchport mode trunk ! interface Port-channel3 switchport mode trunk ! interface Port-channel4 switchport mode trunk ! interface GigabitEthernet0/1 channel-protocol lacp channel-group 1 mode active ! interface GigabitEthernet0/2 channel-protocol lacp channel-group 1 mode active ! interface GigabitEthernet0/3 channel-protocol lacp channel-group 2 mode active ! interface GigabitEthernet0/4 channel-protocol lacp channel-group 2 mode active ! interface GigabitEthernet0/5 channel-protocol lacp channel-group 3 mode active ! interface GigabitEthernet0/6 channel-protocol lacp channel-group 3 mode active ! interface GigabitEthernet0/7 switchport mode trunk channel-protocol lacp channel-group 4 mode active ! interface GigabitEthernet0/8 switchport mode trunk channel-protocol lacp channel-group 4 mode active The problem is that after some period of time (sometimes minutes, sometimes hours), port-channel1 loses the "switchport mode trunk" It just disappears from the config. If I try to put it back, it adds "switchport mode trunk" to the member ports (Gi0/1, Gi0/2) as well, which does not work. I have to tear it all out and start again. It will then work for a while again. port-channel2 and port-channel3 are not in use yet, but port-channel4 is, and works just fine. It is running IOS 15.0(1)SE. It was running 12.2 before, and it was doing the same thing, so I upgraded it to the latest available. What could be the issue? thanks, -Randy

2 2

LACP between Riverstone RS8000 and Cisco ASX9000
by Christopher Young 29 Sep '11

29 Sep '11

This is my first post to Nanog. I apologize if it is off-topic but I have been driving myself crazy trying to figure this out. Is anyone familiar with configuring LACP between Riverstone RS8000 (Running ROS 9.4.0.4) and a Cisco ASX9000. I am attempting to bring in 2 Gigabit Fiber links from NTT and bond them using LACP we will be using these links for a full BGP feed. Any help would be appreciated, replies on or off list are alright with me. -- Regards, Christopher Young Network Operations InterMetro Communications, Inc. 805-433-8000 Main 805-433-0050 Direct 805-433-2589 Mobile 805-582-1006 Fax *** Contact our NOC at 866-446-2662 or via email 'network.operations(a)intermetro.net' *** *** The information contained within this E-Mail and any attached document(s) is confidential and/or privileged. It is intended solely for the use of the addressee(s) named above. Unauthorized disclosure, photocopying, distribution or use of the information contained herein is prohibited. If you believe that you have received this E-Mail in error, please notify the sender by reply transmission or call 805-433-8000 and delete the message without reviewing, copying or disclosing the message, any attachments or any contents thereof.

1 0

Seeking clueful TWTelecom engineer
by William Herrin 28 Sep '11

28 Sep '11

There's a packet filtering problem on your peering link with Godaddy in Phoenix. Ongoing for about 7 or 8 hours now. Details in your ticket #CI000596124. Front line techs insist that, "This is godaddy's problem. We're sending them packets." Apparently you're not in contact with godaddy to resolve the problem even though it seems to only affect twtelecom's peering link with godaddy. Requests using the same source and destination IP address pairs routed via Qwest or Sprint succeed. Thanks in advanced, Bill Herrin -- William D. Herrin ................ herrin(a)dirtside.com bill(a)herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004

1 0

Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerabilities
by Cisco Systems Product Security Incident Response Team 28 Sep '11

28 Sep '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability Advisory ID: cisco-sa-20110928-cucm Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software updates for supported Cisco Unified Communications Manager versions to address the vulnerability. A workaround exists for this SIP vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Cisco IOS Software is affected by the SIP vulnerability described in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the Cisco IOS software at the following location: http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml. Affected Products ================= Vulnerable Products +------------------ The following products are affected by the vulnerability that is described in this advisory: * Cisco Unified Communications Manager 6.x * Cisco Unified Communications Manager 7.x * Cisco Unified Communications Manager 8.x Note: Cisco Unified Communications Manager version 6.1 reached the End of Software Maintenance on September 3, 2011. Customers using Cisco Unified Communications Manager 6.x versions, should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Unified Communications Manager. Products Confirmed Not Vulnerable +-------------------------------- Cisco Unified Communications Manager version 4.x is not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications. Memory Leak Vulnerability in SIP +------------------------------- Cisco Unified Communications Manager contains a vulnerability that involves the processing of SIP messages. Cisco Unified Communications Manager may leak session control buffers (SCBs) when processing a malformed SIP message. Continued exploitation of the vulnerability may cause a critical process to fail, which could result in the disruption of voice services. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060 and 5061) are affected. This SIP vulnerability is documented in Cisco bug ID CSCtl86047 and has been assigned the CVE identifier CVE-2011-2072. This vulnerability is fixed in Cisco Unified Communications Manager versions 8.6(1), 8.5(1)su2, and 7.1(5b)su4. [Note: there is not a software Service Update for the 6.x version that contains the fix.] Note: This vulnerability also affects Cisco IOS Software. The corresponding Cisco bug ID is CSCto88686. Refer to the separate Cisco Security Advisory for the Cisco IOS Software for additional details. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtl86047 CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability that is described in this advisory could allow a remote attacker to trigger a memory leak that could result in the interruption of voice services. Cisco Unified Communications Manager will restart the affected processes, but repeated attacks may result in a sustained denial of service (DoS) condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. +---------------------------------------+ | Cisco Unified | Recommended | | Communication Manager | Release | | Version | | |-------------------------+-------------| | 7.x | 7.1(5b)su4 | |-------------------------+-------------| | 8.x* | 8.5(1)su2, | | | 8.6(1) | +---------------------------------------+ *The recommended releases listed in the table above are the latest Cisco Unified Communications Manager versions available at the publication of this advisory. Software updates for 6.1 and 8.0 are not available for CSCtl86047. Customers using these versions should consult their Cisco support team for assistance in upgrading to a supported release. Cisco Unified Communications Manager software can be downloaded from the following link: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=268439621 Workarounds =========== A workaround exists for customers who do not require SIP in their environment. Cisco Unified Communication Manager versions 6.1(4), 7.1 (2) and 8.0(1) introduced the ability to disable SIP processing. SIP processing is enabled by default. Use the following instructions to disable SIP processing: * Step 1: Log in to the Cisco Unified CM Administration web interface. * Step 2: Navigate to "System > Service Parameters" and select the appropriate Cisco Unified Communications Manager server and the Cisco CallManager service. * Step 3: Change the SIP Interoperability Enabled parameter to False and click "Save". Note: For a SIP processing change to take effect, the Cisco CallManager Service must be restarted. For information on how to restart the service, refer to the "Restarting the Cisco CallManager Service" section of the document at http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dp… It is possible to mitigate this vulnerability by implementing filtering on screening devices and permitting access to TCP ports 5060 and 5061 and UDP ports 5060 and 5061 only from networks that require SIP access to Cisco Unified Communications Manager servers. Additional mitigations that can be deployed on Cisco devices in the network are available in the companion document "Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products" which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20110928-voice.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found during internal testing and the troubleshooting of customer service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.…. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2AACgkQQXnnBKKRMNBjhAD9GKvtDztX+sVsYR4zpP3A2D3S wcFSudybB1DabA/OxwgA/iSVEqO/rJRHx5V9BrnZqLdvqmzcMjo5oLTgbKdlGIG8 =5svm -----END PGP SIGNATURE-----

1 0

Cisco Security Advisory: Cisco IOS Software Data-Link Switching Vulnerability
by Cisco Systems Product Security Incident Response Team 28 Sep '11

