Guest

Product Support

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers

Advisory ID: cisco-sa-20130410-asr1000

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

Revision 1.3

Last Updated  2013 April 17 19:11  UTC (GMT)

For Public Release 2013 April 15 16:00  UTC (GMT)


Summary

Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities:

  • Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability
  • Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability
  • Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability
  • Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability
  • Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability

These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the Embedded Services Processors (ESP) card or the Route Processor (RP) card, causing an interruption of services.
Repeated exploitation could result in a sustained DoS condition.

Note: Cisco IOS Software and Cisco IOS-XR Software are not affected by these vulnerabilities.

Cisco has released free software updates that address these vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

Affected Products

Cisco IOS XE Software for 1000 Series ASR contains multiple DoS vulnerabilities. Affected versions of Cisco IOS XE Software for 1000 Series ASR will vary depending on the specific vulnerability. Consult the Software Versions and Fixes section of this security advisory for more information about the affected versions.


Vulnerable Products

For specific version information, refer to the Software Versions and Fixes section of this advisory.


Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability and Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability

These vulnerabilities are triggered when a fragmented multicast IP version 6 (IPv6) or a fragmented IPv6 Multicast VPN (MVPNv6) packet is received by an affected Cisco ASR device. The fragmented multicast packet processed by Cisco Multicast Leaf Recycle Elimination (MLRE) may cause a Cisco ESP card on the Cisco ASR device to reload.
Multiple features configured on the Cisco ASR 1000 may trigger this kind of processing that will lead to a crash.

Cisco IOS XE Software may be affected if IPv6 is enabled on an interface that is processing traffic and MLRE is enabled on the affected device.

To determine whether IPv6 is enabled on an interface use the  show run | include ipv6.(enable|address)
privileged EXEC command. The presence of  ipv6 enable and ipv6 address  in the output of  show run | include ipv6.(enable|address) indicates that IPv6 is enabled.

The following is the output of the  show run | include ipv6.(enable|address) in a Cisco IOS XE Software that shows the device is configured for IPv6:
asr1004# show run | include ipv6.(enable|address)
 ipv6 enable  ipv6 address dhcp rapid-commit
 ipv6 address autoconfig  ipv6 address MANAGEMENT ::1FFF:0:0:0:3560/128
 ipv6 address 2001:DB8::1/64

There is currently no way to determine if Cisco MLRE is enabled on the device.

Note: The Cisco MLRE feature is introduced in Cisco IOS XE Software Release 3.4.1S and is enabled by default on all later versions of Cisco IOS XE Software on the Cisco ASR 1000 Series Aggregation Services Routers with Embedded Services Processor 40 (ASR1000-ESP40) or Embedded Services Processor 100 (ASR1000-ESP100). Only Cisco ASR 1000 Series Aggregation Services Routers with Embedded Services Processor 40 (ASR1000-ESP40) or Embedded Services Processor 100 (ASR1000-ESP100) are affected by this vulnerability.

To determine whether a Cisco ASR 1000 device has ASR1000-ESP40 or ASR1000-ESP100 installed, administrators can issue the show inventory command. The following is the output of the show inventory in a Cisco IOS XE Software running on a Cisco ASR 1006 Router with Embedded Services Processor 40 (ASR1000-ESP40):


asr1006#show inventory  NAME: "Chassis", DESCR: "Cisco ASR1006 Chassis" PID: ASR1006           NAME: "module F1", DESCR: "Cisco ASR1000 Embedded Services Processor, 40Gbps" PID: ASR1000-ESP40     <output suppressed>

Note: Cisco IOS devices configured to process multicast IPv6 or MVPNv6 traffic are not affected by this vulnerability. Only Cisco ASR 1000 Series Aggregation Services Routers running affected versions of Cisco IOS XE Software are affected by this vulnerability.



Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that may cause an affected device to reload when processing of a large amount of specific Layer 2 Tunneling Protocol (L2TP) packets when L2TP Network Server (LNS) termination or L2TPv3 Ethernet Pseudowire (xconnect) is enabled. L2TP LNS termination and xconnect are not enabled by default.

