SecurityHome.eu Security vulnerability: Cisco Security Advisory 20120328-pai

Home / vulnerabilities PDF

Cisco Security Advisory 20120328-pai
Posted on 29 March 2012
Source : packetstormsecurity.org Link

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS Software Command Authorization Bypass

Advisory ID: cisco-sa-20120328-pai

Revision 1.0

For Public Release 2012 March 28 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability exists in the Cisco IOS Software that may allow a
remote application or device to exceed its authorization level when
authentication, authorization, and accounting (AAA) authorization is
used. This vulnerability requires that the HTTP or HTTPS server is
enabled on the Cisco IOS device.

Products that are not running Cisco IOS Software are not vulnerable.

Cisco has released free software updates that address these
vulnerabilities.

The HTTP server may be disabled as a workaround for the vulnerability
described in this advisory.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-pai

Note: The March 28, 2012, Cisco IOS Software Security Advisory
bundled publication includes nine Cisco Security Advisories. Each
advisory lists the Cisco IOS Software releases that correct the
vulnerability or vulnerabilities detailed in the advisory as well as
the Cisco IOS Software releases that correct all vulnerabilities in
the March 2012 bundled publication.

Individual publication links are in "Cisco Event Response:
Semi-Annual Cisco IOS Software Security Advisory Bundled Publication"
at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar12.html

Affected Products
=================

Vulnerable Products
+------------------

Any device running Cisco IOS Software release after 12.2 that has an
HTTP or HTTPS server configured is affected by this vulnerability if
AAA authorization is used.
To determine if an HTTP or HTTP server is configured with an HTTP or
HTTPS server, issue the show ip http server status | include status
command. The following example illustrates a Cisco IOS device with an
HTTPS server enabled and the HTTP server disabled.

Router> show ip http server status | include status
HTTP server status: Disabled
HTTP secure server status: Enabled

To determine if AAA authorization is used, an administrator can log
in to the device and issue the show run | include aaa authorization
command in privileged EXEC mode. If there is an entry that shows aaa
authorization commands, as shown in the following example, then AAA
authorization is configured.

Router# show run | include aaa authorization commands
aaa authorization commands 0 default local group tacacs+
aaa authorization commands 1 default group tacacs+
aaa authorization commands 15 default local

To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
show version command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the show version command or may provide
different output.

The following example identifies a Cisco product that is running
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:

Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated

Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS and NX-OS
Software Reference Guide" at:
http://www.cisco.com/web/about/security/intelligence/ios-ref.html

Products Confirmed Not Vulnerable
+--------------------------------

If you are not running Cisco IOS or IOS XE software, you are not
affected by this vulnerability. Devices that are not using AAA
authorization or that do not have an HTTP or HTTPS server configured
are not affected by this vulnerability.

Cisco IOS XR is not affected by this vulnerability.

No other Cisco products are currently known to be affected by this
vulnerability.

Details
=======

Cisco IOS allows remote applications to administer and monitor
devices running Cisco IOS Software over an HTTP or HTTPS connection.

A vulnerability exists that may allow the Cisco IOS command
authorization to be bypassed, allowing a remote, authenticated HTTP
or HTTPS session to execute any Cisco IOS command that is configured
for their authorization level. This vulnerability does not allow
unauthenticated access; a valid username and password are required to
successfully exploit this vulnerability. Additionally, the
vulnerability does not allow a user to execute commands that are not
configured for their privilege level.

The HTTP server is enabled by default for cluster configurations and
on the following Cisco switches: Catalyst 3700 series, Catalyst 3750
series, Catalyst 3550 series, Catalyst 3560 series, and Catalyst 2950
series.

More information on AAA authorization can be found at:
http://www.cisco.com/en/US/docs/ios/12_2t/secure/command/reference/sftauth.html

Releases of Cisco IOS Software after release 12.2 are potentially
vulnerable. Please refer to the release table below for more
information.

This vulnerability is documented as Cisco Bug ID CSCtr91106
and has been assigned Common Vulnerabilities and Exposures (CVE) ID
CVE-2012-0384.

Vulnerability Scoring Details
=============================

Cisco has scored the vulnerability in this advisory based on the
Common Vulnerability Scoring System (CVSS). The CVSS scoring in this
security advisory is in accordance with CVSS version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability
severity and helps organizations determine the urgency and priority
of a response.

Cisco has provided a base and temporal score. Customers can also
compute environmental scores that help determine the impact of the
vulnerability in their own networks.

Cisco has provided additional information regarding CVSS at the
following link:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to compute the
environmental impact for individual networks at the following link:

http://intellishield.cisco.com/security/alertmanager/cvss

* Command Authorization Fails for commands delivered over HTTP

CVSS Base Score - 8.5
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete

CVSS Temporal Score - 7.0
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed

Impact
======

Successful exploitation of the vulnerability may allow the Cisco IOS
command authorization to be bypassed, allowing a remote,
authenticated HTTP or HTTPS session to execute any Cisco IOS command
that is configured for its authorization level.