28 Sep '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Data-Link Switching Vulnerability Advisory ID: cisco-sa-20110928-dlsw Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco IOS Software contains a memory leak vulnerability in the Data-Link Switching (DLSw) feature that could result in a device reload when processing crafted IP Protocol 91 packets. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-dlsw.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= Vulnerable Products +------------------ Cisco IOS devices with the DLSw promiscuous feature enabled are affected by the vulnerability described in this advisory. Devices with the DLSw promiscuous feature enabled contain a line in the configuration defining a local DLSw peer with the promiscuous keyword. This configuration can be observed by issuing the command "show running-config". Systems configured with the DLSw promiscuous feature enabled contain a line similar to one of the following: dlsw local-peer promiscuous or dlsw local-peer peer-id <IP address> promiscuous To determine the software that runs on a Cisco IOS device, log in to the device and issue the "show version" command to display the system banner. Cisco IOS Software identifies itself as "Cisco Internetwork Operating System Software" or "Cisco IOS Software." Other Cisco devices do not have the "show version" command or give different output. The following example shows output from a device running IOS version 15.0(1)M1: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide at: http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by this vulnerability. Details ======= DLSw provides a means of transporting IBM Systems Network Architecture (SNA) and network BIOS (NetBIOS) traffic over an IP network. The Cisco implementation of DLSw over Fast Sequence Transport (FST) uses IP Protocol 91. The promiscuous DLSw feature permits the local peer to establish connection with remote peers that are not statically configured. A Cisco IOS device that is configured for DLSw listens for IP protocol 91 packets. Depending on the DLSw configuration, UDP port 2067, and, one or more TCP ports can also be opened. The vulnerability described in this document can only be exploited via IP Protocol 91 and can not be exploited using either the UDP or TCP transports. Devices with only statically configured DLSw peers are not affected by this vulnerability. This vulnerability is documented in Cisco bug ID CSCth69364 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0945. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCth69364 ("DLSw FST Memory Leak") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may result in a memory leak that can lead to a denial of service condition. Memory exhaustion can cause an affected Cisco IOS device to reload or become unresponsive; a power cycle might be required to recover from the condition. To identify the memory leak caused by this vulnerability, issue the "show dlsw peers | include FST.*DISCONN" command; a monotonically increasing list of FST peers that remain in the DISCONN state indicates that memory is being held, as shown in the following example: Router> show dlsw peers | include FST.*DISCONN FST 176.74.146.194 DISCONN 1 0 prom 0 - - - FST 9.180.128.186 DISCONN 1 0 prom 0 - - - FST 139.71.105.39 DISCONN 1 0 prom 0 - - - FST 138.150.39.18 DISCONN 1 0 prom 0 - - - FST 253.240.220.167 DISCONN 1 0 prom 0 - - - FST 252.186.119.224 DISCONN 1 0 prom 0 - - - FST 41.255.172.252 DISCONN 1 0 prom 0 - - - ! --- Output truncated Router> Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.1E | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | | | | fixed in Release 12.4 | | | 12.2B | | Vulnerable; first | | | Releases up to and | fixed in Release 12.4 | | | including 12.2(2)B7 | | | | are not vulnerable. | | |------------+-----------------------+-----------------------| | 12.2BC | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | | | | fixed in Release | | | | 12.2SB | Vulnerable; first | | 12.2BX | | fixed in Release | | | Releases up to and | 12.2SB | | | including 12.2(15)BX | | | | are not vulnerable. | | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2CZ | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Releases up to and | | 12.2EW | Not vulnerable | including 12.2(20)EW4 | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2EWA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | Not vulnerable | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | 12.2EY | Not vulnerable | 12.2(58)EY | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2EZ | Not vulnerable | to any release in | | | | 15.0SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2FX | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2FY | Not vulnerable | fixed in Release | | | | 12.2EX | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2FZ | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRA | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRB | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRC | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | 12.2(33)IRD1 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | 12.2(33)IRE3 | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; migrate | | 12.2IRF | to any release in | to any release in | | | 12.2IRG | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXD | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXE | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXG | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2IXH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2MRA | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | Not vulnerable | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(30)S are | 12.2(30)S are | | | vulnerable; Releases | vulnerable; Releases | | 12.2S | 12.2(30)S and later | 12.2(30)S and later | | | are not vulnerable. | are not vulnerable. | | | First fixed in | First fixed in | | | Release 12.2SB | Release 12.2SB | |------------+-----------------------+-----------------------| | | 12.2(31)SB20 | 12.2(31)SB2012.2(33) | | 12.2SB | | SB10 | | | 12.2(33)SB10 | | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SBC | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCA | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SCB | fixed in Release | fixed in Release | | | 12.2SCC | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | 12.2(33)SCC7 | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | | 12.2(33)SCD6 | | | 12.2SCD | | 12.2(33)SCD6 | | | 12.2(33)SCD7 | | |------------+-----------------------+-----------------------| | | 12.2(33)SCE1 | 12.2(33)SCE112.2(33) | | 12.2SCE | | SCE2 | | | 12.2(33)SCE2 | | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SE | Not vulnerable | 12.2(55)SE312.2(58)SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SEA | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SEB | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SEC | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SED | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SEE | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SEF | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(25)SEG4 are | | | | vulnerable; Releases | | 12.2SEG | Not vulnerable | 12.2(25)SEG4 and | | | | later are not | | | | vulnerable. First | | | | fixed in Release | | | | 12.2EX | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(40)SG are | 12.2(53)SG4 are | | 12.2SG | vulnerable; Releases | vulnerable; Releases | | | 12.2(40)SG and later | 12.2(53)SG4 and later | | | are not vulnerable. | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SGA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SM | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | Not vulnerable | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRA | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRB | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SRC | fixed in Release | fixed in Release | | | 12.2SRD | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | 12.2(33)SRD6 | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | 12.2(33)SRE3 | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Releases prior to | Releases prior to | | | 12.2(29a)SV are | 12.2(29a)SV are | | | vulnerable; Releases | vulnerable; Releases | | 12.2SV | 12.2(29a)SV and later | 12.2(29a)SV and later | | | are not vulnerable. | are not vulnerable. | | | Migrate to any | Migrate to any | | | release in 12.2SVD | release in 12.2SVD | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases prior to | Vulnerable; contact | | | 12.2(25)SW12 are | your support | | | vulnerable; Releases | organization per the | | 12.2SW | 12.2(25)SW12 and | instructions in the | | | later are not | Obtaining Fixed | | | vulnerable. | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SX | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXB | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXD | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SXE | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | 12.2(18)SXF17b | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | 12.2SXH | 12.2(33)SXH8a | 12.2(33)SXH8a | |------------+-----------------------+-----------------------| | 12.2SXI | 12.2(33)SXI6 | 12.2(33)SXI6 | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | 12.2(50)SY | 12.2(50)SY | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2SZ | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2TPC | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNA | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNB | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNC | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XND | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNE | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Please see Cisco | Please see Cisco | | 12.2XNF | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(54)XO are | | 12.2XO | Not vulnerable | vulnerable; Releases | | | | 12.2(54)XO and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases prior to | | | | 12.2(4)YA8 are | | | | vulnerable; Releases | Vulnerable; first | | 12.2YA | 12.2(4)YA8 and later | fixed in Release 12.4 | | | are not vulnerable. | | | | First fixed in | | | | Release 12.4 | | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YH | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | Releases prior to | your support | | | 12.2(8)YJ1 are | organization per the | | 12.2YJ | vulnerable; Releases | instructions in the | | | 12.2(8)YJ1 and later | Obtaining Fixed | | | are not vulnerable. | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YQ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YS | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YT | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YU | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | Releases prior to | your support | | | 12.2(11)YV1 are | organization per the | | 12.2YV | vulnerable; Releases | instructions in the | | | 12.2(11)YV1 and later | Obtaining Fixed | | | are not vulnerable. | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YX | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZA | fixed in Release | fixed in Release | | | 12.2SXF | 12.2SXF | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases prior to | | | | 12.2(13)ZH6 are | | | | vulnerable; Releases | Vulnerable; first | | 12.2ZH | 12.2(13)ZH6 and later | fixed in Release 12.4 | | | are not vulnerable. | | | | First fixed in | | | | Release 12.4 | | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.2ZU | fixed in Release | fixed in Release | | | 12.2SXH | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZY | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.2ZYA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.3 | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3B | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.3BC | Not vulnerable | fixed in Release | | | | 12.2SCC | |------------+-----------------------+-----------------------| | 12.3BW | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JEC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JED | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases up to and | Releases up to and | | | including 12.3(2)JK3 | including 12.3(2)JK3 | | | are not vulnerable. | are not vulnerable. | | 12.3JK | Releases 12.3(8)JK1 | Releases 12.3(8)JK1 | | | and later are not | and later are not | | | vulnerable. First | vulnerable. First | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3JX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3T | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | Releases up to and | your support | | | including 12.3(4) | organization per the | | 12.3TPC | TPC11a are not | instructions in the | | | vulnerable. | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.3VA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Releases prior to | | | | 12.3(2)XA7 are | | | | vulnerable; Releases | Vulnerable; first | | 12.3XA | 12.3(2)XA7 and later | fixed in Release 12.4 | | | are not vulnerable. | | | | First fixed in | | | | Release 12.4 | | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XC | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XD | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XE | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XF | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XG | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XI | fixed in Release | fixed in Release | | | 12.2SB | 12.2SB | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XJ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XK | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XL | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3XQ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XR | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XS | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3XU | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3XW | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 12.3XX | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3XY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3XZ | Vulnerable; first | Vulnerable; first | | | fixed in Release 12.4 | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YA | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.3YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YJ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.3YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.3YM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YQ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | | | | fixed in Release | | | | 12.4T | Vulnerable; first | | 12.3YS | | fixed in Release | | | Releases up to and | 12.4T | | | including 12.3(11)YS1 | | | | are not vulnerable. | | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3YU | fixed in Release | fixed in Release | | | 12.4XB | 12.4XB | |------------+-----------------------+-----------------------| | | Vulnerable; migrate | Vulnerable; first | | 12.3YX | to any release in | fixed in Release | | | 12.4XR | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.3YZ | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.3ZA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.4 | 12.4(25e) | 12.4(25f) | |------------+-----------------------+-----------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+-----------------------+-----------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | | | to any release in | | | | 12.4JA | | 12.4JX | Not vulnerable | | | | | Releases up to and | | | | including 12.4(21a)JX | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4MD | Not vulnerable | 12.4(24)MD6 on | | | | 28-Oct-2011 | |------------+-----------------------+-----------------------| | 12.4MDA | Not vulnerable | 12.4(24)MDA7 | |------------+-----------------------+-----------------------| | 12.4MDB | Not vulnerable | 12.4(24)MDB3 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4MRA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.4MRB | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.4(15)T15 | 12.4(15)T16 | | 12.4T | | | | | 12.4(24)T5 | 12.4(24)T6 | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XB | 12.4(2)XB12 | 12.4(2)XB12 | |------------+-----------------------+-----------------------| | 12.4XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XD | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.4XF | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XG | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Releases up to and | | | | including 12.4(15)XM | | | | are not vulnerable. | | | | | Vulnerable; first | | 12.4XM | Releases 12.4(15)XM3 | fixed in Release | | | and later are not | 12.4T | | | vulnerable. First | | | | fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XN | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XP | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.4XQ | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.4XR | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XT | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XW | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XY | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4XZ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 12.4YA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YB | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4YD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; fixed in | | | | 12.4(22)YE6 on | | 12.4YE | Not vulnerable | 30-Sept-2011; 12.4 | | | | (24)YE7 available on | | | | 17-Oct-2011 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4YG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | 15.0(1)M4 | | | 15.0M | | 15.0(1)M7 | | | 15.0(1)M5a | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0MRA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | 15.0(1)S3a | | | | | 15.0(1)S4 | | | 15.0(1)S4 | | | 15.0S | | Cisco IOS XE devices: | | | Cisco IOS XE devices: | Please see Cisco | | | Please see Cisco | IOS-XE Software | | | IOS-XE Software | Availability | | | Availability | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0SA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0SG | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0XO | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 15.1GC | Not vulnerable | fixed in Release | | | | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | Not vulnerable | 15.1(4)M2; Available | | | | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | 15.1(1)S1 | 15.1(2)S2 | | | | | | | 15.1(2)S | 15.1(3)S | | 15.1S | | | | | Cisco IOS XE devices: | Cisco IOS XE devices: | | | Please see Cisco | Please see Cisco | | | IOS-XE Software | IOS-XE Software | | | Availability | Availability | |------------+-----------------------+-----------------------| | | 15.1(1)T3 | | | | | | | | 15.1(2)T2 | 15.1(2)T4 15.1(1)T4 | | 15.1T | | on 8-Dec-2011 | | | 15.1(2)T2a | | | | | | | | 15.1(3)T | | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1XB | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2-based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- Cisco IOS XE Software is affected by the vulnerability disclosed in this document. +------------------------------------------------------------+ | Cisco | First | First Fixed Release for All | | IOS XE | Fixed | Advisories in the September 2011 | | Release | Release | Bundled Publication | |----------+------------+------------------------------------| | 2.1.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 2.2.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 2.3.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 2.4.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 2.5.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 2.6.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 3.1.xS | 3.1.3S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.1.xSG | Not | Vulnerable; migrate to 3.2.0SG or | | | vulnerable | later | |----------+------------+------------------------------------| | 3.2.xS | 3.2.1S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.2.xSG | Not | Not vulnerable | | | vulnerable | | |----------+------------+------------------------------------| | 3.3.xS | Not | 3.3.2S | | | vulnerable | | |----------+------------+------------------------------------| | 3.4.xS | Not | Not vulnerable | | | vulnerable | | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== This vulnerability can be mitigated by using Control Plane Policing (CoPP) to only allow IP Protocol 91 packets sent by valid peers. Mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20110928-dlsw.shtml Control Plane Policing +--------------------- Control Plane Policing (CoPP) can be used to block untrusted IP Protocol 91 packets sent to the affected device. Cisco IOS Software Releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP may be configured on a device to protect the management and control planes to minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting, and if configured, rate-limiting only authorized traffic that is sent to infrastructure devices in accordance with existing security policies and configurations. The following example, which uses 192.168.100.1 to represent a trusted host, can be adapted to your network. !-- Deny FST traffic on IP protocol 91 from trusted !-- hosts to all IP addresses configured on all interfaces of the affected device !-- so that it will be allowed by the CoPP feature access-list 111 deny 91 host 192.168.100.1 any !-- Permit all other FST traffic on IP protocol 91 !-- sent to all IP addresses configured on all interfaces of the affected !-- device so that it will be policed and dropped by the CoPP feature access-list 111 permit 91 any any !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 !-- and Layer4 traffic in accordance with existing security !-- policies and configurations for traffic that is authorized !-- to be sent to infrastructure devices !-- Create a Class-Map for traffic to be policed by !-- the CoPP feature class-map match-all drop-fst-91-class match access-group 111 !-- Create a Policy-Map that will be applied to the !-- Control-Plane of the device. policy-map input-CoPP-policy class drop-fst-91-class drop !-- Apply the Policy-Map to the Control-Plane of the !-- device control-plane service-policy input input-CoPP-policy In the above CoPP example, the access control list entries (ACEs) that match the potential exploit packets with the "permit" action result in these packets being discarded by the policy map "drop" function, while packets that match the deny action (not shown) are not affected by the policy-map drop function. Note that in the 12.2S and 12.0S Cisco IOS trains the policy-map syntax is different, as shown in the following example: policy-map input-CoPP-policy class drop-fst-91-class police 32000 1500 1500 conform-action drop exceed-action drop Additional information on the CoPP feature is available at: Control Plane Policing Implementation Best Practices. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered during Cisco internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110323-dlsw.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.…. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2EACgkQQXnnBKKRMNDlUwD/RunFKu5OItJXD8gTi5PtkxMz CoIx3+/EIJjznWKJnBoA/3bh8zYaW5Et3pvnmF9Hm2nImvFT1jMZOIv1zWfAMsXX =oqzZ -----END PGP SIGNATURE-----

