SecurityHome.eu Security vulnerability: cisco-sa-20100324-tcp.txt

Home / vulnerabilities PDF

cisco-sa-20100324-tcp.txt
Posted on 24 March 2010
Source : packetstormsecurity.org Link

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS Software Crafted TCP Packet Denial
of Service Vulnerability

Advisory ID: cisco-sa-20100324-tcp

Revision 1.0

For Public Release 2010 March 24 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco IOS Software is affected by a denial of service vulnerability
that may allow a remote unauthenticated attacker to cause an affected
device to reload or hang. The vulnerability may be triggered by a TCP
segment containing crafted TCP options that is received during the
TCP session establishment phase. In addition to specific, crafted TCP
options, the device must have a special configuration to be affected
by this vulnerability.

Cisco has released free software updates that address this
vulnerability.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20100324-tcp.shtml

Note: The March 24, 2010, Cisco IOS Software Security Advisory
bundled publication includes seven Security Advisories. All the
advisories address vulnerabilities in Cisco IOS Software. Each
advisory lists the releases that correct the vulnerability or
vulnerabilities detailed in the advisory. The table at the following
URL lists releases that correct all Cisco IOS Software
vulnerabilities that have been published on March 24, 2010, or
earlier:

http://www.cisco.com/warp/public/707/cisco-sa-20100324-bundle.shtml

Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar10.html

Affected Products
=================

Vulnerable Products
+------------------

Vulnerable devices are running an affected version of Cisco IOS
Software, and are configured for any of the following:

* A specific TCP window size
* TCP path MTU discovery (PMTUD)
* Stateful Network Address Translation (SNAT) with TCP as the
transport protocol

Configurations Using a Specific TCP Window Size
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Devices configured to use a specific TCP receive window size for
connections originating on the device are affected by this
vulnerability. A device configured with a specific TCP receive window
size has the following command in its configuration:

ip tcp window-size <window size, from 0 to 1073741823>

If the TCP window size has not been explicitly configured with the
command "ip tcp window-size <window size, from 0 to 1073741823>" then
the device is not affected by the vulnerability.

Configurations Using Path MTU Discovery
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Devices configured to use PMTUD for TCP connections originating or
terminating on the device are also affected by this vulnerability.
Different Cisco IOS Software features may allow to enable or disable
PMTUD on a per-feature basis. The following list contains features
known to enable PMTUD for TCP connections:

* TCP over IPv4: the "ip tcp path-mtu-discovery" command enables
PMTUD for all new TCP over IPv4 connections from the device. This
command is disabled by default.
* TCP over IPv6: PMTUD is enabled by default for IPV6 and cannot be
disabled.
* Border Gateway Protocol (BGP): recent versions of Cisco IOS
Software (Cisco IOS Release 12.2(33)SRA, 12.2(31)SB, 12.2(33)SXH,
12.4(20)T and later releases) automatically enable PMTUD for all
BGP neighbor sessions when BGP is configured. Refer to:

http://www.cisco.com/en/US/docs/ios/12_2sr/12_2sra/feature/guide/srbgpmtu.html

for details.

Other features like generic routing encapsulation (GRE), IP-in-IP
tunneling, and Layer 2 Tunneling Protocol (L2TP) also allow the use
of PMTUD. However, these are not related to TCP services and
therefore are not affected by this vulnerability.

Configurations Using Stateful NAT with TCP as the Transport Protocol
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Devices configured to use SNAT are also affected by this
vulnerability. A device configured to use SNAT with TCP as the
transport protocol has the following commands in its configuration:

ip nat Stateful id <stateful NAT ID number>
redundancy <redundancy group name>
...
protocol tcp
!

Note that to be affected under an SNAT configuration scenario, the
SNAT transport protocol must be TCP. Recent versions of Cisco IOS
Software do not support the use of TCP as the SNAT transport protocol
(they only support UDP), in which case the use of SNAT does not make
a device vulnerable. SNAT is not enabled by default, and when SNAT is
configured, the default transport protocol is TCP if the Cisco IOS
Software release supports TCP as a transport protocol for SNAT.

Determining The Cisco IOS Software Version
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
"show version" command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name is displayed in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the "show version" command or may provide
different output.

The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:

Router#show version
Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih

<output truncated>

The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C1841-ADVENTERPRISEK9-M:

Router#show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team

<output truncated>

Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS Reference Guide"
at the following link:

http://www.cisco.com/warp/public/620/1.html

Products Confirmed Not Vulnerable
+--------------------------------

Cisco IOS XR Software is not affected.

Cisco IOS XE Software is not affected.

No other Cisco products are currently known to be affected by this
vulnerability.

Details
=======

Cisco IOS Software is affected by a denial of service vulnerability
that may allow a remote unauthenticated attacker to cause a device
reload or hang.

