VARIoT IoT vulnerabilities database
| VAR-201110-0253 | CVE-2011-3294 | Cisco TelePresence Video Communication Servers Management interface cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342. Cisco TelePresence Video Communication Server is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Versions prior to Cisco TelePresence Video Communication Server X7.0 are affected
| VAR-201110-0058 | CVE-2011-0945 |
Cisco IOS Data-Link Switching Memory Leak Remote Denial of Service Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201109-0262 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to cause a denial of service (memory consumption and device reload or hang) via a crafted IP protocol 91 packet, aka Bug ID CSCth69364. Cisco IOS is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCth69364. Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet interconnection. Remote illegal attackers can use this vulnerability to cause denial of service.
Cisco has released free software updates that address this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-dlsw.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
Affected Products
=================
Vulnerable Products
+------------------
Cisco IOS devices with the DLSw promiscuous feature enabled are affected
by the vulnerability described in this advisory. Devices with the DLSw
promiscuous feature enabled contain a line in the configuration defining
a local DLSw peer with the promiscuous keyword. This configuration
can be observed by issuing the command "show running-config". Systems
configured with the DLSw promiscuous feature enabled contain a line
similar to one of the following:
dlsw local-peer promiscuous
or
dlsw local-peer peer-id <IP address> promiscuous
To determine the software that runs on a Cisco IOS device, log in to
the device and issue the "show version" command to display the system
banner. Cisco IOS Software identifies itself as "Cisco Internetwork
Operating System Software" or "Cisco IOS Software." Other Cisco devices
do not have the "show version" command or give different output.
The following example shows output from a device running IOS version
15.0(1)M1:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
Additional information about Cisco IOS Software release naming
conventions is available in the white paper Cisco IOS and NX-OS
Software Reference Guide at:
http://www.cisco.com/web/about/security/intelligence/ios-ref.html.
Products Confirmed Not Vulnerable
+--------------------------------
No other Cisco products are currently known to be affected by this
vulnerability.
Details
=======
DLSw provides a means of transporting IBM Systems Network
Architecture (SNA) and network BIOS (NetBIOS) traffic over an IP
network. The Cisco implementation of DLSw over Fast Sequence
Transport (FST) uses IP Protocol 91. The promiscuous DLSw feature
permits the local peer to establish connection with remote peers that
are not statically configured.
A Cisco IOS device that is configured for DLSw listens for IP
protocol 91 packets. Depending on the DLSw configuration, UDP port
2067, and, one or more TCP ports can also be opened. The
vulnerability described in this document can only be exploited via IP
Protocol 91 and can not be exploited using either the UDP or TCP
transports.
Devices with only statically configured DLSw peers are not affected
by this vulnerability.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCth69364 ("DLSw FST Memory Leak")
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerability may result in a memory
leak that can lead to a denial of service condition.
To identify the memory leak caused by this vulnerability, issue the
"show dlsw peers | include FST.*DISCONN" command; a monotonically
increasing list of FST peers that remain in the DISCONN state indicates
that memory is being held, as shown in the following example:
Router> show dlsw peers | include FST.*DISCONN
FST 176.74.146.194 DISCONN 1 0 prom 0 - - -
FST 9.180.128.186 DISCONN 1 0 prom 0 - - -
FST 139.71.105.39 DISCONN 1 0 prom 0 - - -
FST 138.150.39.18 DISCONN 1 0 prom 0 - - -
FST 253.240.220.167 DISCONN 1 0 prom 0 - - -
FST 252.186.119.224 DISCONN 1 0 prom 0 - - -
FST 41.255.172.252 DISCONN 1 0 prom 0 - - -
! --- Output truncated
Router>
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Additionally, the Cisco IOS Software Checker is available on
the Cisco Security Intelligence Operations (SIO) portal at
http://tools.cisco.com/security/center/selectIOSVersion.x. It provides
several features for checking which Security Advisories affect specified
versions of Cisco IOS Software.
Cisco IOS Software
+-----------------
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2011 Bundled Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+-----------------------------------------------|
| Affected | | First Fixed Release |
| 12.0-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------------------------------------------------------|
| There are no affected 12.0-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release |
| 12.1-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.1E | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 12.2-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| 12.2 | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | |
| | fixed in Release 12.4 | |
| 12.2B | | Vulnerable; first |
| | Releases up to and | fixed in Release 12.4 |
| | including 12.2(2)B7 | |
| | are not vulnerable. | |
|------------+-----------------------+-----------------------|
| 12.2BC | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2BW | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | |
| | fixed in Release | |
| | 12.2SB | Vulnerable; first |
| 12.2BX | | fixed in Release |
| | Releases up to and | 12.2SB |
| | including 12.2(15)BX | |
| | are not vulnerable. | |
|------------+-----------------------+-----------------------|
| 12.2BY | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2BZ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2CX | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2CY | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2CZ | Not vulnerable | fixed in Release |
| | | 12.2SB |
|------------+-----------------------+-----------------------|
| 12.2DA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2DD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2DX | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2EU | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Releases up to and |
| 12.2EW | Not vulnerable | including 12.2(20)EW4 |
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+-----------------------+-----------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
|------------+-----------------------+-----------------------|
| | | Vulnerable; migrate |
| 12.2EZ | Not vulnerable | to any release in |
| | | 15.0SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2FX | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2FY | Not vulnerable | fixed in Release |
| | | 12.2EX |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2FZ | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | Vulnerable; migrate | Vulnerable; migrate |
| 12.2IRA | to any release in | to any release in |
| | 12.2IRG | 12.2IRG |
|------------+-----------------------+-----------------------|
| | Vulnerable; migrate | Vulnerable; migrate |
| 12.2IRB | to any release in | to any release in |
| | 12.2IRG | 12.2IRG |
|------------+-----------------------+-----------------------|
| | Vulnerable; migrate | Vulnerable; migrate |
| 12.2IRC | to any release in | to any release in |
| | 12.2IRG | 12.2IRG |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IRD | 12.2(33)IRD1 | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IRE | 12.2(33)IRE3 | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; migrate | Vulnerable; migrate |
| 12.2IRF | to any release in | to any release in |
| | 12.2IRG | 12.2IRG |
|------------+-----------------------+-----------------------|
| 12.2IRG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXA | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXB | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXC | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXD | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXE | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXF | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXG | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2IXH | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2JA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2JK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2MB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2MC | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2MRA | Not vulnerable | fixed in Release |
| | | 12.2SRD |
|------------+-----------------------+-----------------------|
| 12.2MRB | Not vulnerable | 12.2(33)MRB5 |
|------------+-----------------------+-----------------------|
| | Releases prior to | Releases prior to |
| | 12.2(30)S are | 12.2(30)S are |
| | vulnerable; Releases | vulnerable; Releases |
| 12.2S | 12.2(30)S and later | 12.2(30)S and later |
| | are not vulnerable. | are not vulnerable. |
| | First fixed in | First fixed in |
| | Release 12.2SB | Release 12.2SB |
|------------+-----------------------+-----------------------|
| | 12.2(31)SB20 | 12.2(31)SB2012.2(33) |
| 12.2SB | | SB10 |
| | 12.2(33)SB10 | |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SBC | fixed in Release | fixed in Release |
| | 12.2SB | 12.2SB |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SCA | fixed in Release | fixed in Release |
| | 12.2SCC | 12.2SCC |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SCB | fixed in Release | fixed in Release |
| | 12.2SCC | 12.2SCC |
|------------+-----------------------+-----------------------|
| 12.2SCC | 12.2(33)SCC7 | 12.2(33)SCC7 |
|------------+-----------------------+-----------------------|
| | 12.2(33)SCD6 | |
| 12.2SCD | | 12.2(33)SCD6 |
| | 12.2(33)SCD7 | |
|------------+-----------------------+-----------------------|
| | 12.2(33)SCE1 | 12.2(33)SCE112.2(33) |
| 12.2SCE | | SCE2 |
| | 12.2(33)SCE2 | |
|------------+-----------------------+-----------------------|
| 12.2SCF | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SE | Not vulnerable | 12.2(55)SE312.2(58)SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEA | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEB | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEC | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SED | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEE | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEF | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Releases prior to |
| | | 12.2(25)SEG4 are |
| | | vulnerable; Releases |
| 12.2SEG | Not vulnerable | 12.2(25)SEG4 and |
| | | later are not |
| | | vulnerable. First |
| | | fixed in Release |
| | | 12.2EX |
|------------+-----------------------+-----------------------|
| | Releases prior to | Releases prior to |
| | 12.2(40)SG are | 12.2(53)SG4 are |
| 12.2SG | vulnerable; Releases | vulnerable; Releases |
| | 12.2(40)SG and later | 12.2(53)SG4 and later |
| | are not vulnerable. | are not vulnerable. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2SGA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2SL | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2SM | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2SO | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SQ | Not vulnerable | 12.2(50)SQ3 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SRA | fixed in Release | fixed in Release |
| | 12.2SRD | 12.2SRD |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SRB | fixed in Release | fixed in Release |
| | 12.2SRD | 12.2SRD |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SRC | fixed in Release | fixed in Release |
| | 12.2SRD | 12.2SRD |
|------------+-----------------------+-----------------------|
| 12.2SRD | 12.2(33)SRD6 | 12.2(33)SRD6 |
|------------+-----------------------+-----------------------|
| 12.2SRE | 12.2(33)SRE3 | 12.2(33)SRE4 |
|------------+-----------------------+-----------------------|
| 12.2STE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SU | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Releases prior to | Releases prior to |
| | 12.2(29a)SV are | 12.2(29a)SV are |
| | vulnerable; Releases | vulnerable; Releases |
| 12.2SV | 12.2(29a)SV and later | 12.2(29a)SV and later |
| | are not vulnerable. | are not vulnerable. |
| | Migrate to any | Migrate to any |
| | release in 12.2SVD | release in 12.2SVD |
|------------+-----------------------+-----------------------|
| 12.2SVA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SVC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SVD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SVE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Releases prior to | Vulnerable; contact |
| | 12.2(25)SW12 are | your support |
| | vulnerable; Releases | organization per the |
| 12.2SW | 12.2(25)SW12 and | instructions in the |
| | later are not | Obtaining Fixed |
| | vulnerable. | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SX | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SXA | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SXB | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SXD | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SXE | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| 12.2SXF | 12.2(18)SXF17b | 12.2(18)SXF17b |
|------------+-----------------------+-----------------------|
| 12.2SXH | 12.2(33)SXH8a | 12.2(33)SXH8a |
|------------+-----------------------+-----------------------|
| 12.2SXI | 12.2(33)SXI6 | 12.2(33)SXI6 |
|------------+-----------------------+-----------------------|
| 12.2SXJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SY | 12.2(50)SY | 12.2(50)SY |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2SZ | fixed in Release | fixed in Release |
| | 12.2SB | 12.2SB |
|------------+-----------------------+-----------------------|
| 12.2T | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2TPC | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2XA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XB | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2XC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XF | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XH | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XI | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XL | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XM | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XN | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XNA | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XNB | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XNC | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XND | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XNE | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Please see Cisco | Please see Cisco |
| 12.2XNF | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | | Releases prior to |
| | | 12.2(54)XO are |
| 12.2XO | Not vulnerable | vulnerable; Releases |
| | | 12.2(54)XO and later |
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| 12.2XQ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XR | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XS | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XT | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XU | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XV | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XW | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Releases prior to | |
| | 12.2(4)YA8 are | |
| | vulnerable; Releases | Vulnerable; first |
| 12.2YA | 12.2(4)YA8 and later | fixed in Release 12.4 |
| | are not vulnerable. | |
| | First fixed in | |
| | Release 12.4 | |
|------------+-----------------------+-----------------------|
| 12.2YB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YF | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YG | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YH | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | Releases prior to | your support |
| | 12.2(8)YJ1 are | organization per the |
| 12.2YJ | vulnerable; Releases | instructions in the |
| | 12.2(8)YJ1 and later | Obtaining Fixed |
| | are not vulnerable. | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2YK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YL | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2YM | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YN | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2YO | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YP | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YQ | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YR | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YS | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YT | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YU | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | Releases prior to | your support |
| | 12.2(11)YV1 are | organization per the |
| 12.2YV | vulnerable; Releases | instructions in the |
| | 12.2(11)YV1 and later | Obtaining Fixed |
| | are not vulnerable. | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YW | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YX | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YY | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2YZ | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2ZA | fixed in Release | fixed in Release |
| | 12.2SXF | 12.2SXF |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2ZB | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2ZC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2ZD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2ZE | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2ZF | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2ZG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Releases prior to | |
| | 12.2(13)ZH6 are | |
| | vulnerable; Releases | Vulnerable; first |
| 12.2ZH | 12.2(13)ZH6 and later | fixed in Release 12.4 |
| | are not vulnerable. | |
| | First fixed in | |
| | Release 12.4 | |
|------------+-----------------------+-----------------------|
| 12.2ZJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2ZL | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2ZP | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.2ZU | fixed in Release | fixed in Release |