1 0

Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability
by Cisco Systems Product Security Incident Response Team 28 Sep '11

28 Sep '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability Advisory ID: cisco-sa-20110928-ipsla Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= Vulnerable Products +------------------ Cisco devices that are running Cisco IOS Software are vulnerable when they are configured for IP SLA, either as responders or as originators of vulnerable IP SLA operations. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example shows output from a device that runs a Cisco IOS Software image: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at: http://www.cisco.com/web/about/security/intelligence/ios-ref.html Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by this vulnerability. Details ======= IP SLA is an embedded agent in Cisco IOS Software designed to measure and monitor common network performance metrics like jitter, latency (delay), and packet loss. The vulnerability that is described in this document is triggered by malformed UDP packets triggered by malformed IP SLA packets sent to the vulnerable device and port. A vulnerable device can be an IP SLA responder or the source device of a vulnerable IP SLA operation. This vulnerability is documented in Cisco bug ID CSCtk67073 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3272. Vulnerable IP SLA Responder Configurations +----------------------------------------- A device configured either as an IP SLA general responder or a permanent IP SLA UDP responder is vulnerable. The general responder processes IP SLA control protocol packets on UDP port 1967 and then may dynamically open vulnerable UDP ports according to the IP SLA operations requested using the control protocol. The configuration for a general responder is as follows: ip sla responder The IP SLA UDP permanent responder is also vulnerable. An example configuration is as follows: ip sla responder udp-echo port 300 There is no default UDP port number for the UDP permanent responder Alternatively, both the general responder and the permanent responder can be identified with the "show ip sla responder" command. The general responder is vulnerable when it has been enabled. The permanent responder is vulnerable only when it has been enabled and the "udpEcho Responder" is present. In the Following example, the general responder is not vulnerable because it has not been enabled but the permanent responder is vulnerable because it has been enabled with a UDP echo responder: Router# show ip sla responder General IP SLA Responder on Control port 1967 General IP SLA Responder is: Disabled Permanent Port IP SLA Responder Permanent Port IP SLA Responder is: Enabled udpEcho Responder: IP Address Port 0.0.0.0 300 Vulnerable IP SLA Source Device Configurations +--------------------------------------------- An IP SLA source device is a Cisco IOS device that has at least one IP SLA operation configured. To be vulnerable a probe originator needs to have at least one scheduled probe that uses either of the following IP SLA operations: * udp-jitter probe * udp-echo A vulnerable IP SLA source device configuration includes all the following commands: * An "ip sla" global configuration command to define an IP SLA operation * Either a "udp-echo" or a "udp-jitter" IP SLA configuration command * An "ip sla schedule" global configuration command that activates one of the probes that uses a vulnerable IP SLA operation The following examples show a source device that is configured for IP SLA UDP echo and UDP jitter probes: ip sla 201 udp-echo 192.168.134.21 201 ip sla schedule 201 start-time now ip sla 301 udp-jitter 192.168.134.121 122 ip sla schedule 301 start-time now The destination UDP ports for the probes need to be configured. If the source UDP port is not configured an available port number will be used when the probe is started. A device that originates a vulnerable operation will be vulnerable on the source UDP ports of the probe and a responder will be vulnerable on the destination UDP port used for the probe. IP SLA probes can be configured using Simple Network Management Protocol (SNMP). In that case, by default, the "show running configuration" command will not include the IP SLA probe configuration. The "show ip sla configuration" command can be used to verify whether a probe has been configured either by the command line or via SNMP. Router# show ip sla configuration | include operation Type of operation to perform: udp-jitter Type of operation to perform: udp-echo Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtk67073 ("IP SLA Memory Corruption Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability described in this document may result in the reload of a vulnerable device. Repeated exploitation could result in a DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release for | | 12.0-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.1-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.1-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.2-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.2-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.3-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.3-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.4-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.4-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 15.0-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 15.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 15.1-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------+------------------+----------------------------| | | | Vulnerable; contact your | | | | support organization per | | 15.1EY | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+------------------+----------------------------| | | Vulnerable; | Vulnerable; first fixed in | | 15.1GC | first fixed in | Release 15.1T | | | Release 15.1T | | |------------+------------------+----------------------------| | 15.1M | Not vulnerable | 15.1(4)M2; Available on | | | | 30-SEP-11 | |------------+------------------+----------------------------| | | | Vulnerable; contact your | | | | support organization per | | 15.1MR | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+------------------+----------------------------| | | 15.1(2)S | 15.1(2)S2 | | | | | | | Cisco IOS XE | 15.1(3)S | | 15.1S | devices: Please | | | | see Cisco IOS-XE | Cisco IOS XE devices: | | | Software | Please see Cisco IOS-XE | | | Availability | Software Availability | |------------+------------------+----------------------------| | | 15.1(1)T3 | 15.1(1)T4; Available on | | | | 08-DEC-11 | | 15.1T | 15.1(2)T4 | | | | | 15.1(2)T4 | | | 15.1(3)T2 | | | | | 15.1(3)T2 | |------------+------------------+----------------------------| | | Vulnerable; | Vulnerable; first fixed in | | 15.1XB | first fixed in | Release 15.1T | | | Release 15.1T | | |------------+------------------+----------------------------| | Affected | | First Fixed Release for | | 15.2-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 15.2-based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- Cisco IOS XE Software is affected by the vulnerability disclosed in this document. +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release | Advisories in the September | | Release | | 2011 Bundled Publication | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.1.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.2.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.3.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.4.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.5.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 2.6.x | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 3.1.xS | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | | Vulnerable; | | | 3.1.xSG | migrate to | Vulnerable; migrate to 3.2.0SG | | | 3.2.0SG or | or later | | | later | | |---------+-----------------+--------------------------------| | | Vulnerable; | Vulnerable; migrate to 3.3.2S | | 3.2.xS | migrate to | or later | | | 3.3.2S or later | | |---------+-----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |---------+-----------------+--------------------------------| | 3.3.xS | 3.3.0S | 3.3.2S | |---------+-----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== There are no workarounds for this vulnerability, but there are mitigations that can be deployed on a general IP SLA responder to reduce the exposure to this vulnerability. General IP SLA Responder Mitigation +---------------------------------- For devices that are configured as general responders, a mitigation is to restrict IP SLA control packets on UDP port 1967 that are addressed to the vulnerable device to permit only trusted probe originators to open UDP ports that could be exploited. This can be accomplished using techniques such as Infrastructure Access list or Control Plane Protection. For devices configured as general responders, mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20110928-ipsla.shtml IP SLA Permanent Responder Mitigation +------------------------------------ For the permanent responder, the mitigation is to filter UDP packets addressed to the configured UDP port of each permanent responder to permit packets from the IP addresses of trusted devices. IP SLA Source Devices Mitigation +------------------------------- For IP SLA source devices, a mitigation is to allow only UDP packets from trusted devices (that is, devices that are the target of IP SLA operations). Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found during Cisco internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-Sep-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.…. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2MACgkQQXnnBKKRMNBZ6gD/WbLQXIuIcQjySn9TOSycPflx p7H07864wibshk3qznsA/37viRZKYBrkXc+mgT5C5kIs9Elx3l+L5v0EDJ1K+jZI =OF08 -----END PGP SIGNATURE-----