The vulnerability may only be triggered by a TCP segment received
during the TCP session establishment phase. The received TCP segment
must contain crafted, not malformed, TCP options. A TCP three-way
handshake does not need to be completed to exploit the vulnerability.

To be affected by this vulnerability, a device must be configured for
any of the following:

* A specific TCP receive window size
* PMTUD
* SNAT with TCP as the transport protocol

Refer to the Affected Products section for additional details on
these configurations.

The vulnerability exists in the TCP options processing code of Cisco
IOS Software. When the vulnerability is triggered, Cisco IOS Software
enters an infinite loop that may cause the device to reload or hang.
The following syslog messages may indicate that this vulnerability
has been exploited:

%SYS-3-CPUHOG: Task is running for (128004)msecs, more than (2000)msecs (23/1),process = IP Input.
-Traceback= 0x41CA6AC4 0x41C83170 0x41A22704 0x41F249D4 0x41A24A34 0x41B24C58
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IP Input.

This vulnerability is addressed by Cisco bug ID CSCsz75186 and has been
assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0577.

BGP Considerations
~~~~~~~~~~~~~~~~~~

This vulnerability could be exploited through the BGP port (TCP port
179) if all the following conditions are met:

* The device is configured for one or more of the features that
make a device affected, as explained above. Note that in recent
versions of Cisco IOS Software, configuring BGP automatically
enables PMTUD for all BGP neighbor sessions.
* The source IP address of an attack packet is the IP address of a
configured BGP peer.
* If the BGP TTL Security Hack (BTSH)/Generalized TTL Security
Mechanism (GTSM) is configured, the TTL of the received attack
packet is within the allowed TTL range.
* If the BGP peering session is protected by the TCP MD5 option,
the attack packet has the correct MD5 hash.

Vulnerability Scoring Details
=============================

Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding
CVSS at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

CSCsz75186 - TCP crash by watchdog timeout due to crafted TCP segment

CVSS Base Score - 7.1

Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete

CVSS Temporal Score - 5.9

Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed

Impact
======

Successful exploitation of the vulnerability may cause the affected
device to reload or hang. Repeated exploitation could result in a
sustained denial of service condition. In the case of a hang, cycling
power to the device may be required to put the device back in
service.

Software Versions and Fixes
===========================

When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.

Each row of the Cisco IOS software table (below) names a Cisco IOS
release train. If a given release train is vulnerable, then the
earliest possible releases that contain the fix (along with the
anticipated date of availability for each, if applicable) are listed
in the "First Fixed Release for this Advisory" column of the table.
The "First Fixed Release for all Advisories in 24 March 2010 Bundle
Publication" column indicates the earliest possible releases which
have fixes for all the published vulnerabilities in this Cisco IOS
Security Advisory bundled publication. Cisco recommends upgrading to
the latest available release where possible.

+-------------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed Release for | all Advisories in 24 |
| Releases | this Advisory | March 2010 Bundle |
| | | Publication |
|-------------------------------------------------------------------|
| There are no affected 12.0 based releases |
|-------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed Release for | all Advisories in 24 |
| Releases | this Advisory | March 2010 Bundle |
| | | Publication |
|-------------------------------------------------------------------|
| There are no affected 12.1 based releases |
|-------------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed Release for | all Advisories in 24 |
| Releases | this Advisory | March 2010 Bundle |
| | | Publication |
|------------+---------------------------+--------------------------|
| 12.2 | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | |
| | any release in 15.0M or a | Vulnerable; migrate to |
| 12.2B | fixed 12.4 release. | any release in 15.0M or |
| | Releases up to and | a fixed 12.4 release. |
| | including 12.2(4)B8 are | |
| | not vulnerable. | |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | |
| | any release in 15.0M or a | Vulnerable; migrate to |
| 12.2BC | fixed 12.4 release. | any release in 15.0M or |
| | Releases up to and | a fixed 12.4 release. |
| | including 12.2(4)BC1b are | |
| | not vulnerable. | |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2BW | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; first fixed | |
| | in 12.4 | Vulnerable; migrate to |
| 12.2BX | | any release in 15.0M or |
| | Releases up to and | a fixed 12.4 release. |
| | including 12.2(2)BX1 are | |
| | not vulnerable. | |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | |
| | any release in 15.0M or a | Vulnerable; migrate to |
| 12.2BY | fixed 12.4 | any release in 15.0M or |
| | release.Releases up to | a fixed 12.4 release. |
| | and including 12.2(2)BY3 | |
| | are not vulnerable. | |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2BZ | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2CX | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2CY | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| 12.2CZ | Vulnerable; migrate to | Vulnerable; migrate to |
| | any release in 12.2S | any release in 12.2SRE |
|------------+---------------------------+--------------------------|
| 12.2DA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2DD | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2DX | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| 12.2EW | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2EWA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | | Releases up to and |
| | | including 12.2(37)EX are |
| | | not vulnerable. |
| 12.2EX | Not Vulnerable | |
| | | Releases 12.2(44)EX and |
| | | later are not |
| | | vulnerable; first fixed |
| | | in 12.2SE |
|------------+---------------------------+--------------------------|
| | | Releases prior to 12.2 |
| 12.2EY | Not Vulnerable | (37)EY are vulnerable, |
| | | release 12.2(37)EY and |
| | | later are not vulnerable |
|------------+---------------------------+--------------------------|
| 12.2EZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2FX | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2FY | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2FZ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2IRA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SRC |
|------------+---------------------------+--------------------------|