To verify if L2TP LNS termination is enabled on a device use the show run | include accept-dialin privileged EXEC command. The presence of accept-dialin in the output of show run | include accept-dialin indicates that L2TP LNS termination is enabled.

The following is the output of the show run | include accept-dialin on Cisco IOS XE Software that is configured as an L2TP Network Server (LNS):
asr1004#sho running-config | include accept-dialin
accept-dialin
To verify if xconnect is enabled on a device use the show run | include xconnect|l2tpv3 privileged EXEC command. The presence of encapsulation l2tpv3 and xconnect in the output of show run | include xconnect|l2tpv3 indicates that xconnect is enabled.

The following is the output of the show run | include xconnect|l2tpv3 on Cisco IOS XE Software that is configured for xconnect:

asr1004#sho running-config | include xconnect|l2tpv3
encapsulation l2tpv3 xconnect 10.0.0.1 1000 encapsulation l2tpv3 pw-class my_class

Note: Cisco IOS devices configured with L2TPv3 Ethernet Pseudowire (xconnect) or as L2TP LNS are not affected by this vulnerability. Only Cisco ASR 1000 Series Aggregation Services Routers running affected versions of Cisco IOS XE Software are affected by this vulnerability.



Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that may cause an affected device to reload during the processing of packets when the bridge domain interface (BDI) feature is configured.

Cisco IOS XE Software may be affected by this vulnerability if all of the following conditions are satisfied:
  • The physical interface that processes the packet on the ingress path is the layer 3 interface that has the encapsulation type set to untagged.
  • The incoming packet is routed through a BDI interface.
  • The egress physical interface of the packet has the encapsulation set to rewrite VLAN.
Note: The BDI feature is not configured by default.

To verify if the above conditions are satisfied on a device use the show run | section interface privileged EXEC command. The following is the output of show run | section interface in Cisco IOS XE software on a device configured with the vulnerable BDI setting:
	asr1004#sho running-config | section interface

interface GigabitEthernet0/0/3
        ip address 192.168.2.1 255.255.255.0

        !
        interface BDI20         ip address 192.168.1.1 255.255.255.0
!
        interface GigabitEthernet0/0/4         no ip address         negotiation auto         service instance 1 ethernet         encapsulation dot1q 201         rewrite egress tag pop 1 symmetric         bridge-domain 20
 
Note: This feature was introduced on the Cisco ASR 1000 Series Aggregation Services Routers in Cisco IOS XE Software version 3.2.0S.

Note: Cisco IOS devices configured for BDI are not affected by this vulnerability. Only Cisco ASR 1000 Series Aggregation Services Routers running affected versions of Cisco IOS XE Software are affected by this vulnerability.


Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that may cause an affected device to reload while processing Session Initiation Protocol (SIP) packets that undergo Network Address Translation (NAT) within Virtual Routing and Forwarding (VRF) instance and SIP Application Layer Gateway (ALG) inspection. An attacker could exploit this vulnerability by sending a large number of SIP packets traversing a device configured for NAT.

Cisco IOS XE Software may be affected by this vulnerability if VRF-aware NAT and SIP ALG is enabled on an affected device; these services are not enabled by default.

SIP ALG is enabled on a device as soon as NAT is enabled. Administrators can choose to disable SIP ALG inspection under NAT configuration.

SIP ALG can also be enabled under Zone-Based Policy Firewall (ZBFW) configuration. Devices configured for SIP ALG under ZBFW are not affected by this vulnerability.

To determine whether VRF-aware NAT has been enabled in the Cisco IOS XE Software configuration, either ip nat inside or ip nat outside commands must be present in different interfaces, and at least one ip nat global configuration command must have a vrf keyword.

The show running-config | include ip (nat | .* vrf .*) command can be used to determine whether VRF-aware NAT is present in the configuration, as illustrated in the following example of a vulnerable configuration:

asr1004#show running-config | include ip (nat | .* vrf .*)
 ip nat inside
 ip nat outside
ip nat inside source static 192.168.1.100 10.0.0.1 vrf VRF-SIP
 


If the output is empty, the Cisco IOS XE Software release running on a given device is not vulnerable. If the output returned is not empty, SIP ALG services may be explicitly disabled under NAT configuration. To determine whether SIP ALG is disabled under NAT configuration, use the show run | include ip nat privileged EXEC command. The presence of no ip nat service sip in the output of show run | include ip nat indicates that SIP ALG is disabled under NAT configuration.