Software Versions and Fixes
===========================

When considering software upgrades, customers are advised to consult
the Cisco Security Advisories and Responses archive at:
http://www.cisco.com/go/psirt and review subsequent advisories to determine
exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and
software configurations will continue to be supported properly by the
new release. If the information is not clear, customers are advised
to contact the Cisco Technical Assistance Center (TAC) or their
contracted maintenance providers.

Cisco IOS Software
+-----------------

Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release column. The First Fixed Release for All Advisories in the
March 2012 Bundled Publication column lists the earliest possible
releases that correct all the published vulnerabilities in the Cisco
IOS Software Security Advisory bundled publication. Cisco recommends
upgrading to the latest available release, where possible.

The Cisco IOS Software Checker allows customers to search for Cisco
Security Advisories that address specific Cisco IOS Software
releases. This tool is available on the Cisco Security Intelligence
Operations (SIO) portal at:
http://tools.cisco.com/security/center/selectIOSVersion.x

+------------------------------------------+
| Major | Availability of |
| Release | Repaired Releases |
|------------+-----------------------------|
| | | First Fixed |
| | | Release for |
| | | All |
| | | Advisories |
| Affected | First Fixed | in the March |
| 12.0-Based | Release | 2012 Cisco |
| Releases | | IOS Software |
| | | Security |
| | | Advisory |
| | | Bundled |
| | | Publication |
|------------------------------------------|
| There are no affected 12.0 based |
| releases |
|------------------------------------------|
| | | First Fixed |
| | | Release for |
| | | All |
| | | Advisories |
| Affected | First Fixed | in the March |
| 12.2-Based | Release | 2012 Cisco |
| Releases | | IOS Software |
| | | Security |
| | | Advisory |
| | | Bundled |
| | | Publication |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2 | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2B | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2BC | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2BW | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2BX | Not | First fixed |
| | vulnerable | in Release |
| | | 12.2SB |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2BY | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2BZ | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2CX | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2CY | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2CZ | Not | First fixed |
| | vulnerable | in Release |
| | | 12.0S |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2DA | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2DD | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2DX | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2EU | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | Vulnerable; | |
| | contact your | |
| | support | |
| | organization | Vulnerable; |
| | per the | contact your |
| | instructions | support |
| | in Obtaining | organization |
| | Fixed | per the |
| 12.2EW | Software | instructions |
| | section of | in Obtaining |
| | this | Fixed |
| | advisory. | Software |
| | Releases up | section of |
| | to and | this |
| | including | advisory. |
| | 12.2(20)EWA4 | |
| | are not | |
| | vulnerable. | |
|------------+--------------+--------------|
| | Vulnerable; | |
| | contact your | |
| | support | |
| | organization | Vulnerable; |
| | per the | contact your |
| | instructions | support |
| | in Obtaining | organization |
| | Fixed | per the |
| 12.2EWA | Software | instructions |
| | section of | in Obtaining |
| | this | Fixed |
| | advisory. | Software |
| | Releases up | section of |
| | to and | this |
| | including | advisory. |
| | 12.2(20)EWA4 | |
| | are not | |
| | vulnerable. | |
|------------+--------------+--------------|
| | Vulnerable; | |
| | First fixed | |
| | in Release | |
| | 15.0SE | Vulnerable; |
| 12.2EX | Releases up | First fixed |
| | to and | in Release |
| | including | 15.0SE |
| | 12.2(25)EX1 | |
| | are not | |
| | vulnerable. | |
|------------+--------------+--------------|
| 12.2EY | 12.2(52)EY4 | 12.2(52)EY4 |
| | 12.2(58)EY2 | |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2EZ | First fixed | First fixed |
| | in Release | in Release |
| | 15.0SE | 15.0SE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2FX | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SE | 15.0SE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2FY | First fixed | First fixed |
| | in Release | in Release |
| | 15.0SE | 15.0SE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2FZ | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SE | 15.0SE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2IRA | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SRD | 12.2SRE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2IRB | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SRD | 12.2SRE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2IRC | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SRD | 12.2SRE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2IRD | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SRD | 12.2SRE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2IRE | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SRD | 12.2SRE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2IRF | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SRD | 12.2SRE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| | contact your | contact your |
| | support | support |
| | organization | organization |
| | per the | per the |
| 12.2IRG | instructions | instructions |
| | in Obtaining | in Obtaining |
| | Fixed | Fixed |
| | Software | Software |
| | section of | section of |
| | this | this |
| | advisory. | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2IRH | 12.2(33)IRH1 | instructions |
| | | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2IXA | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2IXB | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2IXC | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2IXD | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2IXE | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2IXF | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2IXG | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2IXH | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| 12.2JA | Not | Not |
| | vulnerable | vulnerable |