| | 12.2SXH | 12.2SXH |
|------------+-----------------------+-----------------------|
| 12.2ZX | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2ZY | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.2ZYA | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 12.3-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| 12.3 | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3B | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.3BC | Not vulnerable | fixed in Release |
| | | 12.2SCC |
|------------+-----------------------+-----------------------|
| 12.3BW | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3JA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3JEA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3JEB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3JEC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3JED | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Releases up to and | Releases up to and |
| | including 12.3(2)JK3 | including 12.3(2)JK3 |
| | are not vulnerable. | are not vulnerable. |
| 12.3JK | Releases 12.3(8)JK1 | Releases 12.3(8)JK1 |
| | and later are not | and later are not |
| | vulnerable. First | vulnerable. First |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3JL | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3JX | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3T | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | Releases up to and | your support |
| | including 12.3(4) | organization per the |
| 12.3TPC | TPC11a are not | instructions in the |
| | vulnerable. | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.3VA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Releases prior to | |
| | 12.3(2)XA7 are | |
| | vulnerable; Releases | Vulnerable; first |
| 12.3XA | 12.3(2)XA7 and later | fixed in Release 12.4 |
| | are not vulnerable. | |
| | First fixed in | |
| | Release 12.4 | |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.3XB | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.3XC | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3XD | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3XE | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.3XF | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.3XG | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3XI | fixed in Release | fixed in Release |
| | 12.2SB | 12.2SB |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.3XJ | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.3XK | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3XL | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.3XQ | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3XR | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3XS | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3XU | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.3XW | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 12.3XX | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3XY | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3XZ | Vulnerable; first | Vulnerable; first |
| | fixed in Release 12.4 | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3YA | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.3YD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3YF | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3YG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3YH | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3YI | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3YJ | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.3YK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.3YM | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3YQ | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | |
| | fixed in Release | |
| | 12.4T | Vulnerable; first |
| 12.3YS | | fixed in Release |
| | Releases up to and | 12.4T |
| | including 12.3(11)YS1 | |
| | are not vulnerable. | |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3YT | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3YU | fixed in Release | fixed in Release |
| | 12.4XB | 12.4XB |
|------------+-----------------------+-----------------------|
| | Vulnerable; migrate | Vulnerable; first |
| 12.3YX | to any release in | fixed in Release |
| | 12.4XR | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.3YZ | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.3ZA | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 12.4-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| 12.4 | 12.4(25e) | 12.4(25f) |
|------------+-----------------------+-----------------------|
| 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 |
|------------+-----------------------+-----------------------|
| 12.4JA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JAX | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JDA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JDC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JHA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JHB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JHC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JL | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JMA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4JMB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; migrate |
| | | to any release in |
| | | 12.4JA |
| 12.4JX | Not vulnerable | |
| | | Releases up to and |
| | | including 12.4(21a)JX |
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| 12.4JY | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4MD | Not vulnerable | 12.4(24)MD6 on |
| | | 28-Oct-2011 |
|------------+-----------------------+-----------------------|
| 12.4MDA | Not vulnerable | 12.4(24)MDA7 |
|------------+-----------------------+-----------------------|
| 12.4MDB | Not vulnerable | 12.4(24)MDB3 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.4MR | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.4MRA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.4MRB | Not vulnerable | fixed in Release |
| | | 12.4T |
|------------+-----------------------+-----------------------|
| 12.4SW | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | 12.4(15)T15 | 12.4(15)T16 |
| 12.4T | | |
| | 12.4(24)T5 | 12.4(24)T6 |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XA | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.4XB | 12.4(2)XB12 | 12.4(2)XB12 |
|------------+-----------------------+-----------------------|
| 12.4XC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XD | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.4XE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.4XF | Not vulnerable | fixed in Release |
| | | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XG | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.4XJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.4XK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.4XL | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Releases up to and | |
| | including 12.4(15)XM | |
| | are not vulnerable. | |
| | | Vulnerable; first |
| 12.4XM | Releases 12.4(15)XM3 | fixed in Release |
| | and later are not | 12.4T |
| | vulnerable. First | |
| | fixed in Release | |
| | 12.4T | |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.4XN | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.4XP | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.4XQ | Not vulnerable | fixed in Release |
| | | 12.4T |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.4XR | Not vulnerable | fixed in Release |
| | | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XT | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| 12.4XV | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XW | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XY | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4XZ | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 12.4YA | fixed in Release | fixed in Release |
| | 12.4T | 12.4T |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 12.4YB | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.4YD | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; fixed in |
| | | 12.4(22)YE6 on |
| 12.4YE | Not vulnerable | 30-Sept-2011; 12.4 |
| | | (24)YE7 available on |
| | | 17-Oct-2011 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.4YG | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 15.0-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| | 15.0(1)M4 | |
| 15.0M | | 15.0(1)M7 |
| | 15.0(1)M5a | |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.0MR | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.0MRA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | 15.0(1)S3a | |
| | | 15.0(1)S4 |
| | 15.0(1)S4 | |
| 15.0S | | Cisco IOS XE devices: |
| | Cisco IOS XE devices: | Please see Cisco |
| | Please see Cisco | IOS-XE Software |
| | IOS-XE Software | Availability |
| | Availability | |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.0SA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 15.0SE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | Cisco IOS XE devices: | Cisco IOS XE devices: |
| 15.0SG | Please see Cisco | Please see Cisco |
| | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 15.0XA | fixed in Release | fixed in Release |
| | 15.1T | 15.1T |
|------------+-----------------------+-----------------------|
| | Cisco IOS XE devices: | Cisco IOS XE devices: |
| 15.0XO | Please see Cisco | Please see Cisco |
| | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 15.1-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.1EY | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 15.1GC | Not vulnerable | fixed in Release |
| | | 15.1T |
|------------+-----------------------+-----------------------|
| 15.1M | Not vulnerable | 15.1(4)M2; Available |
| | | on 30-SEP-11 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.1MR | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | 15.1(1)S1 | 15.1(2)S2 |
| | | |
| | 15.1(2)S | 15.1(3)S |
| 15.1S | | |
| | Cisco IOS XE devices: | Cisco IOS XE devices: |
| | Please see Cisco | Please see Cisco |
| | IOS-XE Software | IOS-XE Software |
| | Availability | Availability |
|------------+-----------------------+-----------------------|
| | 15.1(1)T3 | |
| | | |
| | 15.1(2)T2 | 15.1(2)T4 15.1(1)T4 |
| 15.1T | | on 8-Dec-2011 |
| | 15.1(2)T2a | |
| | | |
| | 15.1(3)T | |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 15.1XB | fixed in Release | fixed in Release |
| | 15.1T | 15.1T |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 15.2-Based | First Fixed Release | for All Advisories in |
| Releases | | the September 2011 |
| | | Bundled Publication |
|------------------------------------------------------------|
| There are no affected 15.2-based releases |
+------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
Cisco IOS XE Software is affected by the vulnerability disclosed in
this document.
+------------------------------------------------------------+
| Cisco | First | First Fixed Release for All |
| IOS XE | Fixed | Advisories in the September 2011 |
| Release | Release | Bundled Publication |
|----------+------------+------------------------------------|
| 2.1.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.2.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.3.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.4.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.5.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.6.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.1.xS | 3.1.3S | Vulnerable; migrate to 3.3.2S or |
| | | later |
|----------+------------+------------------------------------|
| 3.1.xSG | Not | Vulnerable; migrate to 3.2.0SG or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.2.xS | 3.2.1S | Vulnerable; migrate to 3.3.2S or |
| | | later |
|----------+------------+------------------------------------|
| 3.2.xSG | Not | Not vulnerable |
| | vulnerable | |
|----------+------------+------------------------------------|
| 3.3.xS | Not | 3.3.2S |
| | vulnerable | |
|----------+------------+------------------------------------|
| 3.4.xS | Not | Not vulnerable |
| | vulnerable | |
+------------------------------------------------------------+
For mapping of Cisco IOS XE to Cisco IOS releases, please refer to
the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and
Cisco IOS XE 3SG Release Notes.
Cisco IOS XR Software
+--------------------
Cisco IOS XR Software is not affected by any of the vulnerabilities
in the September 2011 bundled publication.
Workarounds
===========
This vulnerability can be mitigated by using Control Plane Policing
(CoPP) to only allow IP Protocol 91 packets sent by valid peers.
Mitigation techniques that can be deployed on Cisco devices within
the network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20110928-dlsw.shtml
Control Plane Policing
+---------------------
Control Plane Policing (CoPP) can be used to block untrusted IP
Protocol 91 packets sent to the affected device. CoPP may be configured on a device to protect the
management and control planes to minimize the risk and effectiveness
of direct infrastructure attacks by explicitly permitting, and if
configured, rate-limiting only authorized traffic that is sent to
infrastructure devices in accordance with existing security policies
and configurations. The following example, which uses 192.168.100.1
to represent a trusted host, can be adapted to your network.
!-- Deny FST traffic on IP protocol 91 from trusted
!-- hosts to all IP addresses configured on all interfaces of the affected device
!-- so that it will be allowed by the CoPP feature
access-list 111 deny 91 host 192.168.100.1 any
!-- Permit all other FST traffic on IP protocol 91
!-- sent to all IP addresses configured on all interfaces of the affected
!-- device so that it will be policed and dropped by the CoPP feature
access-list 111 permit 91 any any
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3
!-- and Layer4 traffic in accordance with existing security
!-- policies and configurations for traffic that is authorized
!-- to be sent to infrastructure devices
!-- Create a Class-Map for traffic to be policed by
!-- the CoPP feature
class-map match-all drop-fst-91-class
match access-group 111
!-- Create a Policy-Map that will be applied to the
!-- Control-Plane of the device.
policy-map input-CoPP-policy
class drop-fst-91-class
drop
!-- Apply the Policy-Map to the Control-Plane of the
!-- device
control-plane
service-policy input input-CoPP-policy
In the above CoPP example, the access control list entries (ACEs)
that match the potential exploit packets with the "permit" action
result in these packets being discarded by the policy map "drop"
function, while packets that match the deny action (not shown) are
not affected by the policy-map drop function. Note that in the 12.2S
and 12.0S Cisco IOS trains the policy-map syntax is different, as
shown in the following example:
policy-map input-CoPP-policy
class drop-fst-91-class
police 32000 1500 1500 conform-action drop exceed-action drop
Additional information on the CoPP feature is available at: Control
Plane Policing Implementation Best Practices.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature
sets they have purchased. By installing, downloading, accessing
or otherwise using such software upgrades, customers agree to be
bound by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was discovered during Cisco internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110323-dlsw.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2011-September-28 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities
in Cisco products, obtaining assistance with security
incidents, and registering to receive security information
from Cisco, is available on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding
Cisco security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk6Cp2EACgkQQXnnBKKRMNDlUwD/RunFKu5OItJXD8gTi5PtkxMz
CoIx3+/EIJjznWKJnBoA/3bh8zYaW5Et3pvnmF9Hm2nImvFT1jMZOIv1zWfAMsXX
=oqzZ
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Cisco IOS Data-Link Switching Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA46189
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46189/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46189
RELEASE DATE:
2011-10-31
DISCUSS ADVISORY:
http://secunia.com/advisories/46189/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46189/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46189
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Please see the vendor's advisory for a list of affected versions.
SOLUTION:
Update to a fixed version (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-dlsw.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor
| VAR-201110-0059 | CVE-2011-0944 |
Cisco IOS Service disruption in ( Device reload ) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201109-0828 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194.
An attacker can exploit this issue to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in sustained denial-of-service condition.
This issue is tracked by Cisco Bug ID CSCtj41194. Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet interconnection. The data flow interaction function DLSw can realize the transmission of IBM SNA and network BIOS traffic on the IP network. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Cisco IOS IPv6 Packet Processing Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA46199
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46199/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46199
RELEASE DATE:
2011-10-30
DISCUSS ADVISORY:
http://secunia.com/advisories/46199/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46199/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46199
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Please see the vendor's advisory for a list of affected versions.
SOLUTION:
Update to a fixed version (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. The vulnerability may be triggered when
the device processes a malformed IPv6 packet.
Cisco has released free software updates that address this
vulnerability. There are no workarounds to mitigate this
vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
Affected Products
=================
This vulnerability affects devices that are running Cisco IOS
Software and configured for IPv6 operation. IPv6 is not enabled by
default in Cisco IOS Software.