The following is the output of show run | include ip nat in Cisco IOS XE Software that has the SIP ALG disabled under NAT configuration:

      asr1004#show running-config | include ip nat
  ip nat inside
  ip nat outside
ip nat inside source static 192.168.1.100 10.0.0.1 vrf sip
no ip nat service sip udp port 5060
no ip nat service sip tcp port 5060

If no ip nat service sip is not present in the output of show run | include ip nat, the Cisco IOS XE Software release running on the device is vulnerable.

Note: Cisco IOS devices configured for SIP ALG inspection are not affected by this vulnerability. Only Cisco ASR 1000 Series Aggregation Services Routers running affected versions of Cisco IOS XE Software are affected by this vulnerability.


Determine the Running Software Version

Cisco ASR 1000 Series Aggregation Services Routers IOS XE Software releases correspond to the Cisco IOS Software releases. For example, Cisco IOS XE Software Release 3.6.2S is the software release for Cisco ASR 1000 Series Aggregation Services Routers IOS Software Release 15.2(2)S2.
For more information about mappings between the Cisco IOS XE Software releases and their associated Cisco IOS Software releases, see:
http://www.cisco.com/en/US/docs/routers/asr1000/release/notes/asr1k_rn_intro.html 

To determine whether a vulnerable version of Cisco IOS XE Software is running on a device, administrators can issue the show version command. The following example shows a Cisco IOS XE Software that is running IOS XE software version 3.6.2S, IOS version 15.2(2)S2:

asr1004#show version 
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 07-Aug-12 13:40 by mcpre
<output suppressed>

Note: A Cisco IOS XE Software image consists of seven individual modules, also referred to as subpackages. The packages are designed to use the In Service Software Upgrade (ISSU) capability of the Cisco IOS XE Software. Customers have the capability to upgrade only those packages that need to be upgraded. For more information about the Cisco IOS XE Software packaging, see:
http://www.cisco.com/en/US/partner/prod/collateral/routers/ps9343/product_bulletin_c25-448387.html

If packages are upgraded individually, the output of the show version command may  vary.

Products Confirmed Not Vulnerable

Products running Cisco IOS Software or Cisco IOS-XR Software are not affected by any of these vulnerabilities.

With the exception of the Cisco IOS XE Software for 1000 Series ASR, no other Cisco products are currently known to be affected by these vulnerabilities.

Details

The following section provides additional information about each vulnerability.

Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated remote attacker to cause a DoS condition.

The vulnerability is due to improper handling of fragmented IPv6 multicast traffic by Cisco 1000 Series ASR with ASR1000-ESP40 or ASR1000-ESP100. An attacker could exploit this vulnerability by sending fragmented IPv6 multicast packets either traversing or destined to a vulnerable system.

A successful exploit could allow the attacker to cause a system to reload, resulting in a DoS condition. Repeated exploitation could result in a sustained DoS condition.


This vulnerability is documented in Cisco bug ID  CSCtz97563 ( registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2013-1164


Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated remote attacker to cause a DoS condition.

The vulnerability is due to improper handling of fragmented IPv6 MVPN traffic by Cisco 1000 Series ASR with ASR1000-ESP40 or ASR1000-ESP100. An attacker could exploit this vulnerability by sending fragmented IPv6 MVPN packets either traversing or destined to a vulnerable system.

A successful exploit could allow the attacker to cause a system to reload, resulting in a DoS condition. Repeated exploitation could result in a sustained DoS condition.


This vulnerability is documented in Cisco bug ID  CSCub34945 ( registered customers only) and has been assigned CVE ID CVE-2013-2779


Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated remote attacker to cause a DoS condition.