|------------+--------------+--------------|
| 12.2JK | Not | Not |
| | vulnerable | vulnerable |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2MB | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2MC | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2MRA | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SRD | 12.2SRE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| | contact your | contact your |
| | support | support |
| | organization | organization |
| | per the | per the |
| 12.2MRB | instructions | instructions |
| | in Obtaining | in Obtaining |
| | Fixed | Fixed |
| | Software | Software |
| | section of | section of |
| | this | this |
| | advisory. | advisory. |
|------------+--------------+--------------|
| | | Releases |
| | | prior to |
| | | 12.2(30)S |
| | | are |
| | | vulnerable; |
| | Not | Releases |
| 12.2S | vulnerable | 12.2(30)S |
| | | and later |
| | | are not |
| | | vulnerable. |
| | | First fixed |
| | | in Release |
| | | 12.0S |
|------------+--------------+--------------|
| 12.2SB | 12.2(33)SB12 | 12.2(33)SB12 |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2SBC | Not | First fixed |
| | vulnerable | in Release |
| | | 12.2SRE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SCA | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SCE | 12.2SCE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SCB | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SCE | 12.2SCE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SCC | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SCE | 12.2SCE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SCD | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SCE | 12.2SCE |
|------------+--------------+--------------|
| 12.2SCE | 12.2(33)SCE5 | 12.2(33)SCE6 |
|------------+--------------+--------------|
| 12.2SCF | 12.2(33)SCF2 | 12.2(33)SCF2 |
|------------+--------------+--------------|
| | | |
| 12.2SE | 12.2(55)SE5 | 12.2(55)SE5 |
| | | * |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SEA | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SE | 15.0SE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SEB | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SE | 15.0SE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SEC | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SE | 15.0SE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SED | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SE | 15.0SE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SEE | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SE | 15.0SE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SEF | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SE | 15.0SE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SEG | First fixed | First fixed |
| | in Release | in Release |
| | 15.0SE | 15.0SE |
|------------+--------------+--------------|
| | 12.2(53)SG7; | 12.2(53)SG7; |
| 12.2SG | Available on | Available on |
| | 07-MAY-12 | 07-MAY-12 |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | Vulnerable; | per the |
| 12.2SGA | First fixed | instructions |
| | in Release | in Obtaining |
| | 12.2SG | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| 12.2SL | Not | Not |
| | vulnerable | vulnerable |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SM | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SO | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| | contact your | contact your |
| | support | support |
| | organization | organization |
| | per the | per the |
| 12.2SQ | instructions | instructions |
| | in Obtaining | in Obtaining |
| | Fixed | Fixed |
| | Software | Software |
| | section of | section of |
| | this | this |
| | advisory. | advisory. |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SRA | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SRD | 12.2SRE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SRB | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SRD | 12.2SRE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2SRC | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SRD | 12.2SRE |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2SRD | 12.2(33)SRD8 | First fixed |
| | | in Release |
| | | 12.2SRE |
|------------+--------------+--------------|
| 12.2SRE | 12.2(33)SRE6 | 12.2(33)SRE6 |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| | contact your | contact your |
| | support | support |
| | organization | organization |
| | per the | per the |
| 12.2STE | instructions | instructions |
| | in Obtaining | in Obtaining |
| | Fixed | Fixed |
| | Software | Software |
| | section of | section of |
| | this | this |
| | advisory. | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2SU | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Releases up |
| | | to and |
| 12.2SV | Not | including |
| | vulnerable | 12.2(18)SV2 |
| | | are not |
| | | vulnerable. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SVA | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SVC | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SVD | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SVE | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2SW | Not | First fixed |
| | vulnerable | in Release |
| | | 12.4T |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SX | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SXA | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SXB | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SXD | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SXE | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2SXF | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| | contact your | contact your |
| | support | support |
| | organization | organization |
| | per the | per the |
| 12.2SXH | instructions | instructions |
| | in Obtaining | in Obtaining |
| | Fixed | Fixed |
| | Software | Software |
| | section of | section of |
| | this | this |
| | advisory. | advisory. |
|------------+--------------+--------------|
| 12.2SXI | 12.2(33)SXI9 | 12.2(33)SXI9 |
|------------+--------------+--------------|
| 12.2SXJ | 12.2(33)SXJ2 | 12.2(33)SXJ2 |
|------------+--------------+--------------|
| | 12.2(50)SY2; | |
| | Available on | |
| | 11-JUN-12 | |
| | Releases up | 12.2(50)SY2; |
| 12.2SY | to and | Available on |
| | including | 11-JUN-12 |
| | 12.2(14)SY5 | |
| | are not | |
| | vulnerable. | |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2SZ | Not | First fixed |
| | vulnerable | in Release |
