Guest

Cisco Event Response: March 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

March 25, 2015

Cisco released its semiannual Cisco IOS Software Security Advisory Bundled Publication on March 25, 2015. In direct response to customer feedback, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year. The publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of the individual vulnerabilities could result in a denial of service condition or interface wedge.

Use the Cisco IOS Software Checker to quickly determine whether a given Cisco IOS Software release is exposed to Cisco product vulnerabilities.

 

Event Intelligence

The following table identifies Cisco Security content and Cisco mitigation information that is associated with this Cisco IOS Software Security Advisory bundled publication:

Cisco Security Advisory
Cisco Applied Mitigation Bulletin
Cisco IntelliShield Alert CVE ID
Search CVEs
CVSS
Base Score
CVSS Q&A
OVAL
OVAL

cisco-sa-20150325-ani

Multiple Vulnerabilities in Cisco IOS and IOS XE Software Autonomic Networking Infrastructure

Refer to the Workarounds section of the associated Cisco Security Advisory
Cisco IOS and IOS XE Software Autonomic Networking Registration Authority Spoofing Vulnerability CVE-2015-0635 9.0 cisco-sa-20150325-ani
Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Spoofed Autonomic Networking Messages Denial of Service Vulnerability CVE-2015-0636 7.1
Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Device Reload Denial of Service Vulnerability CVE-2015-0637 7.8

cisco-sa-20150325-wedge

Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability

Refer to the Workarounds section of the associated Cisco Security Advisory

Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability

CVE-2015-0638

7.8

cisco-sa-20150325-wedge

cisco-sa-20150325-ikev2

Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities

Refer to the Workarounds section of the associated Cisco Security Advisory

Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability

CVE-2015-0643

7.8

cisco-sa-20150325-ikev2

Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability

CVE-2015-0642

7.8

cisco-sa-20150325-cip

Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol

Identifying and Mitigating Exploitation of the Cisco IOS Software UDP CIP Denial of Service Vulnerability Cisco IOS Software UDP CIP Denial of Service Vulnerability CVE-2015-0647 7.8 cisco-sa-20150325-cip
Cisco IOS Software TCP CIP Packet Memory Leak Vulnerability CVE-2015-0648 7.8
Cisco IOS Software TCP CIP Denial of Service Vulnerability CVE-2015-0649 7.8

cisco-sa-20150325-mdns

Cisco IOS and IOS XE Software mDNS Gateway Denial of Service Vulnerability

Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability CVE-2015-0650 7.8 cisco-sa-20150325-mdns

cisco-sa-20150325-tcpleak

Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability

Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability CVE-2015-0646 7.8 cisco-sa-20150325-tcpleak

cisco-sa-20150325-iosxe

Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers

Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000, Cisco ISR 4400, and Cisco Cloud Services 1000v Series Routers Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability CVE-2015-0640 7.8
Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability CVE-2015-0644 8.3
Cisco IOS XE Software Crafted IPv6 Packet Denial of Service Vulnerability CVE-2015-0641 7.8
Cisco IOS XE Software Layer 4 Redirect Crafted Packet Denial of Service Vulnerability CVE-2015-0645 7.8
Cisco IOS XE Software Common Flow Table Crafted Packet Denial of Service Vulnerability CVE-2015-0639 7.8

Return to the Cisco Security portal