Vulnerable Products
+------------------
Cisco devices that are running an affected version of Cisco IOS
Software and configured for IPv6 operation are vulnerable. A device
that is running Cisco IOS Software and that has IPv6 enabled will
show some interfaces with assigned IPv6 addresses when the "show ipv6
interface brief" command is executed.
The "show ipv6 interface brief" command will produce an error message
if the version of Cisco IOS Software in use does not support IPv6, or
will not show any interfaces with IPv6 address if IPv6 is disabled.
The system is not vulnerable in these scenarios.
Sample output of the "show ipv6 interface brief" command on a system
that is configured for IPv6 operation follows:
router>show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::222:90FF:FEB0:1098
2001:DB8:2:93::3
200A:1::1
FastEthernet0/1 [up/up]
FE80::222:90FF:FEB0:1099
2001:DB8:2:94::1
Serial0/0/0 [down/down]
unassigned
Serial0/0/0.4 [down/down]
unassigned
Serial0/0/0.5 [down/down]
unassigned
Serial0/0/0.6 [down/down]
unassigned
Alternatively, the IPv6 protocol is enabled if the interface
configuration command "ipv6 address <IPv6 address>" or "ipv6 enable"
is present in the configuration. Both may be present, as shown in the
vulnerable configuration in the following example shows:
interface FastEthernet0/1
ipv6 address 2001:0DB8:C18:1::/64 eui-64
!
interface FastEthernet0/2
ipv6 enable
A device that is running Cisco IOS Software and that has IPv6 enabled
on a physical or logical interface is vulnerable even if ipv6
unicast-routing is globally disabled (that is, the device is not
routing IPv6 packets).
To determine the Cisco IOS Software release that is running on a Cisco
product, administrators can log in to the device and issue the "show
version" command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or "Cisco
IOS Software." The image name displays in parentheses, followed by
"Version" and the Cisco IOS Software release name. Other Cisco devices
do not have the "show version" command or may provide different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release
naming conventions is available in the white paper Cisco
IOS and NX-OS Software Reference Guide available at
http://www.cisco.com/web/about/security/intelligence/ios-ref.html.
No other Cisco products are currently known to be affected by this
vulnerability.
Details
=======
IPv6, which was designed by the Internet Engineering Task Force
(IETF), is intended to replace the current version, IP Version 4
(IPv4). An attacker could exploit this vulnerability by sending
malformed IPv6 packets to physical or logical interfaces that are
configured to process IPv6 traffic. Transit traffic cannot trigger
this vulnerability. Exploitation could cause an affected system to
reload.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtj41194 ("Crafted IPv6 packet causes device reload")
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerability that is described in
this advisory may cause a reload of an affected device.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Additionally, the Cisco IOS Software Checker is available on
the Cisco Security Intelligence Operations (SIO) portal at
http://tools.cisco.com/security/center/selectIOSVersion.x. It provides
several features for checking which Security Advisories affect specified
versions of Cisco IOS Software.
Cisco IOS Software
+-----------------
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2011 Bundled Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+-----------------------------------------------|
| Affected | | First Fixed Release for |
| 12.0-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.0 based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.1-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 12.1E | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 12.2-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 12.2 | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2B | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2BC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2BW | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2BX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2BY | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2BZ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2CX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2CY | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2CZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2DA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2DD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2DX | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2EU | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Releases up to and |
| 12.2EW | Not vulnerable | including 12.2(20)EW4 |
| | | are not vulnerable. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2EWA | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+--------------------+--------------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
|------------+--------------------+--------------------------|
| 12.2EZ | Not vulnerable | Vulnerable; migrate to |
| | | any release in 15.0SE |
|------------+--------------------+--------------------------|
| 12.2FX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2FY | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2EX |
|------------+--------------------+--------------------------|
| 12.2FZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2IRA | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| 12.2IRB | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| 12.2IRC | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IRD | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IRE | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2IRF | Not vulnerable | Vulnerable; migrate to |
| | | any release in 12.2IRG |
|------------+--------------------+--------------------------|
| 12.2IRG | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXB | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXC | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXD | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXE | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXF | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXG | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2IXH | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2JA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2JK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2MB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2MC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2MRA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2MRB | Not vulnerable | 12.2(33)MRB5 |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (30)S are vulnerable; |
| 12.2S | Not vulnerable | Releases 12.2(30)S and |
| | | later are not |
| | | vulnerable. First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2SB | Not vulnerable | 12.2(31)SB2012.2(33)SB10 |
|------------+--------------------+--------------------------|
| 12.2SBC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2SCA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SCC |
|------------+--------------------+--------------------------|
| 12.2SCB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SCC |
|------------+--------------------+--------------------------|
| 12.2SCC | Not vulnerable | 12.2(33)SCC7 |
|------------+--------------------+--------------------------|
| 12.2SCD | Not vulnerable | 12.2(33)SCD6 |
|------------+--------------------+--------------------------|
| 12.2SCE | Not vulnerable | 12.2(33)SCE112.2(33)SCE2 |
|------------+--------------------+--------------------------|
| 12.2SCF | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SE | Not vulnerable | 12.2(55)SE312.2(58)SE |
|------------+--------------------+--------------------------|
| 12.2SEA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SED | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEE | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| 12.2SEF | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SE |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (25)SEG4 are vulnerable; |
| 12.2SEG | Not vulnerable | Releases 12.2(25)SEG4 |
| | | and later are not |
| | | vulnerable. First fixed |
| | | in Release 12.2EX |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (53)SG4 are vulnerable; |
| 12.2SG | Not vulnerable | Releases 12.2(53)SG4 and |
| | | later are not |
| | | vulnerable. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2SGA | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2SL | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2SM | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2SO | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SQ | Not vulnerable | 12.2(50)SQ3 |
|------------+--------------------+--------------------------|
| 12.2SRA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2SRB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2SRC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SRD |
|------------+--------------------+--------------------------|
| 12.2SRD | Not vulnerable | 12.2(33)SRD6 |
|------------+--------------------+--------------------------|
| 12.2SRE | Not vulnerable | 12.2(33)SRE4 |
|------------+--------------------+--------------------------|
| 12.2STE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SU | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (29a)SV are vulnerable; |
| 12.2SV | Not vulnerable | Releases 12.2(29a)SV and |
| | | later are not |
| | | vulnerable. Migrate to |
| | | any release in 12.2SVD |
|------------+--------------------+--------------------------|
| 12.2SVA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SVC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SVD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SVE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2SW | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2SX | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXD | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXE | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| 12.2SXF | Not vulnerable | 12.2(18)SXF17b |
|------------+--------------------+--------------------------|
| 12.2SXH | Not vulnerable | 12.2(33)SXH8a |
|------------+--------------------+--------------------------|
| 12.2SXI | Not vulnerable | 12.2(33)SXI6 |
|------------+--------------------+--------------------------|
| 12.2SXJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2SY | Not vulnerable | 12.2(50)SY |
|------------+--------------------+--------------------------|
| 12.2SZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SB |
|------------+--------------------+--------------------------|
| 12.2T | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2TPC | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2XA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2XC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XF | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XG | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XH | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XI | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XL | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XM | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XN | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNA | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNB | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNC | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XND | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNE | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | See Cisco IOS-XE | See Cisco IOS-XE |
| 12.2XNF | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | | Releases prior to 12.2 |
| | | (54)XO are vulnerable; |
| 12.2XO | Not vulnerable | Releases 12.2(54)XO and |
| | | later are not |
| | | vulnerable. |
|------------+--------------------+--------------------------|
| 12.2XQ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XR | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XS | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XT | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XU | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XV | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2XW | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2YB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YF | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YG | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YH | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YJ | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2YK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YL | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2YM | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YN | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2YO | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2YP | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YQ | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YS | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YT | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YU | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YV | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YW | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YX | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YY | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2YZ | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2ZA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXF |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZB | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2ZC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZD | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZE | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2ZF | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2ZG | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZH | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4 |
|------------+--------------------+--------------------------|
| 12.2ZJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZL | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.2ZP | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.2ZU | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.2SXH |
|------------+--------------------+--------------------------|
| 12.2ZX | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZY | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.2ZYA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 12.3-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 12.3 based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release for |
| 12.4-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 12.4 | Not vulnerable | 12.4(25f) |
|------------+--------------------+--------------------------|
| 12.4GC | 12.4(24)GC4 | 12.4(24)GC4 |
|------------+--------------------+--------------------------|
| 12.4JA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JAX | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JDA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JDC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JHA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JHB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JHC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JL | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JMA | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4JMB | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; migrate to |
| | | any release in 12.4JA |
| 12.4JX | Not vulnerable | |
| | | Releases up to and |
| | | including 12.4(21a)JX |
| | | are not vulnerable. |
|------------+--------------------+--------------------------|
| 12.4JY | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4MD | Not vulnerable | 12.4(24)MD6 on |
| | | 28-Oct-2011 |
|------------+--------------------+--------------------------|
| 12.4MDA | Not vulnerable | 12.4(24)MDA7 |
|------------+--------------------+--------------------------|
| 12.4MDB | Not vulnerable | 12.4(24)MDB3 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4MR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4MRA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.4MRB | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4SW | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | Only 12.4(24)T | |
| | through 12.4(24)T4 | 12.4(24)T6 |
| 12.4T | are affected; | |
| | first fixed in | 12.4(15)T16 |
| | 12.4(24)T3c and | |
| | 12.4(24)T5 | |
|------------+--------------------+--------------------------|
| 12.4XA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XB | Not vulnerable | 12.4(2)XB12 |
|------------+--------------------+--------------------------|
| 12.4XC | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XD | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XF | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XG | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XJ | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XK | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4XL | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.4XM | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4XN | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4XP | Not vulnerable | the instructions in |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 12.4XQ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XR | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XT | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XV | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| 12.4XW | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XY | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4XZ | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| 12.4YA | Not vulnerable | Vulnerable; First fixed |
| | | in Release 12.4T |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4YB | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4YD | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; fixed in |
| | | 12.4(22)YE6 on |
| 12.4YE | Not vulnerable | 30-Sept-2011; 12.4(24) |
| | | YE7 available on |
| | | 17-Oct-2011 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 12.4YG | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 15.0-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| 15.0M | 15.0(1)M5 | 15.0(1)M7 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.0MR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.0MRA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | Not vulnerable | 15.0(1)S4 |
| | | |
| 15.0S | Cisco IOS XE | Cisco IOS XE devices: |
| | devices: see Cisco | see Cisco IOS-XE |
| | IOS-XE Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.0SA | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 15.0SE | Not vulnerable | Not vulnerable |
|------------+--------------------+--------------------------|
| | Cisco IOS XE | Cisco IOS XE devices: |
| 15.0SG | devices: see Cisco | see Cisco IOS-XE |
| | IOS-XE Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| | Vulnerable; First | Vulnerable; First fixed |
| 15.0XA | fixed in Release | in Release 15.1T |
| | 15.1T | |
|------------+--------------------+--------------------------|
| | Cisco IOS XE | |
| | devices: Please | Cisco IOS XE devices: |
| 15.0XO | see Cisco IOS-XE | Please see Cisco IOS-XE |
| | Software | Software Availability |
| | Availability | |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 15.1-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.1EY | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| 15.1GC | Not vulnerable | Vulnerable; First fixed |
| | | in Release 15.1T |
|------------+--------------------+--------------------------|
| 15.1M | Not vulnerable | 15.1(4)M2; Available on |
| | | 30-SEP-11 |
|------------+--------------------+--------------------------|
| | | Vulnerable; contact your |
| | | support organization per |
| 15.1MR | Not vulnerable | the instructions in the |
| | | Obtaining Fixed Software |
| | | section of this |
| | | advisory. |
|------------+--------------------+--------------------------|
| | Not vulnerable | 15.1(2)S2 |
| | | |
| | Cisco IOS XE | 15.1(3)S |
| 15.1S | devices: See Cisco | |
| | IOS-XE Software | Cisco IOS XE devices: |
| | Availability | See Cisco IOS-XE |
| | | Software Availability |
|------------+--------------------+--------------------------|
| | 15.1(1)T3 | |
| | | 15.1(2)T4 15.1(1)T4 on |
| 15.1T | 15.1(2)T3 | 8-Dec-2011 |
| | | |
| | 15.1(3)T1 | |
|------------+--------------------+--------------------------|
| | Vulnerable; First | Vulnerable; First fixed |
| 15.1XB | fixed in Release | in Release 15.1T |
| | 15.1T | |
|------------+--------------------+--------------------------|
| Affected | | First Fixed Release for |
| 15.2-Based | First Fixed | All Advisories in the |
| Releases | Release | September 2011 Bundled |
| | | Publication |
|------------------------------------------------------------|
| There are no affected 15.2 based releases |
+------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
+------------------------------------------------------------+
| Cisco | First | First Fixed Release for All |
| IOS XE | Fixed | Advisories in the September 2011 |
| Release | Release | Bundled Publication |
|----------+------------+------------------------------------|
| 2.1.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.2.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.3.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.4.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.5.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 2.6.x | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.1.xS | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.1.xSG | Not | Vulnerable; migrate to 3.2.0SG or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.2.xS | Not | Vulnerable; migrate to 3.3.2S or |
| | vulnerable | later |
|----------+------------+------------------------------------|
| 3.2.xSG | Not | Not vulnerable |
| | vulnerable | |
|----------+------------+------------------------------------|
| 3.3.xS | Not | 3.3.2S |
| | vulnerable | |
|----------+------------+------------------------------------|
| 3.4.xS | Not | Not vulnerable |
| | vulnerable | |
+------------------------------------------------------------+
For mapping of Cisco IOS XE to Cisco IOS releases, please refer to
the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and
Cisco IOS XE 3SG Release Notes.
