ID

VAR-200901-0448

CVE

CVE-2008-3821

TITLE

Cisco IOS cross-site scripting vulnerability

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. The web-based interface implemented in Cisco IOS is vulnerable to cross-site scripting. Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. A wide range of versions are affected. If the web-based interface is disabled, it is not affected. Some versions of the Cisco IOS have the web-based interface enabled by default. For more information, refer to the information provided by Cisco. NOBUHIRO TSUJI of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. These issues are tracked by Cisco bug IDs CSCsi13344 and CSCsr72301. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. The attacker may also perform cross-site request-forgery attacks on the same scripts and parameters. Other attacks may also be possible. This type of attack may result in replacing the target's management interface, or redirecting confidential information to an unauthorized third party, for example, the data returned by the /level/15/exec/-/show/run/CR URL can be modified through the XMLHttpRequest object. For example, injecting an img tag pointing to /level/15/configure/-/enable/secret/newpass will change the enable password to newpass. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) Adrian Pastor and Richard J. Brain of ProCheckUp. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml ProCheckUp: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19 JVN: http://jvn.jp/en/jp/JVN28344798/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ProCheckup has posted a Security Advisory titled "XSS on Cisco IOS HTTP Server" posted at http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19 Cisco would like to thank Adrian Pastor and Richard J. A system that contains the IOS HTTP server or HTTP secure server, but does not have it enabled, is not affected. To determine if the HTTP server is running on your device, issue the show ip http server status | include status and the show ip http server secure status | include status commands at the prompt and look for output similar to: Router#show ip http server status | include status HTTP server status: Enabled HTTP secure server status: Enabled If the device is not running the HTTP server, you should see output similar to: Router#show ip http server status | include status HTTP server status: Disabled HTTP secure server status: Disabled These vulnerabilities are documented in the following Cisco bug IDs: * Cisco bug ID CSCsi13344 - XSS in IOS HTTP Server Special Characters are not escaped in URL strings sent to the HTTP server. * Cisco bug ID CSCsr72301 - XSS in IOS HTTP Server (ping parameter) Special Characters are not escaped in URL strings sent to the HTTP server, via the ping parameter. The ping parameter is used both by external applications such as Router and Security Device Manager (SDM) as well as a direct HTTP session to Cisco IOS http server. These vulnerabilities are independent of each other. These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-3821. Workaround +--------- If the HTTP server is not used for any legitimate purposes on the device, it is a best practice to disable it by issuing the following commands in configure mode: no ip http server no ip http secure-server If the HTTP server is required, it is a recommended best practice to control which hosts may access the HTTP server to only trusted sources. To control which hosts can access the HTTP server, you can apply an access list to the HTTP server. To apply an access list to the HTTP server, use the following command in global configuration mode: ip http access-class {access-list-number | access-list-name} The following example shows an access list that allows only trusted hosts to access the Cisco IOS HTTP server: ip access-list standard 20 permit 192.168.1.0 0.0.0.255 remark "Above is a trusted subnet" remark "Add further trusted subnets or hosts below" ! (Note: all other access implicitly denied) ! (Apply the access-list to the http server) ip http access-class 20 For additional information on configuring the Cisco IOS HTTP server, consult Using the Cisco Web Browser User Interface. For additional information on cross-site scripting attacks and the methods used to exploit these vulnerabilities, please refer to the Cisco Applied Mitigation Bulletin "Understanding Cross-Site Scripting (XSS) Threat Vectors", which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml Further Problem Description +-------------------------- This vulnerability is about escaping characters in the URL that are sent to the HTTP server. The fix for this vulnerability is to escape special characters in the URL string echoed in the response generated by the web exec application. Software Version and Fixes +------------------------- When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center ("TAC") or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) describes a release train and the platforms or products for which it is intended. If a given release train is vulnerable, then the earliest possible releases that contain the fix (the "First Fixed Release") and the anticipated date of availability for each are listed in the "Rebuild" and "Maintenance" columns. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. The release should be upgraded at least to the indicated release or a later version (greater than or equal to the First Fixed Release label). For more information on the terms "Rebuild" and "Maintenance," consult the following URL: http://www.cisco.com/warp/public/620/1.html +----------------------------------------+ | Major | Availability of Repaired | | Release | Releases | |------------+---------------------------| | Affected | First Fixed | Recommended | | 12.0-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0DA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0DB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0DC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | 12.0(33)S3; | | | 12.0S | Available | | | | on | | | | 03-APR-2009 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SC | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SL | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0SP | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0ST | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SX | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SY | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SZ | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0T | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.0(3c)W5 | | 12.0W | first fixed | (8) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0WC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.0WT | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.0XF | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XG | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Releases | | | | prior to | | | | 12.0(4)XI2 | | | | are | | | | vulnerable, | | | 12.0XI | release | 12.4(15) | | | 12.0(4)XI2 | T812.4(23) | | | and later | | | | are not | | | | vulnerable; | | | | first fixed | | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XJ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XK | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XL | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XM | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XN | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XQ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XS | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XT | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XV | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.1-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1AA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1AX | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1AY | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1AZ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1CX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1DA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1DB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1DC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.1E | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1EA | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | 12.1EB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.2(33) | | 12.1EC | first fixed | SCA212.2 | | | in 12.3BC | (33)SCB12.3 | | | | (23)BC6 | |------------+-------------+-------------| | 12.1EO | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.2(31) | | 12.1EU | first fixed | SGA912.2 | | | in 12.2SG | (50)SG | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.1EV | first fixed | S1212.2(33) | | | in 12.4 | SB312.4(15) | | | | T812.4(23) | |------------+-------------+-------------| | | | 12.2(31) | | | Vulnerable; | SGA912.2 | | 12.1EW | first fixed | (50)SG12.4 | | | in 12.4 | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1EX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.1EY | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1EZ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1GA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1GB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1T | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XF | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XG | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XI | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XJ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XL | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XM | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XP | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XQ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XS | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XT | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XU | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XV | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XW | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XY | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XZ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Releases | | | | prior to | | | | 12.1(5)YE6 | | | | are | | | | vulnerable, | | | 12.1YE | release | 12.4(15) | | | 12.1(5)YE6 | T812.4(23) | | | and later | | | | are not | | | | vulnerable; | | | | first fixed | | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YF | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.1YI | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1YJ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.2-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2B | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2BC | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2BW | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.2(33) | | 12.2BX | first fixed | SB312.4(15) | | | in 12.4 | T812.4(23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2BY | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2BZ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2CX | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2CY | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.2CZ | first fixed | S1212.2(33) | | | in 12.2SB | SB3 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2DA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2DD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2DX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.2(31) | | 12.2EW | first fixed | SGA912.2 | | | in 12.2SG | (50)SG | |------------+-------------+-------------| | | Vulnerable; | 12.2(31) | | 12.2EWA | first fixed | SGA912.2 | | | in 12.2SG | (50)SG | |------------+-------------+-------------| | 12.2EX | 12.2(40)EX | 12.2(44)EX1 | |------------+-------------+-------------| | | 12.2(44)EY; | 12.2(46)EY; | | 12.2EY | Available | Available | | | on | on | | | 30-JAN-2009 | 23-JAN-2009 | |------------+-------------+-------------| | | Vulnerable; | | | 12.2EZ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2FX | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | 12.2(44) | | 12.2FY | first fixed | EX112.2(44) | | | in 12.2EX | SE4 | |------------+-------------+-------------| | | Vulnerable; | | | 12.2FZ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | 12.2IRA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2IRB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2IXA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXF | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXG | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2JA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2JK | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2MB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2MC | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2S | first fixed | 12.2(20)S12 | | | in 12.2SB | | |------------+-------------+-------------| | | 12.2(33) | | | | SB12.2(31) | | | 12.2SB | SB14; | 12.2(33)SB3 | | | Available | | | | on | | | | 16-JAN-2009 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SBC | first fixed | 12.2(33)SB3 | | | in 12.2SB | | |------------+-------------+-------------| | 12.2SCA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SCB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SE | 12.2(40)SE | 12.2(44)SE4 | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEA | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEB | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEC | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SED | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEE | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEF | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | 12.2(44) | | 12.2SEG | first fixed | EX112.2(44) | | | in 12.2EX | SE4 | |------------+-------------+-------------| | 12.2SG | 12.2(44)SG | 12.2(50)SG | |------------+-------------+-------------| | 12.2SGA | 12.2(31) | 12.2(31) | | | SGA9 | SGA9 | |------------+-------------+-------------| | 12.2SL | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SM | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SO | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SQ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SR | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SRA | migrate to | 12.2(33) | | | any release | SRC3 | | | in 12.2SRC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SRB | migrate to | 12.2(33) | | | any release | SRC3 | | | in 12.2SRC | | |------------+-------------+-------------| | 12.2SRC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SRD | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2STE | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2SU | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.2SV | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SW | first fixed | 12.4(15)T8 | | | in 12.4SW | | |------------+-------------+-------------| | 12.2SX | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXF | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXH | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SXI | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.2SY | first fixed | S1212.2(33) | | | in 12.2SB | SB3 | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.2SZ | first fixed | S1212.2(33) | | | in 12.2SB | SB3 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2T | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2TPC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2XF | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XG | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XI | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XJ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XK | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XL | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XM | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | | 12.2(20) | | | | S1212.2(33) | | | | SB312.2(33) | | 12.2XN | 12.2(33)XN1 | SRC312.2 | | | | (33) | | | | XNA212.2 | | | | (33r)SRD2 | |------------+-------------+-------------| | 