SecurityHome.eu Security vulnerability: Cisco Security Advisory 20110928-ipv6

Home / vulnerabilities PDF

Cisco Security Advisory 20110928-ipv6
Posted on 29 September 2011
Source : packetstormsecurity.org Link

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service
Vulnerability

Advisory ID: cisco-sa-20110928-ipv6

Revision 1.0

For Public Release 2011 September 28 1600 UTC (GMT)

+--------------------------------------------------------------------

Summary
=======

Cisco IOS Software contains a vulnerability in the IP version 6
(IPv6) protocol stack implementation that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device that has IPv6 enabled. The vulnerability may be triggered when
the device processes a malformed IPv6 packet.

Cisco has released free software updates that address this
vulnerability. There are no workarounds to mitigate this
vulnerability.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml.

Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.

Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html

Affected Products
=================

This vulnerability affects devices that are running Cisco IOS
Software and configured for IPv6 operation. IPv6 is not enabled by
default in Cisco IOS Software.

Vulnerable Products
+------------------

Cisco devices that are running an affected version of Cisco IOS
Software and configured for IPv6 operation are vulnerable. A device
that is running Cisco IOS Software and that has IPv6 enabled will
show some interfaces with assigned IPv6 addresses when the "show ipv6
interface brief" command is executed.

The "show ipv6 interface brief" command will produce an error message
if the version of Cisco IOS Software in use does not support IPv6, or
will not show any interfaces with IPv6 address if IPv6 is disabled.
The system is not vulnerable in these scenarios.

Sample output of the "show ipv6 interface brief" command on a system
that is configured for IPv6 operation follows:

router>show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::222:90FF:FEB0:1098
2001:DB8:2:93::3
200A:1::1
FastEthernet0/1 [up/up]
FE80::222:90FF:FEB0:1099
2001:DB8:2:94::1
Serial0/0/0 [down/down]
unassigned
Serial0/0/0.4 [down/down]
unassigned
Serial0/0/0.5 [down/down]
unassigned
Serial0/0/0.6 [down/down]
unassigned

Alternatively, the IPv6 protocol is enabled if the interface
configuration command "ipv6 address <IPv6 address>" or "ipv6 enable"
is present in the configuration. Both may be present, as shown in the
vulnerable configuration in the following example shows:

interface FastEthernet0/1
ipv6 address 2001:0DB8:C18:1::/64 eui-64
!
interface FastEthernet0/2
ipv6 enable

A device that is running Cisco IOS Software and that has IPv6 enabled
on a physical or logical interface is vulnerable even if ipv6
unicast-routing is globally disabled (that is, the device is not
routing IPv6 packets).

To determine the Cisco IOS Software release that is running on a Cisco
product, administrators can log in to the device and issue the "show
version" command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or "Cisco
IOS Software." The image name displays in parentheses, followed by
"Version" and the Cisco IOS Software release name. Other Cisco devices
do not have the "show version" command or may provide different output.

The following example identifies a Cisco product that is running
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:

Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team

!--- output truncated

Additional information about Cisco IOS Software release
naming conventions is available in the white paper Cisco
IOS and NX-OS Software Reference Guide available at
http://www.cisco.com/web/about/security/intelligence/ios-ref.html.

Products Confirmed Not Vulnerable
+--------------------------------

Cisco IOS XR Software and Cisco IOS XE Software are not affected by
this vulnerability.

No other Cisco products are currently known to be affected by this
vulnerability.

Details
=======

IPv6, which was designed by the Internet Engineering Task Force
(IETF), is intended to replace the current version, IP Version 4
(IPv4).

A vulnerability exists when Cisco IOS Software processes IPv6
packets. An attacker could exploit this vulnerability by sending
malformed IPv6 packets to physical or logical interfaces that are
configured to process IPv6 traffic. Transit traffic cannot trigger
this vulnerability. Exploitation could cause an affected system to
reload.

This vulnerability is documented in Cisco bug ID CSCtj41194, and
has been assigned Common Vulnerabilities and Exposures (CVE) ID
CVE-2011-0944.

Vulnerability Scoring Details
=============================

Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding
CVSS at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

* CSCtj41194 ("Crafted IPv6 packet causes device reload")

CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete

CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed

Impact
======

Successful exploitation of the vulnerability that is described in
this advisory may cause a reload of an affected device. Repeated
exploitation could result in a sustained denial of service condition.

Software Versions and Fixes
===========================

When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.