Cisco IOS XR Software
+--------------------
Cisco IOS XR Software is not affected by any of the vulnerabilities
in the September 2011 bundled publication.
Workarounds
===========
There are no workarounds for this vulnerability if IPv6 configuration
is required.
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature
sets they have purchased. By installing, downloading, accessing
or otherwise using such software upgrades, customers agree to be
bound by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability that is described in this advisory.
This vulnerability was discovered by Cisco during internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2011-September-28 | Initial public release. |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities
in Cisco products, obtaining assistance with security
incidents, and registering to receive security information
from Cisco, is available on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding
Cisco security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk6Cp2UACgkQQXnnBKKRMNDOnwD/dwZvi6wHRpTsYyfLbLrCfyOs
8+WevPYlJBddySoqwHYA/14o6NuZ2rculYMYCusovUgM/SZf3N+euXWs897W6V5M
=uQiZ
-----END PGP SIGNATURE-----
| VAR-201110-0261 | CVE-2011-3274 |
Cisco IOS and IOS XE Service disruption in ( Device crash ) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201109-0355 |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919. The problem is Bug ID CSCto07919 It is a problem.Skillfully crafted by a third party IPv6 Service disruption via packets ( Device crash ) There is a possibility of being put into a state. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities.
An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users.
These issues are being tracked by Cisco Bug IDs:
CSCto07919
CSCtj30155. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Cisco IOS MPLS IPv6 and ICMPv6 Packet Processing Two Denial of
Service Vulnerabilities
SECUNIA ADVISORY ID:
SA46145
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46145/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46145
RELEASE DATE:
2011-10-31
DISCUSS ADVISORY:
http://secunia.com/advisories/46145/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46145/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46145
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Please see the vendor's advisory for a list of affected versions.
SOLUTION:
Update to a fixed version (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6mpls.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
For more information:
SA46145
The vulnerabilities are reported in versions 2.1.x through 2.6.x and
3.2.xS. These
vulnerabilities are:
* Crafted IPv6 Packet May Cause MPLS-Configured Device to Reload
* ICMPv6 Packet May Cause MPLS-Configured Device to Reload
Cisco has released free software updates that address these
vulnerabilities.
Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6mpls.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Security Advisory Bundled Publication" at the
following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
Affected Products
=================
Vulnerable Products
+------------------
Cisco IOS Software or Cisco IOS XE Software devices (hereafter both
referenced as Cisco IOS Software in this document) that are running
vulnerable versions of Cisco IOS Software and configured for MPLS are
affected by two vulnerabilities related to IPv6 traffic that
traverses an MPLS domain. The two vulnerabilities are independent of
each other.
Note: IPv6 does not need to be configured on the affected devices
themselves. The vulnerabilities do require the MPLS label switched
packets to have specific IPv6 payloads to be exploited.
To determine whether a device is configured for MPLS, log in to the
device and issue the command-line interface (CLI) command "show mpls
interface". If the IP state is "Yes", the device is vulnerable. The
following example shows a device that has MPLS configured on
interface Ethernet0/0:
Router#show mpls interface
Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Router#
The following two examples show responses from a device with MPLS
forwarding disabled. The first example shows a return of no
interfaces:
router#show mpls interface
Interface IP Tunnel BGP Static Operational
routers#
In the second example, the device provides a message indicating that
MPLS forwarding is not configured:
router#show mpls interface
no MPLS apps enabled or MPLS not enabled on any interfaces
router#
To determine the Cisco IOS Software release that is running on a Cisco
product, administrators can log in to the device and issue the "show
version" command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or "Cisco
IOS Software." The image name displays in parentheses, followed by
"Version" and the Cisco IOS Software release name. Other Cisco devices
do not have the "show version" command or may provide different output.
The following example identifies a Cisco product that is running
Cisco IOS Software Release 15.0(1)M1 with an installed image name of
C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software
release naming conventions is available in the white
paper Cisco IOS and NX-OS Software Reference Guide at
http://www.cisco.com/web/about/security/intelligence/ios-ref.html.
Products Confirmed Not Vulnerable
+--------------------------------
Devices that are not configured for MPLS are not vulnerable.
Details
=======
The packet handling nodes in an MPLS network are called provider
routers (P routers) and provider edge routers (PE routers) and are
configured with MPLS. Both P and PE routers are vulnerable to both
the vulnerabilities disclosed in this advisory.
In networks that have MPLS enabled and could carry MPLS label
switched packets with IPv6 payloads, the device may crash when
processing MPLS label switched packets with specific IPv6 payloads.
Typical deployment scenarios that would be affected by either
vulnerability would be Cisco IPv6 Provider Edge Router (6PE) or IPv6
VPN Provider Edge Router (6VPE).
The crafted packet used to exploit this vulnerability would be
silently discarded in Cisco IOS Software if received on an interface
where the packet did not have an MPLS label.
This vulnerability is documented in Cisco bug ID CSCto07919 and has been
assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3274.
The packet used to exploit this vulnerability would not affect Cisco
IOS Software if received on an interface where the packet did not
have an MPLS label.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCto07919 ("Crafted IPv6 packet may cause MPLS configured device to
reload")
CVSS Base Score - 6.1
Access Vector - Adjacent Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 5.0
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtj30155 ("ICMPv6 packet may cause MPLS configured device to
reload")
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of these vulnerabilities may cause the device
to reload. Repeated exploitation could result in a sustained denial
of service condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Additionally, the Cisco IOS Software Checker is available on
the Cisco Security Intelligence Operations (SIO) portal at
http://tools.cisco.com/security/center/selectIOSVersion.x. It provides
several features for checking which Security Advisories affect specified
versions of Cisco IOS Software.
Cisco IOS Software
+-----------------
Each row of the following Cisco IOS Software table corresponds to a
Cisco IOS Software train. If a particular train is vulnerable, the
earliest releases that contain the fix are listed in the First Fixed
Release For This Advisory column. The First Fixed Release for All
Advisories in the September 2011 Bundled Publication column lists the
earliest possible releases that correct all the published
vulnerabilities in the Cisco IOS Software Security Advisory bundled
publication. Cisco recommends upgrading to the latest available
release, where possible.
+------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+-----------------------------------------------|
| Affected | | First Fixed Release |
| 12.0-Based | First Fixed Release | for All Advisories in |
| Releases | For This Advisory | the September 2011 |
| | | Bundled Publication |
|------------------------------------------------------------|
| There are no affected 12.0-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release |
| 12.1-Based | First Fixed Release | for All Advisories in |
| Releases | For This Advisory | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| 12.1E | Not vulnerable | 12.2(18)SXF17b |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 12.2-Based | First Fixed Release | for All Advisories in |
| Releases | For This Advisory | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| 12.2 | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2B | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2BC | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2BW | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2BX | Not vulnerable | fixed in Release |
| | | 12.2SB |
|------------+-----------------------+-----------------------|
| 12.2BY | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2BZ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2CX | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2CY | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2CZ | Not vulnerable | fixed in Release |
| | | 12.2SB |
|------------+-----------------------+-----------------------|
| 12.2DA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2DD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2DX | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2EU | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Releases up to and |
| 12.2EW | Not vulnerable | including 12.2(20)EW4 |
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2EWA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2EX | Not vulnerable | 12.2(55)EX3 |
|------------+-----------------------+-----------------------|
| 12.2EY | Not vulnerable | 12.2(58)EY |
|------------+-----------------------+-----------------------|
| | | Vulnerable; migrate |
| 12.2EZ | Not vulnerable | to any release in |
| | | 15.0SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2FX | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2FY | Not vulnerable | fixed in Release |
| | | 12.2EX |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2FZ | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; migrate |
| 12.2IRA | Not vulnerable | to any release in |
| | | 12.2IRG |
|------------+-----------------------+-----------------------|
| | | Vulnerable; migrate |
| 12.2IRB | Not vulnerable | to any release in |
| | | 12.2IRG |
|------------+-----------------------+-----------------------|
| | | Vulnerable; migrate |
| 12.2IRC | Not vulnerable | to any release in |
| | | 12.2IRG |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IRD | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IRE | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; migrate |
| 12.2IRF | Not vulnerable | to any release in |
| | | 12.2IRG |
|------------+-----------------------+-----------------------|
| 12.2IRG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IXA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IXB | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IXC | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IXD | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IXE | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IXF | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IXG | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2IXH | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2JA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2JK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2MB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2MC | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2MRA | Not vulnerable | fixed in Release |
| | | 12.2SRD |
|------------+-----------------------+-----------------------|
| 12.2MRB | Not vulnerable | 12.2(33)MRB5 |
|------------+-----------------------+-----------------------|
| | | Releases prior to |
| | | 12.2(30)S are |
| | | vulnerable; Releases |
| 12.2S | Not vulnerable | 12.2(30)S and later |
| | | are not vulnerable. |
| | | First fixed in |
| | | Release 12.2SB |
|------------+-----------------------+-----------------------|
| | | 12.2(31)SB20 |
| 12.2SB | Not vulnerable | |
| | | 12.2(33)SB10 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SBC | Not vulnerable | fixed in Release |
| | | 12.2SB |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SCA | Not vulnerable | fixed in Release |
| | | 12.2SCC |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SCB | Not vulnerable | fixed in Release |
| | | 12.2SCC |
|------------+-----------------------+-----------------------|
| 12.2SCC | Not vulnerable | 12.2(33)SCC7 |
|------------+-----------------------+-----------------------|
| 12.2SCD | Not vulnerable | 12.2(33)SCD6 |
|------------+-----------------------+-----------------------|
| | | 12.2(33)SCE1 |
| 12.2SCE | Not vulnerable | |
| | | 12.2(33)SCE2 |
|------------+-----------------------+-----------------------|
| 12.2SCF | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | 12.2(55)SE3 |
| 12.2SE | Not vulnerable | |
| | | 12.2(58)SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEA | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEB | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEC | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SED | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEE | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SEF | Not vulnerable | fixed in Release |
| | | 12.2SE |
|------------+-----------------------+-----------------------|
| | | Releases prior to |
| | | 12.2(25)SEG4 are |
| | | vulnerable; Releases |
| 12.2SEG | Not vulnerable | 12.2(25)SEG4 and |
| | | later are not |
| | | vulnerable. First |
| | | fixed in Release |
| | | 12.2EX |
|------------+-----------------------+-----------------------|
| | | Releases prior to |
| | | 12.2(53)SG4 are |
| 12.2SG | Not vulnerable | vulnerable; Releases |
| | | 12.2(53)SG4 and later |
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2SGA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2SL | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2SM | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2SO | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SQ | Not vulnerable | 12.2(50)SQ3 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SRA | Not vulnerable | fixed in Release |
| | | 12.2SRD |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SRB | Not vulnerable | fixed in Release |
| | | 12.2SRD |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SRC | Not vulnerable | fixed in Release |
| | | 12.2SRD |
|------------+-----------------------+-----------------------|
| 12.2SRD | Not vulnerable | 12.2(33)SRD6 |
|------------+-----------------------+-----------------------|
| 12.2SRE | 12.2(33)SRE4 | 12.2(33)SRE4 |
|------------+-----------------------+-----------------------|
| 12.2STE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SU | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | | Releases prior to |
| | | 12.2(29a)SV are |
| | | vulnerable; Releases |
| 12.2SV | Not vulnerable | 12.2(29a)SV and later |
| | | are not vulnerable. |
| | | Migrate to any |
| | | release in 12.2SVD |
|------------+-----------------------+-----------------------|
| 12.2SVA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SVC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SVD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SVE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2SW | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SX | Not vulnerable | fixed in Release |
| | | 12.2SXF |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SXA | Not vulnerable | fixed in Release |
| | | 12.2SXF |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SXB | Not vulnerable | fixed in Release |
| | | 12.2SXF |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SXD | Not vulnerable | fixed in Release |
| | | 12.2SXF |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SXE | Not vulnerable | fixed in Release |
| | | 12.2SXF |
|------------+-----------------------+-----------------------|
| 12.2SXF | Not vulnerable | 12.2(18)SXF17b |
|------------+-----------------------+-----------------------|
| 12.2SXH | Not vulnerable | 12.2(33)SXH8a |
|------------+-----------------------+-----------------------|
| 12.2SXI | Not vulnerable | 12.2(33)SXI6 |