12.2XNA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XNB | Not | | | | Vulnerable | | |------------+-------------+-------------| | | 12.2(46)XO; | 12.2(46)XO; | | 12.2XO | Available | Available | | | on | on | | | 02-FEB-2009 | 02-FEB-2009 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XQ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XS | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XT | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XU | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XV | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XW | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2YA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2YB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YF | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YG | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YH | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YJ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YK | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YL | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2YM | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.2YN | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YO | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2YP | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2YQ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YR | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YS | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YT | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YU | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YV | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YW | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YX | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YY | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YZ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Releases | | | | prior to | | | | 12.2(13)ZC | | | | are | | | 12.2ZC | vulnerable, | | | | release | | | | 12.2(13)ZC | | | | and later | | | | are not | | | | vulnerable; | | |------------+-------------+-------------| | 12.2ZD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZF | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZG | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2ZJ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZL | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZP | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2ZU | migrate to | | | | any release | | | | in 12.2SXH | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2ZX | first fixed | 12.2(33)SB3 | | | in 12.2SB | | |------------+-------------+-------------| | 12.2ZY | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZYA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.3-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3B | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3BC | 12.3(23)BC6 | 12.3(23)BC6 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3BW | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3EU | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.3JA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JEA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JEB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JEC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3JK | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3JL | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JX | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3T | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3TPC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3VA | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.3XB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XC | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XD | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.3XF | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XG | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XI | first fixed | 12.2(33)SB3 | | | in 12.2SB | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XJ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XK | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XL | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XQ | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XS | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XU | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XW | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XX | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XY | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XZ | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3YA | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YD | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YF | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YG | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YH | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YI | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YJ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YK | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YM | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YQ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YS | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YT | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YU | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YX | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.3YZ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3ZA | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.4-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | 12.4 | 12.4(16) | 12.4(23) | |------------+-------------+-------------| | 12.4JA | 12.4(16b)JA | 12.4(16b) | | | | JA1 | |------------+-------------+-------------| | 12.4JDA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4JK | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4JL | 12.4(3)JL1 | 12.4(3)JL1 | |------------+-------------+-------------| | 12.4JMA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4JMB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(16b) | | 12.4JX | first fixed | JA1 | | | in 12.4JA | | |------------+-------------+-------------| | 12.4MD | 12.4(15)MD | 12.4(15)MD2 | |------------+-------------+-------------| | 12.4MR | 12.4(16)MR | | |------------+-------------+-------------| | 12.4SW | 12.4(11)SW3 | 12.4(15)T8 | |------------+-------------+-------------| | 12.4T | 12.4(15)T | 12.4(15)T8 | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XA | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XB | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XC | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XD | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XE | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.4XF | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XG | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XJ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XK | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.4XL | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XM | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XN | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XP | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4XQ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XR | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XT | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.4XV | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | | 12.4(11) | | | | XW10; | | 12.4XW | 12.4(11)XW3 | Available | | | | on | | | | 22-JAN-2009 | |------------+-------------+-------------| | 12.4XY | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XZ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4YA | Not | | | | Vulnerable | | +----------------------------------------+ Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-January-14 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkluC58ACgkQ86n/Gc8U/uA6vACfY36eBjbCbnJsrnJlOCE0Mr6Y JqUAn1TVyUvBk8lGTm94F+tvmZy4n3Ke =cGUi -----END PGP SIGNATURE-----

AFFECTED PRODUCTS