The vulnerability is due to improper handling of specific L2TP packets by Cisco 1000 ASR. An attacker could exploit this vulnerability by sending a large number of specific L2TP packets to a vulnerable system; this vulnerability cannot be triggered by L2TP traffic transiting a vulnerable device.

A successful exploit could allow the attacker to cause a system to reload, resulting in a DoS condition. Repeated exploitation could result in a sustained DoS condition.

This vulnerability is documented in Cisco bug ID  CSCtz23293 ( registered customers only) and has been assigned CVE ID CVE-2013-1165


Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper handling of packets by Cisco 1000 Series ASR configured for bridge domain interface (BDI). An attacker could exploit this vulnerability by sending packets that will traverse a vulnerable system. This vulnerability cannot be triggered by sending traffic to a vulnerable device.

A successful exploit could allow the attacker to cause a system to reload, resulting in a DoS condition. Repeated exploitation could result in a sustained DoS condition.

This vulnerability is documented in Cisco bug ID  CSCtt11558 ( registered customers only) and has been assigned CVE ID CVE-2013-1167


Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a DoS condition.

The vulnerability is due to improper handling of SIP packets by Cisco 1000 Series ASR when configured for VRF-aware NAT and SIP ALG. An attacker could exploit this vulnerability by sending a large number of SIP packets traversing a device configured for NAT; this vulnerability cannot be triggered by SIP traffic destined to a vulnerable device.

A successful exploit could allow the attacker to cause a system to reload, resulting in a DoS condition. Repeated exploitation could result in a sustained DoS condition.


This vulnerability is documented in Cisco bug ID  CSCuc65609 ( registered customers only) and has been assigned CVE ID CVE-2013-1166



Vulnerability Scoring Details

Cisco has scored the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this security advisory is in accordance with CVSS version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability severity and helps organizations determine the urgency and priority of a response.

Cisco has provided a base and temporal score. Customers can also compute environmental scores that help determine the impact of the vulnerability in their own networks.

Cisco has provided additional information regarding CVSS at the following link:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to compute the environmental impact for individual networks at the following link:

http://intellishield.cisco.com/security/alertmanager/cvss




CSCtz97563-- Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability

Calculate the environmental score of CSCtz97563

CVSS Base Score - 7.8

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Network

Low

None

None

None

Complete

CVSS Temporal Score - 6.4

Exploitability

Remediation Level

Report Confidence

Functional

Official-Fix

Confirmed





CSCub34945-- Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability

Calculate the environmental score of CSCub34945

CVSS Base Score - 7.8

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Network

Low

None

None

None

Complete

CVSS Temporal Score - 6.4

Exploitability

Remediation Level

Report Confidence

Functional

Official-Fix

Confirmed





CSCtz23293-- Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability

Calculate the environmental score of CSCtz23293

CVSS Base Score - 7.8

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Network

Low

None

None

None

Complete

CVSS Temporal Score - 6.4

Exploitability

Remediation Level

Report Confidence

Functional

Official-Fix

Confirmed





CSCtt11558-- Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability

Calculate the environmental score of CSCtt11558

CVSS Base Score - 7.1

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Network

Medium

None

None

None

Complete

CVSS Temporal Score - 5.9

Exploitability

Remediation Level

Report Confidence

Functional

Official-Fix

Confirmed





CSCuc65609-- Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability

Calculate the environmental score of CSCuc65609

CVSS Base Score - 7.8

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Network

Low

None

None

None

Complete

CVSS Temporal Score - 6.4

Exploitability

Remediation Level

Report Confidence

Functional

Official-Fix

Confirmed


Impact

Successful exploitation of any of the following vulnerabilities may allow a remote, unauthenticated attacker to reload the Embedded Services Processors (ESP) card, causing interruption of services:

  •     Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability
  •     Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability
  •     Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability
  •     Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability

Repeated exploitation could result in a sustained DoS condition.

Note: In scenarios where dual ESP cards are present on the affected system, both ESP cards may reload.


Successful exploitation of the Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability may allow a remote, unauthenticated attacker to trigger a reload of both the ESP card and Route Processor (RP) card, causing an interruption of services:

Note: In scenarios where dual ESP or RP cards are present on the affected system, both ESP and RP cards may reload.