|------------+-----------------------+-----------------------|
| 12.2SXJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2SY | Not vulnerable | 12.2(50)SY |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2SZ | Not vulnerable | fixed in Release |
| | | 12.2SB |
|------------+-----------------------+-----------------------|
| 12.2T | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2TPC | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2XA | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XB | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2XC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XF | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XH | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XI | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XL | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XM | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XN | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XNA | See Cisco IOS-XE | See Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+-----------------------+-----------------------|
| 12.2XNB | See Cisco IOS-XE | See Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+-----------------------+-----------------------|
| 12.2XNC | See Cisco IOS-XE | See Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+-----------------------+-----------------------|
| 12.2XND | See Cisco IOS-XE | See Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+-----------------------+-----------------------|
| 12.2XNE | See Cisco IOS-XE | See Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+-----------------------+-----------------------|
| 12.2XNF | See Cisco IOS-XE | See Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+-----------------------+-----------------------|
| | | Releases prior to |
| | | 12.2(54)XO are |
| 12.2XO | Not vulnerable | vulnerable; Releases |
| | | 12.2(54)XO and later |
| | | are not vulnerable. |
|------------+-----------------------+-----------------------|
| 12.2XQ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XR | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XS | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XT | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XU | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XV | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2XW | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YA | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2YB | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YF | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YG | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YH | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YJ | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2YK | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YL | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2YM | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YN | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2YO | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2YP | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YQ | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YR | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YS | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YT | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YU | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YV | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YW | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YX | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YY | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2YZ | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2ZA | Not vulnerable | fixed in Release |
| | | 12.2SXF |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2ZB | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2ZC | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2ZD | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2ZE | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2ZF | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2ZG | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 12.2ZH | Not vulnerable | Vulnerable; first |
| | | fixed in Release 12.4 |
|------------+-----------------------+-----------------------|
| 12.2ZJ | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2ZL | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 12.2ZP | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; first |
| 12.2ZU | Not vulnerable | fixed in Release |
| | | 12.2SXH |
|------------+-----------------------+-----------------------|
| 12.2ZX | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2ZY | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 12.2ZYA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 12.3-Based | First Fixed Release | for All Advisories in |
| Releases | For This Advisory | the September 2011 |
| | | Bundled Publication |
|------------------------------------------------------------|
| There are no affected 12.3-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release |
| 12.4-Based | First Fixed Release | for All Advisories in |
| Releases | For This Advisory | the September 2011 |
| | | Bundled Publication |
|------------------------------------------------------------|
| There are no affected 12.4-based releases |
|------------------------------------------------------------|
| Affected | | First Fixed Release |
| 15.0-Based | First Fixed Release | for All Advisories in |
| Releases | For This Advisory | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| 15.0M | 15.0(1)M7 | 15.0(1)M7 |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 15.0MR | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; contact | Vulnerable; contact |
| | your support | your support |
| | organization per the | organization per the |
| 15.0MRA | instructions in the | instructions in the |
| | Obtaining Fixed | Obtaining Fixed |
| | Software section of | Software section of |
| | this advisory. | this advisory. |
|------------+-----------------------+-----------------------|
| 15.0S | See Cisco IOS-XE | See Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.0SA | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 15.0SE | Not vulnerable | Not vulnerable |
|------------+-----------------------+-----------------------|
| 15.0SG | See Cisco IOS-XE | See Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 15.0XA | fixed in Release | fixed in Release |
| | 15.1T | 15.1T |
|------------+-----------------------+-----------------------|
| 15.0XO | See Cisco IOS-XE | See Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 15.1-Based | First Fixed Release | for All Advisories in |
| Releases | For This Advisory | the September 2011 |
| | | Bundled Publication |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.1EY | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 15.1GC | fixed in Release | fixed in Release |
| | 15.1T | 15.1T |
|------------+-----------------------+-----------------------|
| 15.1M | 15.1(4)M1 | 15.1(4)M2; Available |
| | | on 30-SEP-11 |
|------------+-----------------------+-----------------------|
| | | Vulnerable; contact |
| | | your support |
| | | organization per the |
| 15.1MR | Not vulnerable | instructions in the |
| | | Obtaining Fixed |
| | | Software section of |
| | | this advisory. |
|------------+-----------------------+-----------------------|
| 15.1S | See Cisco IOS-XE | See Cisco IOS-XE |
| | Software Availability | Software Availability |
|------------+-----------------------+-----------------------|
| | 15.1(1)T4; Available | |
| | on 09-DEC-11 | 15.1(2)T4 |
| 15.1T | | |
| | 15.1(2)T4 | 15.1(1)T4 on |
| | | 8-Dec-2011 |
| | 15.1(3)T2 | |
|------------+-----------------------+-----------------------|
| | Vulnerable; first | Vulnerable; first |
| 15.1XB | fixed in Release | fixed in Release |
| | 15.1T | 15.1T |
|------------+-----------------------+-----------------------|
| Affected | | First Fixed Release |
| 15.2-Based | First Fixed Release | for All Advisories in |
| Releases | For This Advisory | the September 2011 |
| | | Bundled Publication |
|------------------------------------------------------------|
| There are no affected 15.2-based releases |
+------------------------------------------------------------+
Cisco IOS XE Software
+--------------------
Cisco IOS XE Software is affected by the vulnerability disclosed in
this document.
+------------------------------------------------------------+
| Cisco | First Fixed | First Fixed Release for All |
| IOS XE | Release For | Advisories in the September |
| Release | This Advisory | 2011 Bundled Publication |
|----------+----------------+--------------------------------|
| | Vulnerable; | |
| 2.1.x | migrate to | Vulnerable; migrate to 3.3.2S |
| | 3.3.2S or | or later |
| | later | |
|----------+----------------+--------------------------------|
| | Vulnerable; | |
| 2.2.x | migrate to | Vulnerable; migrate to 3.3.2S |
| | 3.3.2S or | or later |
| | later | |
|----------+----------------+--------------------------------|
| | Vulnerable; | |
| 2.3.x | migrate to | Vulnerable; migrate to 3.3.2S |
| | 3.3.2S or | or later |
| | later | |
|----------+----------------+--------------------------------|
| | Vulnerable; | |
| 2.4.x | migrate to | Vulnerable; migrate to 3.3.2S |
| | 3.3.2S or | or later |
| | later | |
|----------+----------------+--------------------------------|
| | Vulnerable; | |
| 2.5.x | migrate to | Vulnerable; migrate to 3.3.2S |
| | 3.3.2S or | or later |
| | later | |
|----------+----------------+--------------------------------|
| | Vulnerable; | |
| 2.6.x | migrate to | Vulnerable; migrate to 3.3.2S |
| | 3.3.2S or | or later |
| | later | |
|----------+----------------+--------------------------------|
| 3.1.xS | 3.1.4S | Vulnerable; migrate to 3.3.2S |
| | | or later |
|----------+----------------+--------------------------------|
| 3.1.xSG | Not vulnerable | Vulnerable; migrate to 3.2.0SG |
| | | or later |
|----------+----------------+--------------------------------|
| | Vulnerable; | |
| 3.2.xS | migrate to | Vulnerable; migrate to 3.3.2S |
| | 3.3.2S or | or later |
| | later | |
|----------+----------------+--------------------------------|
| 3.2.xSG | Not vulnerable | Not vulnerable |
|----------+----------------+--------------------------------|
| 3.3.xS | 3.3.2S | 3.3.2S |
|----------+----------------+--------------------------------|
| 3.4.xS | Not vulnerable | Not vulnerable |
+------------------------------------------------------------+
For mapping of Cisco IOS XE to Cisco IOS releases, please refer to
the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, and
Cisco IOS XE 3SG Release Notes.
Cisco IOS XR Software
+--------------------
Cisco IOS XR Software is not affected by the vulnerability disclosed
in this document.
Cisco IOS XR Software is not affected by any of the vulnerabilities
in the September 2011 bundled publication.
Workarounds
===========
For both vulnerabilities the following workaround applies:
Disabling MPLS TTL Propagation
+-----------------------------
Disabling MPLS TTL propagation will prevent exploitation of these
vulnerabilities. MPLS TTL propagation will have to be disabled on all
PE routers in the MPLS domain. To disable MPLS TTL propagation, enter
the global configuration command "no mpls ip propagate-ttl". If only "no
mpls ip propagate-ttl forward" is configured, the vulnerabilities could
still be exploited from within the MPLS domain.
For more information about the MPLS TTL propagation command, refer to
the configuration guide at:
http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_m1.html#wp1013846
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature
sets they have purchased. By installing, downloading, accessing
or otherwise using such software upgrades, customers agree to be
bound by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/en/US/support/
tsd_cisco_worldwide_contacts.html for additional TAC contact
information, including localized telephone numbers, and instructions
and e-mail addresses for use in various languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were discovered when handling customer support
calls.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipv6mpls.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2011-September-28 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities
in Cisco products, obtaining assistance with security
incidents, and registering to receive security information
from Cisco, is available on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding
Cisco security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAk6Cp2QACgkQQXnnBKKRMNBQSAD9F2jD01t7WK98WW1TcHuB0ORh
ttZaRD2ayENEbxklbQgA/j6rRzsG/jk1QW1pJjZme3WKwdvNLy9BzRPTsONBz5Cv
=kk0N
-----END PGP SIGNATURE-----
| VAR-201107-0140 | CVE-2011-2547 | Cisco SA 500 series security appliances Vulnerable to arbitrary command execution |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. The attacker can obtain root privileges.
An authenticated attacker can exploit this issue to execute arbitrary commands with root-level privileges on the underlying operating system.
This issue is being tracked by Cisco bug ID CSCtq65681.
The following devices are affected:
Cisco SA520
Cisco SA520W
Cisco SA540. An attacker
must have valid credentials for an affected device to exploit one
vulnerability; exploitation of the other does not require
authentication. Both vulnerabilities can be exploited over the
network.
Cisco has released free software updates that address these
vulnerabilities.
Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110720-sa500.shtml
Affected Products
=================
Vulnerable Products
+------------------
These vulnerabilities affect the following devices running a software
version prior to the first fixed release documented in the Software
Versions and Fixes section of this advisory:
* Cisco SA520
* Cisco SA520W
* Cisco SA540
There are multiple methods to determine the version of system
software that is running on a device. At the device web login screen,
the system software version is displayed under the "Security
Appliance Configuration Utility" heading. Administrators can also log
in to a device through the web management interface and navigate to
Administration > Firmware & Configuration > Network. The Primary
Firmware field appears below Status Information. The number directly
beside the Primary Firmware field is the system software version.
Alternately, after logging in to the device, administrators can click
on the About link on top right side of the screen. The system
software version will be displayed below the "Security Appliance
Configuration Utility" heading. An example of the system firmware
version is 2.1.18.
Products Confirmed Not Vulnerable
+---------------------------------
No other Cisco products are currently known to be affected by these
vulnerabilities.
This vulnerability is documented in Cisco bug ID CSCtq65681 and
has been assigned Common Vulnerabilities and Exposures (CVE)
ID CVE-2011-2547
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtq65669 - SQL injection vulnerability
CVSS Base Score - 5.0
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 4.1
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtq65681 - Privilege escalation vulnerability
CVSS Base Score - 9.0
Access Vector - Network
Access Complexity - Low
Authentication - Single
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 7.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the SQL injection vulnerability could
allow the retrieval of usernames and passwords.
Software Versions and Fixes
===========================
When considering software upgrades, also consult:
http://www.cisco.com/go/psirt
And any subsequent advisories to determine exposure and a
complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Small Business Support Center or your contracted
maintenance provider for assistance.
These vulnerabilities have been corrected in software versions 2.1.19
and later.
If administrators of SA 500 Series Security Appliances have
configured the Check for New Firmware notification under
Administration > Firmware & Configuration > Network, a message
regarding new firmware that is available on Cisco.com will be
displayed at the next log in to the appliance.
Note: the SA 500 will not perform an automatic upgrade to
version 2.1.19. The upgrade must be performed by an administrator.
The latest software for SA 500 Series Security Appliances can be
downloaded at:
http://www.cisco.com/cisco/software/navigator.html?mdfid=282414017
Workarounds
===========
The following mitigations help limit the exposure to these
vulnerabilities.