| | | 12.0S |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2T | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2TPC | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XA | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XB | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XC | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XD | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XE | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XF | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XG | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XH | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XI | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XJ | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XK | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XL | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XM | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | Please see | Please see |
| 12.2XNA | Cisco IOS-XE | Cisco IOS-XE |
| | Software | Software |
| | Availability | Availability |
|------------+--------------+--------------|
| | Please see | Please see |
| 12.2XNB | Cisco IOS-XE | Cisco IOS-XE |
| | Software | Software |
| | Availability | Availability |
|------------+--------------+--------------|
| | Please see | Please see |
| 12.2XNC | Cisco IOS-XE | Cisco IOS-XE |
| | Software | Software |
| | Availability | Availability |
|------------+--------------+--------------|
| | Please see | Please see |
| 12.2XND | Cisco IOS-XE | Cisco IOS-XE |
| | Software | Software |
| | Availability | Availability |
|------------+--------------+--------------|
| | Please see | Please see |
| 12.2XNE | Cisco IOS-XE | Cisco IOS-XE |
| | Software | Software |
| | Availability | Availability |
|------------+--------------+--------------|
| | Please see | Please see |
| 12.2XNF | Cisco IOS-XE | Cisco IOS-XE |
| | Software | Software |
| | Availability | Availability |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | Vulnerable; | per the |
| 12.2XO | First fixed | instructions |
| | in Release | in Obtaining |
| | 12.2SG | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XQ | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Releases |
| | | prior to |
| | | 12.2(15)XR |
| | | are |
| | | vulnerable; |
| | Not | Releases |
| 12.2XR | vulnerable | 12.2(15)XR |
| | | and later |
| | | are not |
| | | vulnerable. |
| | | First fixed |
| | | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XS | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XT | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XU | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XV | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2XW | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2YA | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2YC | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2YD | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2YE | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2YK | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2YO | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | First fixed |
| | | in Release |
| | | 15.0M |
| 12.2YP | Not | Releases up |
| | vulnerable | to and |
| | | including |
| | | 12.2(8)YP |
| | | are not |
| | | vulnerable. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2YT | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2YW | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2YX | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2YY | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2YZ | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2ZA | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2ZB | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2ZC | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2ZD | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2ZE | Not | First fixed |
| | vulnerable | in Release |
| | | 15.0M |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.2ZH | First fixed | First fixed |
| | in Release | in Release |
| | 12.4 | 15.0M |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2ZJ | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2ZP | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2ZU | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| 12.2ZX | Not | First fixed |
| | vulnerable | in Release |
| | | 12.2SRE |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2ZY | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | Vulnerable; |
| | | contact your |
| | | support |
| | | organization |
| | | per the |
| 12.2ZYA | Not | instructions |
| | vulnerable | in Obtaining |
| | | Fixed |
| | | Software |
| | | section of |
| | | this |
| | | advisory. |
|------------+--------------+--------------|
| | | First Fixed |
| | | Release for |
| | | All |
| | | Advisories |
| Affected | First Fixed | in the March |
| 12.3-Based | Release | 2012 Cisco |
| Releases | | IOS Software |
| | | Security |
| | | Advisory |
| | | Bundled |
| | | Publication |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.3 | First fixed | First fixed |
| | in Release | in Release |
| | 12.4 | 15.0M |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.3B | First fixed | First fixed |
| | in Release | in Release |
| | 12.4 | 15.0M |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.3BC | First fixed | First fixed |
| | in Release | in Release |
| | 12.2SCE | 12.2SCE |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.3BW | First fixed | First fixed |
| | in Release | in Release |
| | 12.4 | 15.0M |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| 12.3JA | First fixed | First fixed |
| | in Release | in Release |
| | 12.4JA | 12.4JA |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| | contact your | contact your |
| | support | support |
| | organization | organization |
| | per the | per the |
| 12.3JEA | instructions | instructions |
| | in Obtaining | in Obtaining |
| | Fixed | Fixed |
| | Software | Software |
| | section of | section of |
| | this | this |
| | advisory. | advisory. |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| | contact your | contact your |
| | support | support |
| | organization | organization |
| | per the | per the |
| 12.3JEB | instructions | instructions |
| | in Obtaining | in Obtaining |
| | Fixed | Fixed |
| | Software | Software |
| | section of | section of |
| | this | this |
| | advisory. | advisory. |
|------------+--------------+--------------|
| | Vulnerable; | Vulnerable; |
| | contact your | contact your |
| | support | support |
| | organization | organization |
| | per the | per the |
| 12.3JEC | instructions | instructions |
| | in Obtaining | in Obtaining |
| | Fixed | Fixed |
| | Software | Software |
| | section of | section of |
| | this | this |
| | advisory. | advisory.

TOP

Malware :

Last 20

Exploits :

Last 20