Additionally, the Cisco IOS Software Checker is available on
the Cisco Security Intelligence Operations (SIO) portal at
http://tools.cisco.com/security/center/selectIOSVersion.x. It provides
several features for checking which Security Advisories affect specified
versions of Cisco IOS Software.

Cisco IOS Software
+-----------------

Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2011 Bundled Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.

+------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+-----------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.0 based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 12.1E | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 12.2 | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2B | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2BC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2BW | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2BX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2BY | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2BZ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2CX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2CY | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2CZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2DA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2DD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2DX | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2EU | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Releases up to and |
| 12.2EW | Not vulnerable | including 12.2(20)EW4 |
| | | are not vulnerable. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2EWA | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+--------------------+--------------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
|------------+--------------------+--------------------------|
| 12.2EZ | Not vulnerable | Vulnerable; migrate to |
| | | any release in 15.0SE |
|------------+--------------------+--------------------------|
| 12.2FX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2FY | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2EX |
|------------+--------------------+--------------------------|
| 12.2FZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2IRA | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| 12.2IRB | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| 12.2IRC | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IRD | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IRE | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2IRF | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| 12.2IRG | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXB | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXC | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXD | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXE | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXF | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXG | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXH | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2JA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2JK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2MB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2MC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2MRA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2MRB | Not vulnerable | 12.2(33)MRB5 |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (30)S are vulnerable; |
| 12.2S | Not vulnerable | Releases 12.2(30)S and |
| | | later are not |
| | | vulnerable. First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2SB | Not vulnerable | 12.2(31)SB2012.2(33)SB10 |
|------------+--------------------+--------------------------|
| 12.2SBC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2SCA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SCC |
|------------+--------------------+--------------------------|
| 12.2SCB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SCC |
|------------+--------------------+--------------------------|
| 12.2SCC | Not vulnerable | 12.2(33)SCC7 |
|------------+--------------------+--------------------------|
| 12.2SCD | Not vulnerable | 12.2(33)SCD6 |
|------------+--------------------+--------------------------|
| 12.2SCE | Not vulnerable | 12.2(33)SCE112.2(33)SCE2 |
|------------+--------------------+--------------------------|
| 12.2SCF | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SE | Not vulnerable | 12.2(55)SE312.2(58)SE |
|------------+--------------------+--------------------------|
| 12.2SEA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SED | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEE | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEF | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (25)SEG4 are vulnerable; |
| 12.2SEG | Not vulnerable | Releases 12.2(25)SEG4 |
| | | and later are not |
| | | vulnerable. First fixed |
| | | in Release 12.2EX |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (53)SG4 are vulnerable; |
| 12.2SG | Not vulnerable | Releases 12.2(53)SG4 and |
| | | later are not |
| | | vulnerable. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2SGA | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2SL | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2SM | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2SO | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SQ | Not vulnerable | 12.2(50)SQ3 |
|------------+--------------------+--------------------------|
| 12.2SRA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2SRB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2SRC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2SRD | Not vulnerable | 12.2(33)SRD6 |
|------------+--------------------+--------------------------|
| 12.2SRE | Not vulnerable | 12.2(33)SRE4 |
|------------+--------------------+--------------------------|
| 12.2STE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SU | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (29a)SV are vulnerable; |
| 12.2SV | Not vulnerable | Releases 12.2(29a)SV and |
| | | later are not |
| | | vulnerable. Migrate to |
| | | any release in 12.2SVD |
|------------+--------------------+--------------------------|
| 12.2SVA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SVC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SVD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SVE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2SW | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2SX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXD | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXE | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXF | Not vulnerable | 12.2(18)SXF17b |
|------------+--------------------+--------------------------|
| 12.2SXH | Not vulnerable | 12.2(33)SXH8a |
|------------+--------------------+--------------------------|
| 12.2SXI | Not vulnerable | 12.2(33)SXI6 |
|------------+--------------------+--------------------------|
| 12.2SXJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SY | Not vulnerable | 12.2(50)SY |
|------------+--------------------+--------------------------|
| 12.2SZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2T | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2TPC | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2XA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2XC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XF | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XG | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XH | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XI | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XL | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XM | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XN | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNA | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNB | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNC | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XND | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNE | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNF | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (54)XO are vulnerable; |
| 12.2XO | Not vulnerable | Releases 12.2(54)XO and |
| | | later are not |
| | | vulnerable. |
|------------+--------------------+--------------------------|