| 12.2IRB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SRC |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IRD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXB | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXF | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXG | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2IXH | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | Releases up to and | Releases up to and |
| 12.2JA | including 12.2(4)JA1 are | including 12.2(4)JA1 are |
| | not vulnerable. | not vulnerable. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2JK | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| 12.2MB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; first fixed |
| 12.2MC | any release in 15.0M or a | in 12.4 |
| | fixed 12.4 release. | |
|------------+---------------------------+--------------------------|
| 12.2MRA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (30)S are vulnerable, |
| 12.2S | Not Vulnerable | release 12.2(30)S and |
| | | later are not |
| | | vulnerable; |
|------------+---------------------------+--------------------------|
| | | 12.2(33)SB8 |
| 12.2SB | Not Vulnerable | |
| | | 12.2(31)SB18; Available |
| | | on 24-MAR-10 |
|------------+---------------------------+--------------------------|
| 12.2SBC | Not Vulnerable | Vulnerable; migrate to |
| | | any release in 12.2SRE |
|------------+---------------------------+--------------------------|
| 12.2SCA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SCB |
|------------+---------------------------+--------------------------|
| 12.2SCB | Not Vulnerable | 12.2(33)SCB6 |
|------------+---------------------------+--------------------------|
| 12.2SCC | Not Vulnerable | 12.2(33)SCC1 |
|------------+---------------------------+--------------------------|
| 12.2SCD | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2SE | Not Vulnerable | 12.2(50)SE4; Available |
| | | on 25-MAR-10 |
|------------+---------------------------+--------------------------|
| 12.2SEA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2SEB | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2SEC | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2SED | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SE |
|------------+---------------------------+--------------------------|
| 12.2SEE | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SE |
|------------+---------------------------+--------------------------|
| 12.2SEF | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (25)SEG4 are vulnerable, |
| 12.2SEG | Not Vulnerable | release 12.2(25)SEG4 and |
| | | later are not |
| | | vulnerable; first fixed |
| | | in 12.2SE |
|------------+---------------------------+--------------------------|
| | | Releases up to 12.2(31) |
| | | SG1 are not vulnerable; |
| 12.2SG | Not Vulnerable | releases 12.2(40)SG and |
| | | later are not |
| | | vulnerable. |
|------------+---------------------------+--------------------------|
| 12.2SGA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2SL | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2SM | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SO | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| 12.2SQ | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2SRA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SRD |
|------------+---------------------------+--------------------------|
| 12.2SRB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SRD |
|------------+---------------------------+--------------------------|
| 12.2SRC | Not Vulnerable | 12.2(33)SRC5 |
|------------+---------------------------+--------------------------|
| 12.2SRD | Not Vulnerable | 12.2(33)SRD3 |
|------------+---------------------------+--------------------------|
| 12.2SRE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| 12.2STE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2SU | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Releases up to and |
| 12.2SV | Not Vulnerable | including 12.2(18)SV2 |
| | | are not vulnerable. |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SVA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SVC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SVD | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2SVE | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Releases up to and |
| | | including 12.2(25)SW3 |
| | | are not vulnerable. |
| 12.2SW | Not Vulnerable | |
| | | Releases 12.2(25)SW12 |
| | | and later are not |
| | | vulnerable; first fixed |
| | | in 15.0M |
|------------+---------------------------+--------------------------|
| 12.2SX | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SXF |
|------------+---------------------------+--------------------------|
| 12.2SXA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SXF |
|------------+---------------------------+--------------------------|
| 12.2SXB | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SXF |
|------------+---------------------------+--------------------------|
| 12.2SXD | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SXF |
|------------+---------------------------+--------------------------|
| 12.2SXE | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SXF |
|------------+---------------------------+--------------------------|
| 12.2SXF | Not Vulnerable | 12.2(18)SXF17a |
|------------+---------------------------+--------------------------|
| 12.2SXH | Not Vulnerable | 12.2(33)SXH6 |
|------------+---------------------------+--------------------------|
| | | 12.2(33)SXI2a |
| 12.2SXI | Not Vulnerable | |
| | | 12.2(33)SXI3 |
|------------+---------------------------+--------------------------|
| 12.2SY | Not Vulnerable | Vulnerable; migrate to |
| | | any release in 12.2SRE |
|------------+---------------------------+--------------------------|
| 12.2SZ | Not Vulnerable | Vulnerable; migrate to |
| | | any release in 12.2SRE |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | |
| | any release in 15.0M or a | Vulnerable; migrate to |
| 12.2T | fixed 12.4 | any release in 15.0M or |
| | release.Releases up to | a fixed 12.4 release. |
| | and including 12.2(4)T7 | |
| | are not vulnerable. | |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2TPC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XA | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XB | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XC | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XD | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| 12.2XE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XF | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XG | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XH | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XI | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2XJ | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2XK | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2XL | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2XM | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (33)XN1 are vulnerable, |