* Disable Remote Management
Caution: Do not disable remote management if administrators
manage devices via the WAN connection. This action will result in
a loss of management connectivity to the device. Several features
also require remote management to be enabled, including SSL VPN
access and the Cisco Quick Virtual Private Network (QVPN)
Utility.
Remote Management is disabled by default. Administrators can
disable this feature by choosing Network Management > Remote
Management. Change the setting for this field to Disabled.
Disabling remote management limits exposure because the
vulnerabilities can then be exploited from the inter-LAN network
only.
Disabling remote management limits the exposure as the
vulnerabilities can then only be exploited from the inter LAN
network.
* Limit Remote Management Access to Specific IP Addresses
If remote management is required, secure the device so that it
can be accessed by certain IP addresses only, rather than the
default setting of All IP Addresses. After choosing Network
Management > Remote Management, an administrator can change the
Remote IP Address field to ensure that only devices with
specified IP addresses can access the device.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
Or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers should obtain upgraded software through their regular
update channels. For most customers, this means that upgrades should
be obtained through the Software Center on Cisco's worldwide website
at http://www.cisco.com
If the information is not clear, please contact the Cisco Small
Business Support Center or your contracted maintenance provider for
assistance. Small Business Support Center contacts are as follows.
+1 866 606 1866 (toll free from within North America)
+1 408 418 1866 (toll call from anywhere in the world)
Customers should have their product serial number available.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
for additional support contact information, including localized
telephone numbers, and instructions and e-mail addresses for use in
various languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities that are described in this advisory.
These vulnerabilities were reported to Cisco by Michal Sajdak of
Securitum, Poland.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20110720-sa500.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+-------------------------------------------------------------------+
| Revision 1.0 | 2011-July-20 | Initial public release. |
+-------------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iF4EAREIAAYFAk4m4k8ACgkQQXnnBKKRMNDzJgD+MwAQlnCeOSxzAq20X7iFbKvP
tRwD9b1YmA4CFNcFLJkA/i25Tf/onaCHv4x79F0XDt2ZaCSpdEIp17oYfzFajYXl
=aaaj
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco SA 500 Series Web Management Interface Two Vulnerabilities
SECUNIA ADVISORY ID:
SA45355
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45355/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45355
RELEASE DATE:
2011-07-22
DISCUSS ADVISORY:
http://secunia.com/advisories/45355/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45355/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45355
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in Cisco SA 500 Series
Security Appliances, which can be exploited by malicious users to
compromise a vulnerable system and by malicious people to conduct SQL
injection attacks.
1) Certain input passed to the login form is not properly sanitised
before being used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
2) Certain unspecified input passed to the web management interface
is not properly sanitised before being used. This can be exploited to
inject and execute arbitrary shell commands.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Michal Sajdak, Securitum.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110720-sa500.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201107-0298 | CVE-2011-2883 | Citrix Access Gateway Enterprise of nsepa.ocx of NSEPA.NsepaCtrl.1 ActiveX Vulnerability in arbitrary code execution in control |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate. Citrix Access Gateway is a universal SSL VPN device.
Attackers may exploit these issues by enticing an unsuspecting victim to view a malicious webpage.
Citrix Access Gateway Plug-in versions prior to 8.1-67.7, 9.0-70.5, and 9.1-96.4 are vulnerable; other versions may also be affected
| VAR-201107-0297 | CVE-2011-2882 | Citrix Access Gateway Enterprise of nsepa.ocx of NSEPA.NsepaCtrl.1 ActiveX Control Vulnerable to stack-based buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data. Citrix Access Gateway is a universal SSL VPN device.
Attackers may exploit these issues by enticing an unsuspecting victim to view a malicious webpage.
Citrix Access Gateway Plug-in versions prior to 8.1-67.7, 9.0-70.5, and 9.1-96.4 are vulnerable; other versions may also be affected
| VAR-201112-0121 | CVE-2011-5033 | ConfigServer Firewall Buffer Overflow Vulnerability |
CVSS V2: 4.4 CVSS V3: - Severity: MEDIUM |
Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file. ConfigServer Firewall is prone to a buffer-overflow vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the application using the vulnerable control. Failed exploit attempts will result in a denial-of-service condition
| VAR-201605-0004 | CVE-2010-5326 |
SAP Netweaver Invoker Servlet Remote code execution vulnerability
Related entries in the VARIoT exploits database: VAR-E-201605-0284 |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: CRITICAL |
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. Attacks on this vulnerability 2013 From 2016 Observed in year. This vulnerability "Detour" It is called an attack. Vendors have confirmed this vulnerability SAP Security Note 1445998 It is released as.By a third party HTTP Or HTTPS Arbitrary code may be executed via a request. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP Netweaver Invoker Servlet has a security vulnerability that allows an attacker to call any servlet even if it is declared in a web.xml file. This includes any servlet classes available in the application classloader, such as those in the WEB-INF\\classes, WEB-INF\\lib, and WEB-INF\\additinal-lib application directories. Multiple servlets included with Java applications are not designed for direct client access, but instead interact inside the application, thus causing arbitrary calls to be performed and invisible operations on the SAP server.
An attacker may leverage this issue to execute arbitrary script code within the context of the affected application
| VAR-201111-0268 | CVE-2011-4273 | GoAhead Webserver multiple stored XSS vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp. GoAhead Webserver contains multiple cross-site scripting vulnerabilities. GoAhead Webserver for, POST There is a problem with request processing and multiple cross-site scripting vulnerabilities exist.Arbitrary scripts may be executed on the user's web browser.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
GoAhead WebServer 2.18 is vulnerable; other versions may also be affected. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
GoAhead WebServer Multiple Script Insertion Vulnerabilities
SECUNIA ADVISORY ID:
SA46894
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46894/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46894
RELEASE DATE:
2011-11-18
DISCUSS ADVISORY:
http://secunia.com/advisories/46894/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46894/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46894
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been discovered in GoAhead WebServer,
which can be exploited by malicious people to conduct script
insertion attacks.
1) Input passed via the "group" POST parameter to goform/AddGroup
(when "ok" is set to "OK") when adding a group is not properly
sanitised before being used.
2) Input passed via the "url" POST parameter to goform/AddAccessLimit
(when "ok" is set to "OK") when adding an access limit is not properly
sanitised before being used.
3) Input passed via the "user" POST parameter to goform/AddUser (when
"ok" is set to "OK") when adding a user is not properly sanitised
before being used.
The vulnerabilities are confirmed in version 2.1.8.
SOLUTION:
Update to version 2.5.
PROVIDED AND/OR DISCOVERED BY:
US-CERT credits Silent Dream
ORIGINAL ADVISORY:
http://www.kb.cert.org/vuls/id/384427
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201112-0252 | CVE-2011-4859 | Schneider Electric Quantum Ethernet Module Security Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port. Schneider Electric Modicon Quantum is an automated control platform with a full range of complete processors for complex process control and infrastructure. Schneider Electric Modicon Quantum has several security vulnerabilities, including: (1) Communication between Unity software and PLC without authentication, allowing attackers to perform denial of service and remote code execution attacks. (2) There is a backdoor account that allows access to the system with user or administrator privileges. (3) The HTTP server has a buffer overflow, and the remote attacker can exploit the vulnerability for the denial of service attack. (4) There is a buffer overflow in the FTP server, and a remote attacker can exploit the vulnerability for a denial of service attack. (5) There is also a cross-site scripting attack. The firmware provided by Schneider Schneider Electric Quantum Ethernet Module has a hard-coded problem.
Attackers can exploit this issue to gain access to the Telnet port service, Windriver Debug port service, and FTP service. Attackers can exploit this vulnerability to execute arbitrary code within the context of the vulnerable device.
1) Certain unspecified input is not properly sanitised before being
returned to the user.
SOLUTION:
Filter malicious characters and character sequences in a proxy.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Ruben Santamarta via Digital Bond\x92s SCADA Security
Scientific Symposium (S4). ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Schneider Electric Ethernet Modules Undocumented Account Security
Issues
SECUNIA ADVISORY ID:
SA47019
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47019/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47019
RELEASE DATE:
2011-12-14
DISCUSS ADVISORY:
http://secunia.com/advisories/47019/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47019/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47019
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Ruben Santamarta has reported some security issues in multiple
Schneider Electric modules, which can be exploited by malicious
people to bypass certain security restrictions. modify HTTP
passwords and upload malicious firmware.
Please see the ICS-CERT's advisory for a list of affected products
and versions.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
Ruben Santamarta
ORIGINAL ADVISORY:
Ruben Santamarta:
http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201202-0161 | CVE-2011-4872 | Multiple HTC Devices 'Android.permission.ACCESS_WIFI_STATE' Information Disclosure Vulnerability |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class. A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android. HTC Made Android On the device, Wi-Fi There is a vulnerability in which authentication information is leaked. HTC Made Android The device has a problem managing authentication information, Wi-Fi There is a vulnerability in which authentication information is leaked.Configured for the product by a remote third party Wi-Fi Authentication information may be obtained. If the same application also has android.permission.INTERNET permission, the application can collect this information and send it to the server on the remote Internet. Multiple HTC devices are prone to an information-disclosure vulnerability.
An attacker can exploit this issue by enticing an unsuspecting victim to install a malicious application with 'android.permission.ACCESS_WIFI_STATE' and 'android.permission.INTERNET' permissions on the device running Android.
Remote attackers can exploit this issue to gain access to sensitive information. This may aid in further attacks. Â This exploit exposes
enterprise-privileged credentials in a manner that allows targeted
exploitation.
--------------------------------------------------------------------------------
Affected Vendors:
--------------------------------------------------------------------------------
HTC
--------------------------------------------------------------------------------
Affected Versions:
--------------------------------------------------------------------------------
We have verified the following devices as having this issue (there may
be others including some non-HTC phones):
Desire HDÂ (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
Glacier - Version FRG83
Droid Incredible - Version FRF91
Thunderbolt 4G - Version FRG83D
Sensation Z710e - Version GRI40
Sensation 4G - Version GRI40
Desire S - Version GRI40
EVO 3D - Version GRI40
EVO 4G - Version GRI40
--------------------------------------------------------------------------------
Non-Affected Versions:
--------------------------------------------------------------------------------
myTouch3g (Appears to run either unmodified, or only lightly modified
Android build)
Nexus One (Runs unmodified Android build)
--------------------------------------------------------------------------------
Severity
--------------------------------------------------------------------------------
Critical
--------------------------------------------------------------------------------
See also
--------------------------------------------------------------------------------
CVE ID: CVE-2011-4872
--------------------------------------------------------------------------------
Timeline:
--------------------------------------------------------------------------------
- 2012-02-01: Public disclosure
- 2012-01-31: Submit final public disclosure doc to HTC Global for feedback
- 2012-01-31: HTC publishes information via their web site
- 2012-01-20: Public disclosure ? postponed
- 2012-01-19: Discussion with HTC Global on their time schedule
- 2012-01-05: Conference call with HTC Global
- 2012-01-02: Public disclosure ? postponed
- 2011-12-05: Discussed public disclosure time frames with HTC and Google
- 2011-10-11: Updated all individuals and groups that are aware of the issue
- 2011-10-11: Follow-up conference call with HTC Global and Google
- 2011-09-19: Updated all individuals and groups that were aware of the issue
- 2011-09-19: Conference call with HTC Global and Google
- 2011-09-08: HTC and Google verified exploit
- 2011-09-07: Notified key government agencies and CERT under
non-public disclosure
- 2011-09-07: Initial email and phone call with HTC Global and Google
--------------------------------------------------------------------------------
Vulnerability Details:
--------------------------------------------------------------------------------
There is an issue in certain HTC builds of Android that can expose the
user's 802.1X password to any program with the
"android.permission.ACCESS_WIFI_STATE" permission. In
addition, if the SSID is an identifiable SSID ("Sample University" or
"Enterprise XYZ"), this issue exposes enterprise-privileged
credentials in a manner that allows targeted exploitation. The resulting output will look
something like this:
* ID: 2 SSID: "ct" BSSID: null PRIO: 16
KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN
AuthAlgorithms:
PairwiseCiphers: CCMP
GroupCiphers: WEP40 WEP104 TKIP CCMP
PSK:
eap: PEAP
phase2: auth=MSCHAPV2
identity: [Your User Name]
anonymous_identity:
password:
client_cert:
private_key:
ca_cert: keystore://CACERT_ct
On most Android devices, the password field is either left blank, or
simply populated with a "*" to indicate that a password is present.
However, on affected HTC devices, the password field contains the
actual user password in clear text.