1 0

Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service Vulnerability
by Cisco Systems Product Security Incident Response Team 28 Sep '11

28 Sep '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service Vulnerability Advisory ID: cisco-sa-20110928-ipv6 Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= This vulnerability affects devices that are running Cisco IOS Software and configured for IPv6 operation. IPv6 is not enabled by default in Cisco IOS Software. Vulnerable Products +------------------ Cisco devices that are running an affected version of Cisco IOS Software and configured for IPv6 operation are vulnerable. A device that is running Cisco IOS Software and that has IPv6 enabled will show some interfaces with assigned IPv6 addresses when the "show ipv6 interface brief" command is executed. The "show ipv6 interface brief" command will produce an error message if the version of Cisco IOS Software in use does not support IPv6, or will not show any interfaces with IPv6 address if IPv6 is disabled. The system is not vulnerable in these scenarios. Sample output of the "show ipv6 interface brief" command on a system that is configured for IPv6 operation follows: router>show ipv6 interface brief FastEthernet0/0 [up/up] FE80::222:90FF:FEB0:1098 2001:DB8:2:93::3 200A:1::1 FastEthernet0/1 [up/up] FE80::222:90FF:FEB0:1099 2001:DB8:2:94::1 Serial0/0/0 [down/down] unassigned Serial0/0/0.4 [down/down] unassigned Serial0/0/0.5 [down/down] unassigned Serial0/0/0.6 [down/down] unassigned Alternatively, the IPv6 protocol is enabled if the interface configuration command "ipv6 address <IPv6 address>" or "ipv6 enable" is present in the configuration. Both may be present, as shown in the vulnerable configuration in the following example shows: interface FastEthernet0/1 ipv6 address 2001:0DB8:C18:1::/64 eui-64 ! interface FastEthernet0/2 ipv6 enable A device that is running Cisco IOS Software and that has IPv6 enabled on a physical or logical interface is vulnerable even if ipv6 unicast-routing is globally disabled (that is, the device is not routing IPv6 packets). To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Products Confirmed Not Vulnerable +-------------------------------- Cisco IOS XR Software and Cisco IOS XE Software are not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability. Details ======= IPv6, which was designed by the Internet Engineering Task Force (IETF), is intended to replace the current version, IP Version 4 (IPv4). A vulnerability exists when Cisco IOS Software processes IPv6 packets. An attacker could exploit this vulnerability by sending malformed IPv6 packets to physical or logical interfaces that are configured to process IPv6 traffic. Transit traffic cannot trigger this vulnerability. Exploitation could cause an affected system to reload. This vulnerability is documented in Cisco bug ID CSCtj41194, and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0944. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtj41194 ("Crafted IPv6 packet causes device reload") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability that is described in this advisory may cause a reload of an affected device. Repeated exploitation could result in a sustained denial of service condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release for | | 12.0-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.0 based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.1-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------+--------------------+--------------------------| | 12.1E | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SXF | |------------+--------------------+--------------------------| | Affected | | First Fixed Release for | | 12.2-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------+--------------------+--------------------------| | 12.2 | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | 12.2B | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | 12.2BC | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2BX | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SB | |------------+--------------------+--------------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2CX | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2CZ | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SB | |------------+--------------------+--------------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Releases up to and | | 12.2EW | Not vulnerable | including 12.2(20)EW4 | | | | are not vulnerable. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2EWA | Not vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2EX | Not vulnerable | 12.2(55)EX3 | |------------+--------------------+--------------------------| | 12.2EY | Not vulnerable | 12.2(58)EY | |------------+--------------------+--------------------------| | 12.2EZ | Not vulnerable | Vulnerable; migrate to | | | | any release in 15.0SE | |------------+--------------------+--------------------------| | 12.2FX | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SE | |------------+--------------------+--------------------------| | 12.2FY | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2EX | |------------+--------------------+--------------------------| | 12.2FZ | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SE | |------------+--------------------+--------------------------| | 12.2IRA | Not vulnerable | Vulnerable; migrate to | | | | any release in 12.2IRG | |------------+--------------------+--------------------------| | 12.2IRB | Not vulnerable | Vulnerable; migrate to | | | | any release in 12.2IRG | |------------+--------------------+--------------------------| | 12.2IRC | Not vulnerable | Vulnerable; migrate to | | | | any release in 12.2IRG | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2IRD | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2IRE | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2IRF | Not vulnerable | Vulnerable; migrate to | | | | any release in 12.2IRG | |------------+--------------------+--------------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2IXA | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2IXB | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2IXC | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2IXD | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2IXE | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2IXF | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2IXG | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2IXH | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2MC | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | 12.2MRA | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SRD | |------------+--------------------+--------------------------| | 12.2MRB | Not vulnerable | 12.2(33)MRB5 | |------------+--------------------+--------------------------| | | | Releases prior to 12.2 | | | | (30)S are vulnerable; | | 12.2S | Not vulnerable | Releases 12.2(30)S and | | | | later are not | | | | vulnerable. First fixed | | | | in Release 12.2SB | |------------+--------------------+--------------------------| | 12.2SB | Not vulnerable | 12.2(31)SB2012.2(33)SB10 | |------------+--------------------+--------------------------| | 12.2SBC | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SB | |------------+--------------------+--------------------------| | 12.2SCA | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SCC | |------------+--------------------+--------------------------| | 12.2SCB | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SCC | |------------+--------------------+--------------------------| | 12.2SCC | Not vulnerable | 12.2(33)SCC7 | |------------+--------------------+--------------------------| | 12.2SCD | Not vulnerable | 12.2(33)SCD6 | |------------+--------------------+--------------------------| | 12.2SCE | Not vulnerable | 12.2(33)SCE112.2(33)SCE2 | |------------+--------------------+--------------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2SE | Not vulnerable | 12.2(55)SE312.2(58)SE | |------------+--------------------+--------------------------| | 12.2SEA | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SE | |------------+--------------------+--------------------------| | 12.2SEB | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SE | |------------+--------------------+--------------------------| | 12.2SEC | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SE | |------------+--------------------+--------------------------| | 12.2SED | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SE | |------------+--------------------+--------------------------| | 12.2SEE | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SE | |------------+--------------------+--------------------------| | 12.2SEF | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SE | |------------+--------------------+--------------------------| | | | Releases prior to 12.2 | | | | (25)SEG4 are vulnerable; | | 12.2SEG | Not vulnerable | Releases 12.2(25)SEG4 | | | | and later are not | | | | vulnerable. First fixed | | | | in Release 12.2EX | |------------+--------------------+--------------------------| | | | Releases prior to 12.2 | | | | (53)SG4 are vulnerable; | | 12.2SG | Not vulnerable | Releases 12.2(53)SG4 and | | | | later are not | | | | vulnerable. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2SGA | Not vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2SM | Not vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2SQ | Not vulnerable | 12.2(50)SQ3 | |------------+--------------------+--------------------------| | 12.2SRA | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SRD | |------------+--------------------+--------------------------| | 12.2SRB | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SRD | |------------+--------------------+--------------------------| | 12.2SRC | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SRD | |------------+--------------------+--------------------------| | 12.2SRD | Not vulnerable | 12.2(33)SRD6 | |------------+--------------------+--------------------------| | 12.2SRE | Not vulnerable | 12.2(33)SRE4 | |------------+--------------------+--------------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2SU | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | | | Releases prior to 12.2 | | | | (29a)SV are vulnerable; | | 12.2SV | Not vulnerable | Releases 12.2(29a)SV and | | | | later are not | | | | vulnerable. Migrate to | | | | any release in 12.2SVD | |------------+--------------------+--------------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2SW | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2SX | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SXF | |------------+--------------------+--------------------------| | 12.2SXA | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SXF | |------------+--------------------+--------------------------| | 12.2SXB | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SXF | |------------+--------------------+--------------------------| | 12.2SXD | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SXF | |------------+--------------------+--------------------------| | 12.2SXE | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SXF | |------------+--------------------+--------------------------| | 12.2SXF | Not vulnerable | 12.2(18)SXF17b | |------------+--------------------+--------------------------| | 12.2SXH | Not vulnerable | 12.2(33)SXH8a | |------------+--------------------+--------------------------| | 12.2SXI | Not vulnerable | 12.2(33)SXI6 | |------------+--------------------+--------------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2SY | Not vulnerable | 12.2(50)SY | |------------+--------------------+--------------------------| | 12.2SZ | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SB | |------------+--------------------+--------------------------| | 12.2T | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2TPC | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XB | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | See Cisco IOS-XE | See Cisco IOS-XE | | 12.2XNA | Software | Software Availability | | | Availability | | |------------+--------------------+--------------------------| | | See Cisco IOS-XE | See Cisco IOS-XE | | 12.2XNB | Software | Software Availability | | | Availability | | |------------+--------------------+--------------------------| | | See Cisco IOS-XE | See Cisco IOS-XE | | 12.2XNC | Software | Software Availability | | | Availability | | |------------+--------------------+--------------------------| | | See Cisco IOS-XE | See Cisco IOS-XE | | 12.2XND | Software | Software Availability | | | Availability | | |------------+--------------------+--------------------------| | | See Cisco IOS-XE | See Cisco IOS-XE | | 12.2XNE | Software | Software Availability | | | Availability | | |------------+--------------------+--------------------------| | | See Cisco IOS-XE | See Cisco IOS-XE | | 12.2XNF | Software | Software Availability | | | Availability | | |------------+--------------------+--------------------------| | | | Releases prior to 12.2 | | | | (54)XO are vulnerable; | | 12.2XO | Not vulnerable | Releases 12.2(54)XO and | | | | later are not | | | | vulnerable. | |------------+--------------------+--------------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2YA | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YF | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YG | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YH | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YJ | Not vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YL | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2YM | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YN | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YQ | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YR | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YS | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YT | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YU | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YV | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YW | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YX | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YY | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2YZ | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2ZA | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SXF | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2ZB | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2ZE | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | 12.2ZF | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2ZH | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4 | |------------+--------------------+--------------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2ZL | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.2ZU | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.2SXH | |------------+--------------------+--------------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2ZY | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.2ZYA | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | Affected | | First Fixed Release for | | 12.3-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 12.3 based releases | |------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.4-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------+--------------------+--------------------------| | 12.4 | Not vulnerable | 12.4(25f) | |------------+--------------------+--------------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+--------------------+--------------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Vulnerable; migrate to | | | | any release in 12.4JA | | 12.4JX | Not vulnerable | | | | | Releases up to and | | | | including 12.4(21a)JX | | | | are not vulnerable. | |------------+--------------------+--------------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4MD | Not vulnerable | 12.4(24)MD6 on | | | | 28-Oct-2011 | |------------+--------------------+--------------------------| | 12.4MDA | Not vulnerable | 12.4(24)MDA7 | |------------+--------------------+--------------------------| | 12.4MDB | Not vulnerable | 12.4(24)MDB3 | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.4MR | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.4MRA | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.4MRB | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | Only 12.4(24)T | | | | through 12.4(24)T4 | 12.4(24)T6 | | 12.4T | are affected; | | | | first fixed in | 12.4(15)T16 | | | 12.4(24)T3c and | | | | 12.4(24)T5 | | |------------+--------------------+--------------------------| | 12.4XA | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4XB | Not vulnerable | 12.4(2)XB12 | |------------+--------------------+--------------------------| | 12.4XC | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4XD | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4XE | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4XF | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4XG | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4XJ | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.4XL | Not vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.4XM | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.4XN | Not vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.4XP | Not vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 12.4XQ | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4XR | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4XT | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | 12.4XW | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4XY | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4XZ | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | 12.4YA | Not vulnerable | Vulnerable; First fixed | | | | in Release 12.4T | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.4YB | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.4YD | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; fixed in | | | | 12.4(22)YE6 on | | 12.4YE | Not vulnerable | 30-Sept-2011; 12.4(24) | | | | YE7 available on | | | | 17-Oct-2011 | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 12.4YG | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | Affected | | First Fixed Release for | | 15.0-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------+--------------------+--------------------------| | 15.0M | 15.0(1)M5 | 15.0(1)M7 | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 15.0MR | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 15.0MRA | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | Not vulnerable | 15.0(1)S4 | | | | | | 15.0S | Cisco IOS XE | Cisco IOS XE devices: | | | devices: see Cisco | see Cisco IOS-XE | | | IOS-XE Software | Software Availability | | | Availability | | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 15.0SA | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+--------------------+--------------------------| | | Cisco IOS XE | Cisco IOS XE devices: | | 15.0SG | devices: see Cisco | see Cisco IOS-XE | | | IOS-XE Software | Software Availability | | | Availability | | |------------+--------------------+--------------------------| | | Vulnerable; First | Vulnerable; First fixed | | 15.0XA | fixed in Release | in Release 15.1T | | | 15.1T | | |------------+--------------------+--------------------------| | | Cisco IOS XE | | | | devices: Please | Cisco IOS XE devices: | | 15.0XO | see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software | Software Availability | | | Availability | | |------------+--------------------+--------------------------| | Affected | | First Fixed Release for | | 15.1-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 15.1EY | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | 15.1GC | Not vulnerable | Vulnerable; First fixed | | | | in Release 15.1T | |------------+--------------------+--------------------------| | 15.1M | Not vulnerable | 15.1(4)M2; Available on | | | | 30-SEP-11 | |------------+--------------------+--------------------------| | | | Vulnerable; contact your | | | | support organization per | | 15.1MR | Not vulnerable | the instructions in the | | | | Obtaining Fixed Software | | | | section of this | | | | advisory. | |------------+--------------------+--------------------------| | | Not vulnerable | 15.1(2)S2 | | | | | | | Cisco IOS XE | 15.1(3)S | | 15.1S | devices: See Cisco | | | | IOS-XE Software | Cisco IOS XE devices: | | | Availability | See Cisco IOS-XE | | | | Software Availability | |------------+--------------------+--------------------------| | | 15.1(1)T3 | | | | | 15.1(2)T4 15.1(1)T4 on | | 15.1T | 15.1(2)T3 | 8-Dec-2011 | | | | | | | 15.1(3)T1 | | |------------+--------------------+--------------------------| | | Vulnerable; First | Vulnerable; First fixed | | 15.1XB | fixed in Release | in Release 15.1T | | | 15.1T | | |------------+--------------------+--------------------------| | Affected | | First Fixed Release for | | 15.2-Based | First Fixed | All Advisories in the | | Releases | Release | September 2011 Bundled | | | | Publication | |------------------------------------------------------------| | There are no affected 15.2 based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +------------------------------------------------------------+ | Cisco | First | First Fixed Release for All | | IOS XE | Fixed | Advisories in the September 2011 | | Release | Release | Bundled Publication | |----------+------------+------------------------------------| | 2.1.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 2.2.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 2.3.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 2.4.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 2.5.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 2.6.x | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 3.1.xS | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 3.1.xSG | Not | Vulnerable; migrate to 3.2.0SG or | | | vulnerable | later | |----------+------------+------------------------------------| | 3.2.xS | Not | Vulnerable; migrate to 3.3.2S or | | | vulnerable | later | |----------+------------+------------------------------------| | 3.2.xSG | Not | Not vulnerable | | | vulnerable | | |----------+------------+------------------------------------| | 3.3.xS | Not | 3.3.2S | | | vulnerable | | |----------+------------+------------------------------------| | 3.4.xS | Not | Not vulnerable | | | vulnerable | | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== There are no workarounds for this vulnerability if IPv6 configuration is required. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. This vulnerability was discovered by Cisco during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.…. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2UACgkQQXnnBKKRMNDOnwD/dwZvi6wHRpTsYyfLbLrCfyOs 8+WevPYlJBddySoqwHYA/14o6NuZ2rculYMYCusovUgM/SZf3N+euXWs897W6V5M =uQiZ -----END PGP SIGNATURE-----

1 0

Cisco Security Advisory: Cisco IOS Software IPv6 over MPLS Vulnerabilities
by Cisco Systems Product Security Incident Response Team 28 Sep '11