| 12.2XN | Not Vulnerable | release 12.2(33)XN1 and |
| | | later are not |
| | | vulnerable; first fixed |
| | | in 12.2SRC |
|------------+---------------------------+--------------------------|
| 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+--------------------------|
| 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+--------------------------|
| 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+--------------------------|
| 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+--------------------------|
| 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+--------------------------|
| 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+---------------------------+--------------------------|
| 12.2XO | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XQ | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | |
| | any release in 15.0M or a | Vulnerable; migrate to |
| 12.2XR | fixed 12.4 | any release in 15.0M or |
| | release.Releases up to | a fixed 12.4 release. |
| | and including 12.2(4)XR | |
| | are not vulnerable. | |
|------------+---------------------------+--------------------------|
| 12.2XS | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XT | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XU | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | | Vulnerable; migrate to |
| 12.2XV | Not Vulnerable | any release in 15.0M or |
| | | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2XW | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2YA | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YC | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| 12.2YE | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YF | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YG | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YH | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YJ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| 12.2YK | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2YM | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YN | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YO | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | |
| | any release in 15.0M or a | Vulnerable; migrate to |
| 12.2YP | fixed 12.4 | any release in 15.0M or |
| | release.Releases up to | a fixed 12.4 release. |
| | and including 12.2(8)YP | |
| | are not vulnerable. | |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YQ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YR | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| 12.2YS | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YT | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YU | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YV | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YW | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YX | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2YY | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2YZ | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| 12.2ZA | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SXF |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZD | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2ZE | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2ZF | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2ZG | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.2ZH | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZJ | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.2ZP | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| 12.2ZU | Not Vulnerable | Vulnerable; first fixed |
| | | in 12.2SXH |
|------------+---------------------------+--------------------------|
| 12.2ZX | Not Vulnerable | Vulnerable; migrate to |
| | | any release in 12.2SRE |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZY | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| | | Vulnerable; Contact your |
| | | support organization per |
| 12.2ZYA | Not Vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this advisory |
|------------+---------------------------+--------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed Release for | all Advisories in 24 |
| Releases | this Advisory | March 2010 Bundle |
| | | Publication |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.3 | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.3B | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| 12.3BC | Vulnerable; migrate to | Vulnerable; first fixed |
| | any release in 12.2SCB | in 12.2SCB |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.3BW | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| 12.3EU | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Releases prior to 12.3 |
| | support organization per | (11)JA5 are vulnerable, |
| 12.3JA | the instructions in | release 12.3(11)JA5 and |
| | Obtaining Fixed Software | later are not vulnerable |
| | section of this advisory | |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Releases prior to 12.3 |
| | support organization per | (8)JEA4 are vulnerable, |
| 12.3JEA | the instructions in | release 12.3(8)JEA4 and |
| | Obtaining Fixed Software | later are not vulnerable |
| | section of this advisory | |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Releases prior to 12.3 |
| | support organization per | (8)JEB2 are vulnerable, |
| 12.3JEB | the instructions in | release 12.3(8)JEB2 and |
| | Obtaining Fixed Software | later are not vulnerable |
| | section of this advisory | |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3JEC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3JED | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.3JK | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3JL | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3JX | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.3T | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3TPC | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| 12.3VA | Not Vulnerable | Not Vulnerable |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.3XA | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; Contact your | Vulnerable; Contact your |
| | support organization per | support organization per |
| 12.3XB | the instructions in | the instructions in |
| | Obtaining Fixed Software | Obtaining Fixed Software |
| | section of this advisory | section of this advisory |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.3XC | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| | Vulnerable; migrate to | Vulnerable; migrate to |
| 12.3XD | any release in 15.0M or a | any release in 15.0M or |
| | fixed 12.4 release. | a fixed 12.4 release. |
|------------+---------------------------+--------------------------|
| |

TOP

Malware :

Last 20

Exploits :

Last 20