This is sample output from a Sprint EVO running Android 2.3.3:
* ID: 0 SSID: "wpa2eap" BSSID: null PRIO: 21
KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN
AuthAlgorithms:
PairwiseCiphers: CCMP
GroupCiphers: WEP40 WEP104 TKIP CCMP
PSK:
eap: TTLS
phase2: auth=PAP
identity: test
anonymous_identity:
password: test
client_cert:
private_key:
ca_cert: keystore://CACERT_wpa2eap
--------------------------------------------------------------------------------
Vendor Response
--------------------------------------------------------------------------------
Google and HTC have been very responsive and good to work with on this
issue. Â Google has made changes to the Android code to help better
protect the credential store and HTC has released updates for all
currently supported phone and side-loads for all non-supported phone.
Customer with affected versions can find information from HTC about
updating their phone at: http://www.htc.com/www/help/
Google has also done a code scan of every application currently in the
Android Market and there are no applications currently exploiting this
vulnerability.
--------------------------------------------------------------------------------
Credit
--------------------------------------------------------------------------------
Chris Hessing from The Open1X Group (http://www.open1x.org) who is
currently working on Android, iOS, Windows, Mac OSX, and Linux 802.1X
tools for Cloudpath Networks (http://www.cloudpath.net/) discovered
this password exploit.
--------------------------------------------------------------------------------
Contact Information
--------------------------------------------------------------------------------
Chris Hessing
    Senior Engineer, Cloudpath Networks (chris.hessing@cloudpath.net)
    Chief Architect, Open1X Group (chris@open1x.org)
Bret Jordan CISSP
    Senior Security Architect, Open1X Group (jordan@open1x.org)
--------------------------------------------------------------------------------
About
--------------------------------------------------------------------------------
Cloudpath Networks
Cloudpath Networks provides software solutions that allow diverse
environments to operate WPA2-Enterprise and 802.1X networks in a
scalable, sustainable manner.ˇ From Bring Your Own Device (BYOD) in
enterprise to student-owned devices in education, Cloudpath's
XpressConnect Wizard has been proven to provide unmatched simplicity
on millions of devices around the globe.
XpressConnect is an automated, self-service wizard for connecting
users to WPA2-Enterprise and 802.1X across a wide range of device
types and authentication methods, including credential-based (PEAP and
TTLS) and certificate-based (TLS).ˇ For certificate-based
environments, XpressConnect?s integration technology seamlessly
connects to existing Microsoft CA servers to extend automated
certificate issuance to non-domain devices, including iOS (iPhone,
iPad, iPod Touch), Android, Windows, Mac OS X, and Linux.
The Open1X Group
The Open1X Group is a strategic research and development group
established in 2001 to support the creation and adoption of secure
authentication systems over traditionally insecure network connection.
The Open1X Group performs active and ongoing research and analysis in
to the IEEE 802.1X protocol, the IETF EAP Methods, emerging
authentication technologies, and various cryptographic
implementations. Â The Open1X Group has had the support of major
Universities, enterprise companies, major Hi-Tech companies, and
non-profit organizations. Â The Open1X Group also performs on-going
analysis of business and academic interests in to secure
authentication and single sign-on systems, and Government and
non-Government regulations and mandates for compliance in secure
authentication.
The Open1X Group leverages a distributed team of security architects,
engineers, and research scientists with specializations in 802.1X,
gird and high performance computing, wireless networking, federated
authentication, black box testing, cryptography, large enterprise and
University deployment experiences, and global project development.
The Open1X Group is a pioneer in the secure authentication space with
the first major wide spread 802.1X federated deployment back in
1999/2000, and the development of a fully featured 802.1X supplicant,
XSupplicant.
Bret Jordan CISSP
Sr Security Architect
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing
that can not be unscrambled is an egg."
.
The vulnerability is caused due to an unspecified error and can be
exploited by an application system administrator to gain super user
privileges.
The vulnerability is reported in versions 6.0, 6.5, and 6.6.
SOLUTION:
Apply patches (please see the vendor's advisory for details). ----------------------------------------------------------------------
SC Magazine awards the Secunia CSI a 5-Star rating
Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296
----------------------------------------------------------------------
TITLE:
HTC Products Wi-Fi Credentials Disclosure Weakness
SECUNIA ADVISORY ID:
SA47837
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47837/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47837
RELEASE DATE:
2012-02-02
DISCUSS ADVISORY:
http://secunia.com/advisories/47837/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47837/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47837
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Open1X Group has reported a weakness in multiple HTC products, which
can be exploited by malicious people to disclose potentially
sensitive information.
The weakness is caused due to the "WifiConfiguration::toString()"
method returning Wi-Fi credentials of stored networks in clear text.
Successful exploitation requires that a malicious application is
installed with "android.permission.ACCESS_WIFI_STATE" permissions.
PROVIDED AND/OR DISCOVERED BY:
Chris Hessing, Open1X Group.
ORIGINAL ADVISORY:
HTC:
http://www.htc.com/www/help/
Open1X Group:
http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html
US-CERT VU#763355:
http://www.kb.cert.org/vuls/id/763355
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201202-0211 | CVE-2011-4790 | HP Network Automation Remote unauthorized access vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors. HP Network Automation is an automated network configuration management tool. Successful exploits will completely compromise the affected computer. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03171149Version: 1
HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References: CVE-2011-4790
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The patch is available here: http://support.openview.hp.com/selfsolve/patches
1. Apply patch 2 or subsequent (Network Automation 09.10.02, NA_00015)
HISTORY
Version:1 (rev.1) - 30 January 2012 Initial Release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk8nCGgACgkQ4B86/C0qfVlPxACgsMH5juKyYCBrEcdQvg5pegIv
KlgAnikcp/UVeiF9+ihcbJVw9ph2GJoy
=R+6J
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
HP Network Automation Unspecified Security Bypass Vulnerability
SECUNIA ADVISORY ID:
SA47738
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47738/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47738
RELEASE DATE:
2012-01-31
DISCUSS ADVISORY:
http://secunia.com/advisories/47738/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47738/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47738
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in HP Network Automation, which can
be exploited by malicious people to bypass certain security
restrictions.
SOLUTION:
Update to version 9.10 and apply patch 2 or subsequent (Network
Automation 09.10.02, NA_00015).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBMU02738 SSRT100748:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03171149
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-190001-0761 | No CVE | Hitachi JP1/Performance Management Web Console Cross-Site Scripting Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Hitachi JP1/Performance Management has security vulnerabilities that allow attackers to conduct cross-site scripting attacks. Part of the input passed to the WEB console lacks filtering before returning to the user, allowing the attacker to build a malicious link, convincing the user to parse, executing arbitrary script code on the target user's browser, obtaining sensitive information or hijacking the user's session. This may help the attacker steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Hitachi JP1/Performance Management Web Console Cross-Site Scripting
Vulnerability
SECUNIA ADVISORY ID:
SA45208
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45208/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45208
RELEASE DATE:
2011-07-15
DISCUSS ADVISORY:
http://secunia.com/advisories/45208/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45208/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45208
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Hitachi JP1/Performance
Management, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Please see the vendor's advisory for the list of affected products.
SOLUTION:
Apply patches. Please see the vendor's advisory for more details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HS11-014:
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-014/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201107-0083 | CVE-2011-2064 | Cisco IOS Service disruption in ( Device reload ) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577.
This issue is being tracked by Cisco Bug ID CSCtl79577. An unauthenticated, remote
attacker could exploit this vulnerability by sending a series of
crafted ICMP packets to an affected device. Exploitation could cause
the device to reload.
There are no workarounds available to mitigate exploitation of this
vulnerability other than blocking ICMP traffic destined to the
affected device.
Determining Cisco CSG Software Versions
To determine the version of Cisco IOS Software that is running on the
Cisco CSG2, issue the "show module" command from Cisco IOS Software
on the switch on which the Cisco CSG2 module is installed to identify
what modules and sub-modules are installed on the system.
--- ----- -------------------------------------- ------------------ -----------
1 2 Supervisor Engine 720 (Active) WS-SUP720-3BXL JAF1226ARQS
2 1 SAMI Module (csgk9) WS-SVC-SAMI-BB-K9 SAD113906P1
4 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL1127T6XY
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 001e.be6e.a018 to 001e.be6e.a01b 5.6 8.5(2) 12.2(33)SRC5 Ok
2 001d.45f8.f3dc to 001d.45f8.f3e3 2.1 8.7(0.22)FW1 12.4(2010040 Ok
4 001c.587a.ef20 to 001c.587a.ef4f 2.6 12.2(14r)S5 12.2(33)SRC5 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
1 Policy Feature Card 3 WS-F6K-PFC3BXL JAF1226BNQM 1.8 Ok
1 MSFC3 Daughterboard WS-SUP720 JAF1226BNMC 3.1 Ok
2 SAMI Daughterboard 1 SAMI-DC-BB SAD114400L9 1.1 Other
2 SAMI Daughterboard 2 SAMI-DC-BB SAD114207FU 1.1 Other
4 Centralized Forwarding Card WS-F6700-CFC SAL1029VGFK 2.0 Ok
Mod Online Diag Status
---- -------------------
1 Pass
2 Pass
4 Pass
C7600#
After locating the correct slot, issue the "session slot <module
number> processor <3-9>" command to open a console connection to the
respective Cisco Content Services Gateway: Second Generation. For
example: session slot 2 processor 3. The number 3 is the control
processor (CP) number for the CSG2.
Note: Other SAMI-based applications are not affected. The Cisco
Gateway GPRS Support Node (GGSN), the Cisco Mobile Wireless Home
Agent (HA), the Cisco Wireless Security Gateway (WSG), the Cisco
Broadband Wireless Gateway and Cisco IP Transfer Point (ITP), and the
Cisco Long Term Evolution (LTE) Gateway are not affected.
The Cisco 7600 Series Router is not affected by this vulnerability,
only the Cisco CSG (2nd generation) module is affected.
No other Cisco products are currently known to be affected by this
vulnerability.
Details
=======
The Cisco Content Services Gateway: Second Generation provides
intelligent network capabilities such as flexible policy management
and billing based on deep-packet inspection, as well as subscriber
and application awareness capabilities that enable mobile operators
to quickly and easily offer value-added, differentiated services over
their mobile data networks.
Note: The Cisco Gateway GPRS Support Node (GGSN), the Cisco Mobile
Wireless Home Agent (HA), the Cisco Wireless Security Gateway (WSG),
the Cisco Broadband Wireless Gateway and Cisco IP Transfer Point
(ITP), and the Cisco Long Term Evolution (LTE) Gateway are not
affected.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtl79577 - Crafted ICMP Packets may cause CSG2 to reload
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of this vulnerability could cause an affected
device to reload. Repeated exploitation could result in a sustained
DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult http://www.cisco.com/go/psirt
and any subsequent advisories to determine exposure and a complete upgrade
solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the Cisco IOS software table (below) names a Cisco IOS
release train. If a given release train is vulnerable, then the
earliest possible releases that contain the fix (along with the
anticipated date of availability for each, if applicable) are listed
in the "First Fixed Release" column of the table. The "Recommended
Release" column indicates the releases which have fixes for all the
published vulnerability at the time of this Advisory. A device
running a release in the given train that is earlier than the release
in a specific column (less than the First Fixed Release) is known to
be vulnerable. Cisco recommends upgrading to a release equal to or
later than the release in the "Recommended Releases" column of the
table.
+---------------------------------------+
| Major | Availability of Repaired |
| Release | Releases |
|------------+--------------------------|
| Affected | |
| 12.x-Based | First Fixed Release |
| Releases | |
|------------+--------------------------|
| 12.0 - | 12.0 through 12.3 based |
| 12.3 | releases are not |
| | affected |
|------------+--------------------------|
| Affected | |
| 12.4-Based | First Fixed Release |
| Releases | |
|------------+--------------------------|
| 12.4MD | Not vulnerable |
|------------+--------------------------|
| | All 12.4MDA releases |
| 12.4MDA | prior to 12.4(24)MDA5 |
| | are affected. First |
| | fixed in 12.4(24)MDA5 |
|------------+--------------------------|
| 12.4MDB | Not vulnerable |
|------------+--------------------------|
| Affected | |
| 15.X-Based | First Fixed Release |
| Releases | |
|------------+--------------------------|
| 15.0 - | 15.0 through 15.1 based |
| 15.1 | releases are not |
| | affected |
+---------------------------------------+
Workarounds
===========
There are no available workarounds to mitigate this vulnerability
other than applying infrastructure access control lists (iACLs) on
the Cisco 7600 router to block ICMP traffic destined to the IP
address of the Cisco CSG. Administrators can construct an iACL by
explicitly permitting only authorized traffic to enter the network at
ingress access points or permitting authorized traffic to transit the
network in accordance with existing security policies and
configurations. An iACL workaround cannot provide complete protection
against these vulnerabilities when the attack originates from a
trusted source address.