28 Sep '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software IPv6 over MPLS Vulnerabilities Advisory ID: cisco-sa-20110928-ipv6mpls Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco IOS Software is affected by two vulnerabilities that cause a Cisco IOS device to reload when processing IP version 6 (IPv6) packets over a Multiprotocol Label Switching (MPLS) domain. These vulnerabilities are: * Crafted IPv6 Packet May Cause MPLS-Configured Device to Reload * ICMPv6 Packet May Cause MPLS-Configured Device to Reload Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6mpls.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= Vulnerable Products +------------------ Cisco IOS Software or Cisco IOS XE Software devices (hereafter both referenced as Cisco IOS Software in this document) that are running vulnerable versions of Cisco IOS Software and configured for MPLS are affected by two vulnerabilities related to IPv6 traffic that traverses an MPLS domain. The two vulnerabilities are independent of each other. Note: IPv6 does not need to be configured on the affected devices themselves. The vulnerabilities do require the MPLS label switched packets to have specific IPv6 payloads to be exploited. To determine whether a device is configured for MPLS, log in to the device and issue the command-line interface (CLI) command "show mpls interface". If the IP state is "Yes", the device is vulnerable. The following example shows a device that has MPLS configured on interface Ethernet0/0: Router#show mpls interface Interface IP Tunnel BGP Static Operational Ethernet0/0 Yes (ldp) No No No Yes Router# The following two examples show responses from a device with MPLS forwarding disabled. The first example shows a return of no interfaces: router#show mpls interface Interface IP Tunnel BGP Static Operational routers# In the second example, the device provides a message indicating that MPLS forwarding is not configured: router#show mpls interface no MPLS apps enabled or MPLS not enabled on any interfaces router# To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide at http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Products Confirmed Not Vulnerable +-------------------------------- Devices that are not configured for MPLS are not vulnerable. The following products have been confirmed not to be affected by these vulnerabilities: * Cisco IOS XR Software No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= The packet handling nodes in an MPLS network are called provider routers (P routers) and provider edge routers (PE routers) and are configured with MPLS. Both P and PE routers are vulnerable to both the vulnerabilities disclosed in this advisory. In networks that have MPLS enabled and could carry MPLS label switched packets with IPv6 payloads, the device may crash when processing MPLS label switched packets with specific IPv6 payloads. Typical deployment scenarios that would be affected by either vulnerability would be Cisco IPv6 Provider Edge Router (6PE) or IPv6 VPN Provider Edge Router (6VPE). Crafted IPv6 Packet May Cause MPLS-Configured Device to Reload +------------------------------------------------------------- A crafted IPv6 packet may cause the device to crash when the packet is processed by Cisco IOS Software because the MPLS TTL has expired. The crafted packet used to exploit this vulnerability would be silently discarded in Cisco IOS Software if received on an interface where the packet did not have an MPLS label. This vulnerability is documented in Cisco bug ID CSCto07919 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3274. ICMPv6 Packet May Cause MPLS-Configured Device to Reload +------------------------------------------------------------- A valid ICMPv6 packet may cause the device to crash when the packet is processed by Cisco IOS Software because the MPLS TTL has expired. The packet used to exploit this vulnerability would not affect Cisco IOS Software if received on an interface where the packet did not have an MPLS label. This vulnerability is documented in Cisco bug ID CSCtj30155 and has been assigned CVE ID CVE-2011-3282. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCto07919 ("Crafted IPv6 packet may cause MPLS configured device to reload") CVSS Base Score - 6.1 Access Vector - Adjacent Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.0 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtj30155 ("ICMPv6 packet may cause MPLS configured device to reload") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of these vulnerabilities may cause the device to reload. Repeated exploitation could result in a sustained denial of service condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | For This Advisory | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | For This Advisory | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.1E | Not vulnerable | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | For This Advisory | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2B | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BC | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2BX | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2CZ | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Releases up to and | | 12.2EW | Not vulnerable | including 12.2(20)EW4 | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2EWA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | Not vulnerable | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | 12.2EY | Not vulnerable | 12.2(58)EY | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2EZ | Not vulnerable | to any release in | | | | 15.0SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2FX | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2FY | Not vulnerable | fixed in Release | | | | 12.2EX | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2FZ | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRA | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRB | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRC | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRF | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXB | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXC | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXE | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXF | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXH | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2MRA | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | Not vulnerable | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(30)S are | | | | vulnerable; Releases | | 12.2S | Not vulnerable | 12.2(30)S and later | | | | are not vulnerable. | | | | First fixed in | | | | Release 12.2SB | |------------+-----------------------+-----------------------| | | | 12.2(31)SB20 | | 12.2SB | Not vulnerable | | | | | 12.2(33)SB10 | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SBC | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SCA | Not vulnerable | fixed in Release | | | | 12.2SCC | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SCB | Not vulnerable | fixed in Release | | | | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | Not vulnerable | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | 12.2SCD | Not vulnerable | 12.2(33)SCD6 | |------------+-----------------------+-----------------------| | | | 12.2(33)SCE1 | | 12.2SCE | Not vulnerable | | | | | 12.2(33)SCE2 | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | 12.2(55)SE3 | | 12.2SE | Not vulnerable | | | | | 12.2(58)SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SEA | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SEB | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SEC | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SED | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SEE | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SEF | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(25)SEG4 are | | | | vulnerable; Releases | | 12.2SEG | Not vulnerable | 12.2(25)SEG4 and | | | | later are not | | | | vulnerable. First | | | | fixed in Release | | | | 12.2EX | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(53)SG4 are | | 12.2SG | Not vulnerable | vulnerable; Releases | | | | 12.2(53)SG4 and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SGA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SM | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | Not vulnerable | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SRA | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SRB | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SRC | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | Not vulnerable | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | 12.2(33)SRE4 | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(29a)SV are | | | | vulnerable; Releases | | 12.2SV | Not vulnerable | 12.2(29a)SV and later | | | | are not vulnerable. | | | | Migrate to any | | | | release in 12.2SVD | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SW | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SX | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SXA | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SXB | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SXD | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SXE | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | Not vulnerable | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | 12.2SXH | Not vulnerable | 12.2(33)SXH8a | |------------+-----------------------+-----------------------| | 12.2SXI | Not vulnerable | 12.2(33)SXI6 | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | Not vulnerable | 12.2(50)SY | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2SZ | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2TPC | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XNA | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNB | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNC | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XND | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNE | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNF | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(54)XO are | | 12.2XO | Not vulnerable | vulnerable; Releases | | | | 12.2(54)XO and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YA | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YF | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YH | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YJ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YL | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YN | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YQ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YS | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YT | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YU | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YV | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YW | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YX | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YZ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2ZA | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZB | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZH | Not vulnerable | Vulnerable; first | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZL | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; first | | 12.2ZU | Not vulnerable | fixed in Release | | | | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZYA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | For This Advisory | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.3-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | For This Advisory | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.4-based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | For This Advisory | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MR | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 15.0MRA | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | 15.0S | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0SA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 15.0SG | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.0XO | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | For This Advisory | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1GC | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | 15.1(4)M1 | 15.1(4)M2; Available | | | | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 15.1S | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | 15.1(1)T4; Available | | | | on 09-DEC-11 | 15.1(2)T4 | | 15.1T | | | | | 15.1(2)T4 | 15.1(1)T4 on | | | | 8-Dec-2011 | | | 15.1(3)T2 | | |------------+-----------------------+-----------------------| | | Vulnerable; first | Vulnerable; first | | 15.1XB | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | For This Advisory | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2-based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- Cisco IOS XE Software is affected by the vulnerability disclosed in this document. +------------------------------------------------------------+ | Cisco | First Fixed | First Fixed Release for All | | IOS XE | Release For | Advisories in the September | | Release | This Advisory | 2011 Bundled Publication | |----------+----------------+--------------------------------| | | Vulnerable; | | | 2.1.x | migrate to | Vulnerable; migrate to 3.3.2S | | | 3.3.2S or | or later | | | later | | |----------+----------------+--------------------------------| | | Vulnerable; | | | 2.2.x | migrate to | Vulnerable; migrate to 3.3.2S | | | 3.3.2S or | or later | | | later | | |----------+----------------+--------------------------------| | | Vulnerable; | | | 2.3.x | migrate to | Vulnerable; migrate to 3.3.2S | | | 3.3.2S or | or later | | | later | | |----------+----------------+--------------------------------| | | Vulnerable; | | | 2.4.x | migrate to | Vulnerable; migrate to 3.3.2S | | | 3.3.2S or | or later | | | later | | |----------+----------------+--------------------------------| | | Vulnerable; | | | 2.5.x | migrate to | Vulnerable; migrate to 3.3.2S | | | 3.3.2S or | or later | | | later | | |----------+----------------+--------------------------------| | | Vulnerable; | | | 2.6.x | migrate to | Vulnerable; migrate to 3.3.2S | | | 3.3.2S or | or later | | | later | | |----------+----------------+--------------------------------| | 3.1.xS | 3.1.4S | Vulnerable; migrate to 3.3.2S | | | | or later | |----------+----------------+--------------------------------| | 3.1.xSG | Not vulnerable | Vulnerable; migrate to 3.2.0SG | | | | or later | |----------+----------------+--------------------------------| | | Vulnerable; | | | 3.2.xS | migrate to | Vulnerable; migrate to 3.3.2S | | | 3.3.2S or | or later | | | later | | |----------+----------------+--------------------------------| | 3.2.xSG | Not vulnerable | Not vulnerable | |----------+----------------+--------------------------------| | 3.3.xS | 3.3.2S | 3.3.2S | |----------+----------------+--------------------------------| | 3.4.xS | Not vulnerable | Not vulnerable | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR Software +-------------------- Cisco IOS XR Software is not affected by the vulnerability disclosed in this document. Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== For both vulnerabilities the following workaround applies: Disabling MPLS TTL Propagation +----------------------------- Disabling MPLS TTL propagation will prevent exploitation of these vulnerabilities. MPLS TTL propagation will have to be disabled on all PE routers in the MPLS domain. To disable MPLS TTL propagation, enter the global configuration command "no mpls ip propagate-ttl". If only "no mpls ip propagate-ttl forward" is configured, the vulnerabilities could still be exploited from within the MPLS domain. For more information about the MPLS TTL propagation command, refer to the configuration guide at: http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_m1.html#wp101… Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/ tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were discovered when handling customer support calls. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6mpls.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.…. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2QACgkQQXnnBKKRMNBQSAD9F2jD01t7WK98WW1TcHuB0ORh ttZaRD2ayENEbxklbQgA/j6rRzsG/jk1QW1pJjZme3WKwdvNLy9BzRPTsONBz5Cv =kk0N -----END PGP SIGNATURE-----