| 12.2XQ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XR | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XS | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XT | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XU | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XV | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XW | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2YB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YF | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YG | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YH | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YJ | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2YK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YL | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2YM | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YN | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2YO | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YP | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YQ | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YS | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YT | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YU | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YV | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YW | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YX | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YY | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YZ | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2ZA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZB | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2ZC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZE | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2ZF | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2ZG | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZH | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2ZJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZL | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2ZP | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZU | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXH |
|------------+--------------------+--------------------------|
| 12.2ZX | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZY | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZYA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.3 based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 12.4 | Not vulnerable | 12.4(25f) |
|------------+--------------------+--------------------------|
| 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 |
|------------+--------------------+--------------------------|
| 12.4JA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JAX | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JDA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JDC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JHA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JHB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JHC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JL | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JMA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JMB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; migrate to |
| | | any release in 12.4JA |
| 12.4JX | Not vulnerable | |
| | | Releases up to and |
| | | including 12.4(21a)JX |
| | | are not vulnerable. |
|------------+--------------------+--------------------------|
| 12.4JY | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4MD | Not vulnerable | 12.4(24)MD6 on |
| | | 28-Oct-2011 |
|------------+--------------------+--------------------------|
| 12.4MDA | Not vulnerable | 12.4(24)MDA7 |
|------------+--------------------+--------------------------|
| 12.4MDB | Not vulnerable | 12.4(24)MDB3 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4MR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4MRA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.4MRB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4SW | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | Only 12.4(24)T | |
| | through 12.4(24)T4 | 12.4(24)T6 |
| 12.4T | are affected; | |
| | first fixed in | 12.4(15)T16 |
| | 12.4(24)T3c and | |
| | 12.4(24)T5 | |
|------------+--------------------+--------------------------|
| 12.4XA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XB | Not vulnerable | 12.4(2)XB12 |
|------------+--------------------+--------------------------|
| 12.4XC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XD | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XF | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XG | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4XL | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.4XM | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4XN | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4XP | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.4XQ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XR | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XT | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XV | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XW | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XY | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4YA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4YB | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4YD | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; fixed in |
| | | 12.4(22)YE6 on |
| 12.4YE | Not vulnerable | 30-Sept-2011; 12.4(24) |
| | | YE7 available on |
| | | 17-Oct-2011 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4YG | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 15.0M | 15.0(1)M5 | 15.0(1)M7 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.0MR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.0MRA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | Not vulnerable | 15.0(1)S4 |
| | | |
| 15.0S | Cisco IOS XE | Cisco IOS XE devices: |
| | devices: see Cisco | see Cisco IOS-XE |
| | IOS-XE Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.0SA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 15.0SE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | Cisco IOS XE | Cisco IOS XE devices: |
| 15.0SG | devices: see Cisco | see Cisco IOS-XE |
| | IOS-XE Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | Vulnerable; First | Vulnerable; First fixed |
| 15.0XA | fixed in Release | in Release 15.1T |
| | 15.1T | |
|------------+--------------------+--------------------------|
| | Cisco IOS XE | |
| | devices: Please | Cisco IOS XE devices: |
| 15.0XO | see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.1EY | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 15.1GC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 15.1T |
|------------+--------------------+--------------------------|
| 15.1M | Not vulnerable | 15.1(4)M2; Available on |
| | | 30-SEP-11 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.1MR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | Not vulnerable | 15.1(2)S2 |
| | | |
| | Cisco IOS XE | 15.1(3)S |
| 15.1S | devices: See Cisco | |
| | IOS-XE Software | Cisco IOS XE devices: |
| | Availability | See Cisco IOS-XE |
| | | Software Availability |
|------------+--------------------+--------------------------|
| | 15.1(1)T3 | |
| | | 15.1(2)T4 15.1(1)T4 on |
| 15.1T | 15.1(2)T3 | 8-Dec-2011 |
| | | |
| | 15.1(3)T1 | |
|------------+--------------------+--------------------------|
| | Vulnerable; First | Vulnerable; First fixed |
| 15.1XB | fixed in Release | in Release 15.1T |
| | 15.1T | |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 15.2-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 15.2 based releases |
+------------------------------------------------------------+

Cisco IOS XE Software
+--------------------

+------------------------------------------------------------+
| Cisco | First | First Fixed Release for All |
| IOS XE | Fixed | Advisories in the September 2011 |
| Release | Release | Bundled Publication |
|----------+------------+------------------------------------|
| 2.1.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.2.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.3.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.4.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.5.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.6.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|---

TOP

Malware :

Last 20

Exploits :

Last 20