The iACL policy denies unauthorized ICMP packet types, including echo
request, echo-reply, host-unreachable, traceroute, packet-too-big,
time-exceeded, and unreachable, that are sent to affected devices. In
the following example, 192.168.60.0/24 is the IP address space that
is used by the affected devices, and the host at 192.168.100.1 is
considered a trusted source that requires access to the affected
devices. Care should be taken to allow required traffic for routing
and administrative access prior to denying all unauthorized traffic.
Whenever possible, infrastructure address space should be distinct
from the address space used for user and services segments. Using
this addressing methodology will assist with the construction and
deployment of iACLs.
Additional information about iACLs is in Protecting Your Core:
Infrastructure Protection Access Control Lists.
ip access-list extended Infrastructure-ACL-Policy
!
!-- Include explicit permit statements for trusted sources
!-- that require access on the vulnerable protocol
!
permit icmp host 192.168.100.1 192.168.60.0 0.0.0.255 echo
permit icmp host 192.168.100.1 192.168.60.0 0.0.0.255 echo-reply
permit icmp host 192.168.100.1 192.168.60.0 0.0.0.255 host-unreachable
permit icmp host 192.168.100.1 192.168.60.0 0.0.0.255 traceroute
permit icmp host 192.168.100.1 192.168.60.0 0.0.0.255 packet-too-big
permit icmp host 192.168.100.1 192.168.60.0 0.0.0.255 time-exceeded
permit icmp host 192.168.100.1 192.168.60.0 0.0.0.255 unreachable
!
!-- The following vulnerability-specific access control entries
!-- (ACEs) can aid in identification of attacks
!
deny icmp any 192.168.60.0 0.0.0.255 echo
deny icmp any 192.168.60.0 0.0.0.255 echo-reply
deny icmp any 192.168.60.0 0.0.0.255 host-unreachable
deny icmp any 192.168.60.0 0.0.0.255 traceroute
deny icmp any 192.168.60.0 0.0.0.255 packet-too-big
deny icmp any 192.168.60.0 0.0.0.255 time-exceeded
deny icmp any 192.168.60.0 0.0.0.255 unreachable
!
!-- Explicit deny ACE for traffic sent to addresses configured within
!-- the infrastructure address space
!
deny ip any 192.168.60.0 0.0.0.255
!
!-- Permit or deny all other Layer 3 and Layer 4 traffic in accordance
!-- with existing security policies and configurations
!
!-- Apply iACL to interfaces in the ingress direction
!
interface GigabitEthernet0/0
ip access-group Infrastructure-ACL-Policy in
Additional mitigations that can be deployed on Cisco devices within
the network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory, which is available at the
following link:
http://www.cisco.com/warp/public/707/cisco-amb-20110706-csg.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was found during internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20110706-csg.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2011-July-06 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iFcDBQFOFH2OQXnnBKKRMNARCAqmAP9fvGEVMGbceYlLdKOUdF56bWsbDLEerSIM
MASXq1IfLwD/VVBOZhprC1czwhOPulRma0Iw5Y2rfcErfqQdBhZiTCw=
=cKiB
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco Content Services Gateway ICMP Messages Denial of Service
Vulnerability
SECUNIA ADVISORY ID:
SA45148
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45148/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45148
RELEASE DATE:
2011-07-08
DISCUSS ADVISORY:
http://secunia.com/advisories/45148/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45148/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45148
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco Content Services Gateway
(CSG2), which can be exploited by malicious people to cause a DoS
(Denial of Service).
Please see the vendor's advisory for a list of affected IOS Software.
SOLUTION:
Apply fixes (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110706-csg.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201409-0042 | CVE-2011-4887 | Imperva SecureSphere Web Application Firewall of MX Management Server Management GUI Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field. Imperva SecureSphere Web Application Firewall is prone to an HTML-injection vulnerability prone to an because they fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
SecureSphere Web Application Firewall 9.0 is vulnerable. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
SecureSphere Web Application Firewall Username Script Insertion
Vulnerability
SECUNIA ADVISORY ID:
SA48086
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48086/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48086
RELEASE DATE:
2012-02-17
DISCUSS ADVISORY:
http://secunia.com/advisories/48086/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48086/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48086
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Roger Wemyss has reported a vulnerability in SecureSphere Web
Application Firewall, which can be exploited by malicious people to
conduct script insertion attacks.
Certain input passed to a web server protected by SecureSphere is not
properly sanitised before being displayed to the user.
The vulnerability is reported in version 9.0.
SOLUTION:
Update to version 9.0 Patch 1.
PROVIDED AND/OR DISCOVERED BY:
Roger Wemyss, Dell SecureWorks
ORIGINAL ADVISORY:
SecureSphere:
http://www.imperva.com/resources/adc/adc_advisories_response_secureworks_CVE-2011-4887.html
Dell SecureWorks:
http://www.secureworks.com/research/advisories/SWRX-2012-002/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This fixes a
vulnerability, which can be exploited by malicious people to
compromise an application using the library.
For more information see vulnerability #6 in:
SA47816
SOLUTION:
Apply updated packages
| VAR-190001-0187 | No CVE | Control Microsystems ClearSCADA Authentication Security Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
ClearSCADA is an integrated SCADA host platform that includes a rotation training engine, real-time database, web server, alarm processor and reporting software. ClearSCADA has a security authentication bypass vulnerability that allows an attacker to exploit sensitive information or perform unauthorized operations. Control Microsystems ClearSCADA is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.
Versions prior to ClearSCADA 2010 R1.1 are vulnerable. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
Serck SCX ClearSCADA Web Interface Authentication Bypass
Vulnerability
SECUNIA ADVISORY ID:
SA45913
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45913/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45913
RELEASE DATE:
2011-09-06
DISCUSS ADVISORY:
http://secunia.com/advisories/45913/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45913/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45913
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Serck SCX, which can be
exploited by malicious people to bypass certain security
restrictions.
For more information:
SA45854
The vulnerability is reported in the following products.
* Serck SCX version 67 R4.5
* Serck SCX version 68 R3.9
SOLUTION:
Update to a fixed version. Contact the vendor for further
information.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Jeremy Brown.
ORIGINAL ADVISORY:
ICS-CERT (ICSA-11-173-01):
http://www.us-cert.gov/control_systems/pdf/ICSA-11-173-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201112-0237 | CVE-2011-4835 |
HS2 Directory Traversal Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201112-0030 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors. HomeSeer HS2 home automation software web interface contains multiple vulnerabilities. An attacker can request a WEB page like http://ipaddress/example<script>alert(document.cookie)</script> to store JavaScript in In the log view page. Viewing the log file by the administrator can cause JavaScript to execute in the target browser. A successful CSRFG attack allows an attacker to run commands as an administrator user. An HTML-injection vulnerability.
2. A cross-site request-forgery vulnerability.
3. A directory-traversal vulnerability.
Attackers can exploit these issues to perform certain actions in the context of an authorized user's session, run arbitrary HTML and script code, and transfer files outside of the web directory. Other attacks may also be possible.
HomeSeer HS2 2.5.0.20 is vulnerable; prior versions may also be affected. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
HomeSeer HS2 Cross-Site Request Forgery and Script Insertion
Vulnerabilities
SECUNIA ADVISORY ID:
SA47191
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47191/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47191
RELEASE DATE:
2011-12-09
DISCUSS ADVISORY:
http://secunia.com/advisories/47191/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47191/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47191
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been discovered in HomeSeer HS2, which can
be exploited by malicious people to conduct cross-site request
forgery and script insertion attacks.
1) Input passed via the URL is not properly sanitised before being
used.
2) The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to e.g. execute commands on a system
by tricking a user into visiting a malicious web site.
The vulnerabilities are confirmed in version 2.5.0.23.
SOLUTION:
Filter malicious characters and character sequences in a proxy. Do
not browse untrusted websites or follow untrusted links while logged
in to the application.
PROVIDED AND/OR DISCOVERED BY:
US-CERT credits Silent Dream
ORIGINAL ADVISORY:
US-CERT (VU#796883):
http://www.kb.cert.org/vuls/id/796883
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201107-0275 | CVE-2011-2608 |
HP Operations Manager 'Register' Request Arbitrary File Deletion Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201106-0354 |
CVSS V2: 6.4 CVSS V3: - Severity: Medium |
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command. HP Operations Manager is prone to an arbitrary-file-deletion vulnerability.
An attacker can exploit this issue to delete arbitrary files on an affected computer. Successful exploits will result in a denial-of-service condition or the corruption of applications running on the affected computer.
References: CVE-2011-2608, SA45079, SA44321
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Performance Agent v5.0, and v4.70 running on AIX, HP-UX, Linux, Solaris, and Windows;
Operations Agent v11.0, v8.60.0xx, v8.60.5xx running on AIX, HP-UX, Linux, Solaris, and Windows.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-2608 (AV:N/AC:L/Au:N/C:P/I:C/A:C) 9.7
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Abdul-Aziz Hariri coordinating with Secunia for reporting this vulnerability to security-alert@hp.com
RESOLUTION
HP has provided the following resolve this vulnerability. Please contact your HP Software support channel to request the hotfixes below.
For Performance Agent v5.0 and v4.7 please request this hotfix from support: Performance Agent/OVPA_C.05.00.100_ALL/ Security issue, no details available
For Operations Agent v11.0 please install the latest patch v11.01.003
For Operations Agent v8.60.005, c8.60.006, v8.60.007, v8.60.008 please request hotfix from support: LCore/Lcore_06.20/ Security issue, no details available
For Operations Agent v8.60.501 please request hotfix from support: LCore/Lcore_06.21.501/ Security issue, no details available
For Operations Agent v8.53 request hotfix from support: LCore/Lcore_06.20/ Security issue, no details available
HISTORY
Version:1 (rev.1) - 18 July 2011 Initial Release
Version:2 (rev.2) - 27 July 2011 Re-release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk4xmnYACgkQ4B86/C0qfVmjYgCfecas6Z8B7Yz0lE914CADLCWl
JHwAnipHP6J3ehLiL9oLhQ4gsvWD+8Ua
=V0C9
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Frost & Sullivan 2011 Report: Secunia Vulnerability Research
\"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies.
Read the report here:
http://secunia.com/products/corporate/vim/fs_request_2011/
----------------------------------------------------------------------
TITLE:
HP Operations Manager OV Communication Broker Arbitrary File Deletion
SECUNIA ADVISORY ID:
SA45079
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45079/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45079
RELEASE DATE:
2011-06-28
DISCUSS ADVISORY:
http://secunia.com/advisories/45079/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45079/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45079
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Luigi Auriemma has discovered a vulnerability in HP Operations
Manager, which can be exploited by malicious people to delete files
on a vulnerable system.
The vulnerability is caused due to the OV Communications Broker
service (ovbbccb.exe) deleting a file specified in a received
"Register" request.
SOLUTION:
Restrict access to the OV Communication Broker service.
PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma
ORIGINAL ADVISORY:
Luigi Auriemma:
http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0581 | CVE-2011-5163 | CitectSCADA and Mitsubishi MX4 SCADA Buffer Overflow Vulnerability |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. CitectSCADA is software for providing monitoring and control functions in the Data Acquisition and Monitoring System (SCADA). A buffer overflow vulnerability exists in CitectSCADA and Mitsubishi MX4 SCADA version 7.10. This vulnerability affects the Batch server module, which can be exploited by an attacker to run arbitrary code in the context of an application, and a failed attack attempt will result in a denial of service. CitectSCADA is an industrial control software used by Mitsubishi MX4 and Schneider Electric. Careful construction of string data can execute arbitrary code in the application context. CitectSCADA and Mitsubishi MX4 SCADA are prone to a buffer-overflow vulnerability that affects the Batch server module. Failed exploit attempts will result in a denial-of-service condition.
The following versions are vulnerable:
CitectSCADA 7.10 and prior
Mitsubishi MX4 SCADA 7.10 and prior. Citectscada is prone to a local security vulnerability. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Schneider Electric CitectSCADA Batch Server Login Buffer Overflow
Vulnerability
SECUNIA ADVISORY ID:
SA46779
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46779/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46779
RELEASE DATE:
2011-11-09
DISCUSS ADVISORY:
http://secunia.com/advisories/46779/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46779/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46779
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Schneider Electric CitectSCADA,
which can be exploited by malicious people to compromise a vulnerable
system.
Successful exploitation may allow execution of arbitrary code.
SOLUTION:
Update to a fixed version. Please contact the vendor for details.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Kuang-Chun Hung, Taiwan\x92s Information and
Communication Security Technology Center (ICST).
ORIGINAL ADVISORY:
CitectSCADA:
http://www.citect.com/citectscada-batch
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
The application bundles a vulnerable version of CitectSCADA