1 0

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
by Cisco Systems Product Security Incident Response Team 28 Sep '11

28 Sep '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities Advisory ID: cisco-sa-20110928-sip Revision 1.0 For Public Release 2011 September 28 1600 UTC (GMT) +-------------------------------------------------------------------- Summary ======= Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Cisco Unified Communications Manager (CUCM) is affected by one of the vulnerabilities described in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerability that affects the Cisco Unified Communications Manager at the following location: http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml Vulnerable Products +------------------ Cisco devices are affected when they are running affected Cisco IOS Software and Cisco IOS XE Software versions that are configured to process SIP messages. Recent versions of Cisco IOS Software do not process SIP messages by default. Creating a dial peer by issuing the "dial-peer voice" configuration command will start the SIP processes, causing the Cisco IOS device to process SIP messages. In addition, several features in Cisco Unified Communications Manager Express, such as ephones, will automatically start the SIP process when they are configured, which could cause the affected device to start processing SIP messages. An example of an affected configuration follows: dial-peer voice <Voice dial-peer tag> voip ... ! In addition to inspecting the Cisco IOS device configuration for a "dial-peer" command that causes the device to process SIP messages, administrators can also use the "show processes | include SIP" command to determine whether Cisco IOS Software is running the processes that handle SIP messages. In the following example, the presence of the processes CCSIP_UDP_SOCKET or CCSIP_TCP_SOCKET indicates that the Cisco IOS device will process SIP messages: Router# show processes | include SIP 149 Mwe 40F48254 4 1 400023108/24000 0 CCSIP_UDP_SOCKET 150 Mwe 40F48034 4 1 400023388/24000 0 CCSIP_TCP_SOCKET Note: Because there are several ways a device running Cisco IOS Software can start processing SIP messages, the "show processes | include SIP" command should be used to determine whether the device is processing SIP messages instead of relying on the presence of specific configuration commands. Cisco Unified Border Element images are also affected by two of these vulnerabilities. Note: The Cisco Unified Border Element feature (previously known as the Cisco Multiservice IP-to-IP Gateway) is a special Cisco IOS Software image that runs on Cisco multiservice gateway platforms. This feature provides a network-to-network interface point for billing, security, call admission control, quality of service, and signaling interworking. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Cisco IOS XE Software is affected by these vulnerabilities. Note: Cisco Unified Communications Manager is affected by one of the vulnerabilities described in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerability that affects the Cisco Unified Communications Manager at the following location: http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml Products Confirmed Not Vulnerable +-------------------------------- The SIP application layer gateway (ALG), which is used by the Cisco IOS Network Address Translation (NAT) and firewall features of Cisco IOS Software, is not affected by these vulnerabilities. Cisco IOS XR Software is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= SIP is a popular signaling protocol that is used to manage voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol has the flexibility to accommodate other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP port 5061) as the underlying transport protocol. Multiple vulnerabilities exist in the SIP implementation in Cisco IOS Software that could allow a remote attacker to cause an affected device to reload or to trigger memory leaks that may result in system instabilities. These vulnerabilities are triggered when the device that is running Cisco IOS Software processes crafted SIP messages. Only traffic destined to the device can trigger the vulnerabilities; transit SIP traffic is not an exploit vector. Note: In cases where SIP is running over TCP transport, a TCP three-way handshake is necessary to exploit these vulnerabilities. The vulnerabilities are as follow: CSCth03022 may cause a reload of an affected device. This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0939. CSCti48504 may cause memory leaks. This vulnerability has been assigned CVE ID CVE-2011-3275. CSCto88686 may cause memory leaks or reloads of affected devices. This vulnerability has been assigned CVE ID CVE-2011-2072. Note: this vulnerability also affects Cisco Unified Communications Manager. The corresponding Cisco bug ID is CSCtl86047. Refer to the separate Cisco Security Advisory for the Cisco Unified Communications Manager for additional details. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss Note that all vulnerabilities in this advisory (CSCth03022, CSCti48504, and CSCto88686) have been scored in an identical manner, assuming a complete denial of service (DoS) condition. * CSCth03022, CSCti48504, CSCto88686 CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities in this advisory may result in system instabilities or a reload of an affected device. Repeated exploitation could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. Cisco IOS Software +----------------- Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | | First Fixed Release | | 12.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0 based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.1E | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.2 | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2B | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BC | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2BX | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2CX | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2CZ | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Releases up to and | | 12.2EW | Not vulnerable | including 12.2(20)EW4 | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2EWA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2EX | Not vulnerable | 12.2(55)EX3 | |------------+-----------------------+-----------------------| | 12.2EY | Not vulnerable | 12.2(58)EY | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2EZ | Not vulnerable | to any release in | | | | 15.0SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2FX | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2FY | Not vulnerable | fixed in Release | | | | 12.2EX | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2FZ | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRA | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRB | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRC | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IRE | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | 12.2IRF | Not vulnerable | to any release in | | | | 12.2IRG | |------------+-----------------------+-----------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXB | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXC | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXE | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXF | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2IXH | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2MC | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2MRA | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2MRB | Not vulnerable | 12.2(33)MRB5 | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(30)S are | | | | vulnerable; Releases | | 12.2S | Not vulnerable | 12.2(30)S and later | | | | are not vulnerable. | | | | First fixed in | | | | Release 12.2SB | |------------+-----------------------+-----------------------| | 12.2SB | Not vulnerable | 12.2(31)SB2012.2(33) | | | | SB10 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SBC | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SCA | Not vulnerable | fixed in Release | | | | 12.2SCC | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SCB | Not vulnerable | fixed in Release | | | | 12.2SCC | |------------+-----------------------+-----------------------| | 12.2SCC | Not vulnerable | 12.2(33)SCC7 | |------------+-----------------------+-----------------------| | 12.2SCD | Not vulnerable | 12.2(33)SCD6 | |------------+-----------------------+-----------------------| | 12.2SCE | Not vulnerable | 12.2(33)SCE112.2(33) | | | | SCE2 | |------------+-----------------------+-----------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SE | Not vulnerable | 12.2(55)SE312.2(58)SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEA | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEB | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEC | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SED | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEE | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SEF | Not vulnerable | fixed in Release | | | | 12.2SE | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(25)SEG4 are | | | | vulnerable; Releases | | 12.2SEG | Not vulnerable | 12.2(25)SEG4 and | | | | later are not | | | | vulnerable. First | | | | fixed in Release | | | | 12.2EX | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(53)SG4 are | | 12.2SG | Not vulnerable | vulnerable; Releases | | | | 12.2(53)SG4 and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SGA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SM | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SQ | Not vulnerable | 12.2(50)SQ3 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SRA | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SRB | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SRC | Not vulnerable | fixed in Release | | | | 12.2SRD | |------------+-----------------------+-----------------------| | 12.2SRD | Not vulnerable | 12.2(33)SRD6 | |------------+-----------------------+-----------------------| | 12.2SRE | Not vulnerable | 12.2(33)SRE4 | |------------+-----------------------+-----------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SU | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(29a)SV are | | | | vulnerable; Releases | | 12.2SV | Not vulnerable | 12.2(29a)SV and later | | | | are not vulnerable. | | | | Migrate to any | | | | release in 12.2SVD | |------------+-----------------------+-----------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2SW | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SX | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXA | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXB | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXD | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SXE | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | 12.2SXF | Not vulnerable | 12.2(18)SXF17b | |------------+-----------------------+-----------------------| | 12.2SXH | Not vulnerable | 12.2(33)SXH8a | |------------+-----------------------+-----------------------| | 12.2SXI | Not vulnerable | 12.2(33)SXI6 | |------------+-----------------------+-----------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2SY | Not vulnerable | 12.2(50)SY | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2SZ | Not vulnerable | fixed in Release | | | | 12.2SB | |------------+-----------------------+-----------------------| | 12.2T | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2TPC | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XB | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XNA | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNB | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNC | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XND | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNE | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | 12.2XNF | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | | Releases prior to | | | | 12.2(54)XO are | | 12.2XO | Not vulnerable | vulnerable; Releases | | | | 12.2(54)XO and later | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YA | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YF | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YH | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YJ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YL | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YM | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YN | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YQ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YS | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YT | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YU | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YV | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YW | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YX | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2YZ | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2ZA | Not vulnerable | fixed in Release | | | | 12.2SXF | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZB | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZE | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZF | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.2ZH | Not vulnerable | Vulnerable; First | | | | fixed in Release 12.4 | |------------+-----------------------+-----------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZL | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.2ZU | Not vulnerable | fixed in Release | | | | 12.2SXH | |------------+-----------------------+-----------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.2ZYA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 12.3-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 12.3 based releases | |------------------------------------------------------------| | Affected | | First Fixed Release | | 12.4-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 12.4 | Not vulnerable | 12.4(25f) | |------------+-----------------------+-----------------------| | 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 | |------------+-----------------------+-----------------------| | 12.4JA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JAX | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JDC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JHC | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JL | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMA | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4JMB | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | | Vulnerable; migrate | | | | to any release in | | | | 12.4JA | | 12.4JX | Not vulnerable | | | | | Releases up to and | | | | including 12.4(21a)JX | | | | are not vulnerable. | |------------+-----------------------+-----------------------| | 12.4JY | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | 12.4MD | Not vulnerable | 12.4(24)MD6 on | | | | 28-Oct-2011 | |------------+-----------------------+-----------------------| | 12.4MDA | Not vulnerable | 12.4(24)MDA7 | |------------+-----------------------+-----------------------| | 12.4MDB | Not vulnerable | 12.4(24)MDB3 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | Releases up to and | organization per the | | 12.4MR | including 12.4(6)MR1 | instructions in the | | | are not vulnerable. | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4MRA | instructions in | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4MRB | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | 12.4SW | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | 12.4(24)T6 | 12.4(24)T6 | | 12.4T | | | | | 12.4(15)T16 | 12.4(15)T16 | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XA | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | 12.4XB | Not vulnerable | 12.4(2)XB12 | |------------+-----------------------+-----------------------| | | Vulnerable; First | | | 12.4XC | Fixed in Release | Not vulnerable | | | 12.4T | | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XD | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | Not vulnerable | | | | | | | 12.4XE | Vulnerable; First | Not vulnerable | | | Fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XF | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | Releases up to and | | | | including 12.4(9)XG1 | | | | are not vulnerable. | | | | | Vulnerable; First | | 12.4XG | Releases 12.4(9)XG3 | fixed in Release | | | and later are not | 12.4T | | | vulnerable. First | | | | fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | | Not vulnerable | | | | | | | 12.4XJ | Vulnerable; First | Not vulnerable | | | Fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | 12.4XK | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4XL | instructions in the | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | Releases up to and | | | | including 12.4(15)XM | | | | are not vulnerable. | | | | | Vulnerable; First | | 12.4XM | Releases 12.4(15)XM3 | fixed in Release | | | and later are not | 12.4T | | | vulnerable. First | | | | fixed in Release | | | | 12.4T | | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4XN | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4XP | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XQ | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XR | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 12.4XT | Not vulnerable | fixed in Release | | | | 12.4T | |------------+-----------------------+-----------------------| | 12.4XV | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4XW | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4XY | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4XZ | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 12.4YA | fixed in Release | fixed in Release | | | 12.4T | 12.4T | |------------+-----------------------+-----------------------| | | Vulnerable; contact | Vulnerable; contact | | | your support | your support | | | organization per the | organization per the | | 12.4YB | instructions in | instructions in the | | | Obtaining Fixed | Obtaining Fixed | | | Software section of | Software section of | | | this advisory. | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4YD | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; fixed in | | | | 12.4(22)YE6 on | | 12.4YE | Not vulnerable | 30-Sept-2011; 12.4 | | | | (24)YE7 available on | | | | 17-Oct-2011 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 12.4YG | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.0-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | 15.0M | 15.0(1)M7 | 15.0(1)M7 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0MRA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Not vulnerable | 15.0(1)S4 | | | | | | 15.0S | Cisco IOS XE devices: | Cisco IOS XE devices: | | | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.0SA | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | 15.0SE | Not vulnerable | Not vulnerable | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0SG | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 15.0XA | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | | Cisco IOS XE devices: | Cisco IOS XE devices: | | 15.0XO | See Cisco IOS-XE | See Cisco IOS-XE | | | Software Availability | Software Availability | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.1-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1EY | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | Vulnerable; First | Vulnerable; First | | 15.1GC | fixed in Release | fixed in Release | | | 15.1T | 15.1T | |------------+-----------------------+-----------------------| | 15.1M | 15.1(4)M1 | 15.1(4)M2; Available | | | | on 30-SEP-11 | |------------+-----------------------+-----------------------| | | | Vulnerable; contact | | | | your support | | | | organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed | | | | Software section of | | | | this advisory. | |------------+-----------------------+-----------------------| | | | 15.1(2)S2 | | | Not vulnerable | | | | | 15.1(3)S | | 15.1S | Cisco IOS XE devices: | | | | See Cisco IOS-XE | Cisco IOS XE devices: | | | Software Availability | See Cisco IOS-XE | | | | Software Availability | |------------+-----------------------+-----------------------| | | 15.1(2)T4 | 15.1(2)T4 15.1(1)T4 | | 15.1T | | on 8-Dec-2011 | | | 15.1(3)T2 | | |------------+-----------------------+-----------------------| | | | Vulnerable; First | | 15.1XB | 15.1(4)XB5 | fixed in Release | | | | 15.1T | |------------+-----------------------+-----------------------| | Affected | | First Fixed Release | | 15.2-Based | First Fixed Release | for All Advisories in | | Releases | | the September 2011 | | | | Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2 based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +------------------------------------------------------------+ | Cisco | First | First Fixed Release for All | | IOS XE | Fixed | Advisories in the September 2011 | | Release | Release | Bundled Publication | |----------+------------+------------------------------------| | 2.1.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.2.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.3.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.4.x | Not | Vulnerable; migrate to 3.3.2S or | | | Vulnerable | later | |----------+------------+------------------------------------| | 2.5.x | 3.1.3S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 2.6.x | 3.1.3S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.1.xS | 3.1.3S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.1.xSG | Not | Vulnerable; migrate to 3.2.0SG or | | | vulnerable | later | |----------+------------+------------------------------------| | 3.2.xS | 3.2.1S | Vulnerable; migrate to 3.3.2S or | | | | later | |----------+------------+------------------------------------| | 3.2.xSG | Not | Not vulnerable | | | vulnerable | | |----------+------------+------------------------------------| | 3.3.xS | Not | 3.3.2S | | | Vulnerable | | |----------+------------+------------------------------------| | 3.4.xS | Not | Not Vulnerable | | | Vulnerable | | +------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and Cisco IOS XE 3SG Release Notes. Cisco IOS XR System Software +--------------------------- Cisco IOS XR Software is not affected by any of the vulnerabilities in the September 2011 bundled publication. Workarounds =========== If the affected Cisco IOS device requires SIP for VoIP services, SIP cannot be disabled and no workarounds are available. Users are advised to apply mitigation techniques to help limit exposure to the vulnerabilities. Mitigation consists of allowing only legitimate devices to connect to affected devices. To increase effectiveness, the mitigation must be coupled with measures against spoofing on the network edge. This action is required because SIP can use UDP as the transport protocol. Additional mitigations that can be deployed on Cisco devices within the network are available in the companion document "Cisco Applied Mitigation Bulletin:Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products" at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20110928-voice.shtml. Disabling SIP Listening Ports +---------------------------- For devices that do not require SIP to be enabled, the simplest and most effective workaround is to disable SIP processing on the device. Some versions of Cisco IOS Software allow administrators to disable SIP with the following commands: sip-ua no transport udp no transport tcp no transport tcp tls Warning: When applying this workaround to devices that are processing Media Gateway Control Protocol (MGCP) or H.323 calls, the device will not stop SIP processing while active calls are being processed. Under these circumstances, this workaround should be implemented during a maintenance window when active calls can be briefly stopped. The "show udp connections", "show tcp brief all", and "show processes | include SIP" commands can be used to confirm that the SIP UDP and TCP ports are closed after applying this workaround. Depending on the Cisco IOS Software version in use, when SIP is disabled, the output from the "show ip sockets" command may still show the SIP ports open, but sending traffic to them will cause the SIP process to display the following message: *Jun 2 11:36:47.691: sip_udp_sock_process_read: SIP UDP Listener is DISABLED Control Plane Policing +--------------------- For devices that need to offer SIP services, it is possible to use Control Plane Policing (CoPP) to block SIP traffic to the device from untrusted sources. Cisco IOS Releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP may be configured on a device to protect the management and control planes to minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic sent to infrastructure devices in accordance with existing security policies and configurations. The following example can be adapted to specific network configurations: !-- The 192.168.1.0/24 network and the 172.16.1.1 host are trusted. !-- Everything else is not trusted. The following access list is used !-- to determine what traffic needs to be dropped by a control plane !-- policy (the CoPP feature): if the access list matches (permit) !-- then traffic will be dropped and if the access list does not !-- match (deny) then traffic will be processed by the router. access-list 100 deny udp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5060 access-list 100 deny tcp 192.168.1.0 0.0.0.255 any eq 5061 access-list 100 deny udp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5060 access-list 100 deny tcp host 172.16.1.1 any eq 5061 access-list 100 permit udp any any eq 5060 access-list 100 permit tcp any any eq 5060 access-list 100 permit tcp any any eq 5061 !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4 !-- traffic in accordance with existing security policies and !-- configurations for traffic that is authorized to be sent !-- to infrastructure devices. !-- Create a Class-Map for traffic to be policed by !-- the CoPP feature. class-map match-all drop-sip-class match access-group 100 !-- Create a Policy-Map that will be applied to the !-- Control-Plane of the device. policy-map control-plane-policy class drop-sip-class drop !-- Apply the Policy-Map to the Control-Plane of the !-- device. control-plane service-policy input control-plane-policy Note: Because SIP can use UDP as a transport protocol, it is possible to spoof the source address of an IP packet, which may bypass access control lists that permit communication to these ports from trusted IP addresses. In the preceding CoPP example, the access control entries (ACEs) that match the potential exploit packets with the permit action cause these packets to be discarded by the policy-map drop function, whereas packets that match the deny action (not shown) are not affected by the policy-map drop function. Additional information on the configuration and use of the CoPP feature can be found at http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html and http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt(a)cisco.com or security-alert(a)cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac(a)cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were discovered by Cisco during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce(a)cisco.com * first-bulletins(a)lists.first.org * bugtraq(a)securityfocus.com * vulnwatch(a)vulnwatch.org * cisco(a)spot.colorado.edu * cisco-nsp(a)puck.nether.net * full-disclosure(a)lists.grok.org.uk * comp.dcom.sys.cisco(a)newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.…. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2gACgkQQXnnBKKRMNDX3gD/UeN/lhANnUYaPYTJesK+CgTF Hnpss1asMqYlNes4DlgA/idrlbSx8cbkiX0rrhhHEkTNFRcVmvxA3gJhKq9s9GsO =XFrW -----END PGP SIGNATURE-----

1 0