Repeated exploitation could result in a sustained DoS condition.

Software Versions and Fixes

When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Each Cisco IOS XE Software release is classified as either a Standard Support or an Extended Support release. A Standard Support release has a total engineering support lifetime of one year, with two scheduled rebuilds. The Extended Support release provides a total engineering support lifetime of two years, with four scheduled rebuilds. 

For more information about the Cisco IOS XE Software end-of-life policy and associated support milestones for specific Cisco IOS XE Software releases, see:
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c25-448258.html


Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability

Vulnerability Major Release
Extended Release First Fixed Release
CSCtz97563

2.x  -
Not affected
3.1 Yes Not affected
3.2 No
Not affected
3.3 No
Not affected
3.4 Yes
3.4.4S
3.5 No
Vulnerable; migrate to one of the extended releases
3.6 No Vulnerable; migrate to one of the extended releases
3.7 Yes
Not affected
3.8 No Not affected


Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability

Vulnerability Major Release
Extended Release
First Fixed Release
CSCub34945
2.x  -
Not affected
3.1 Yes Not affected
3.2 No
Not affected
3.3 No
Not affected
3.4 Yes
3.4.5S
3.5 No
Vulnerable; migrate to one of the extended releases
3.6 No Vulnerable; migrate to one of the extended releases
3.7 Yes
3.7.1S
3.8 No Not affected


Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability

Vulnerability Major Release
Extended Release
First Fixed Release
CSCtz23293
2.x  -
Vulnerable; migrate to one of the extended releases
 3.1 Yes Vulnerable; migrate to one of the extended releases
3.2 No
Vulnerable; migrate to one of the extended releases
3.3 No
Vulnerable; migrate to one of the extended releases
3.4 Yes
3.4.5S
3.5 No
Vulnerable; migrate to one of the extended releases
3.6 No Vulnerable; migrate to one of the extended releases
3.7 Yes 3.7.1S
3.8 No Not affected


Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability

Vulnerability Major Release
Extended Release
First Fixed Release
CSCtt11558
2.x  -
Not affected
3.1 Yes Not affected
3.2 No
Vulnerable; migrate to one of the extended releases
3.3 No
Vulnerable; migrate to one of the extended releases
3.4 Yes
3.4.2S
3.5 No
Vulnerable; migrate to one of the extended releases
3.6 No Not affected
3.7 Yes
Not affected
3.8 No Not affected


Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability

Vulnerability Major Release
Extended Release
 First Fixed Release
CSCuc65609
2.x  -
Not affected
3.1 Yes Not affected
3.2 No Not affected
3.3 No
Not affected
3.4 Yes
3.4.5S
3.5 No
Not affected
3.6 No Not affected
3.7 Yes Not affected
3.8 No Not affected

When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. 


Recommended Releases

The Recommended Release table lists the releases that have fixes for all the published vulnerabilities at the time of this advisory. Cisco recommends upgrading to a release equal to or later than the release in the following table.


Affected Release

Recommended Release

Extended Release

2.x Vulnerable; migrate to one of the recommended extended releases
 -
3.1 Vulnerable; migrate to one of the recommended extended releases
Yes
3.2 Vulnerable; migrate to one of the recommended extended releases
No
3.3 Vulnerable; migrate to one of the recommended extended releases
No
3.4 3.4.5S
Yes 
3.5 Vulnerable; migrate to one of the recommended extended releases
No
3.6 Vulnerable; migrate to one of the recommended extended releases
No
3.7 3.7.1S Yes
3.8 Not vulnerable;  No


Workarounds

No workarounds are available to mitigate these vulnerabilities.


Obtaining Fixed Software

Cisco has released free software updates that address the vulnerabilities described in this advisory. Prior to deploying software, customers are advised to consult their maintenance providers or check the software for feature set compatibility and known issues that are specific to their environments.

Customers may only install and expect support for feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html.

Customers with Service Contracts

Customers with contracts should obtain upgraded software through their regular update channels. For most customers, upgrades should be obtained through the Software Navigator on Cisco.com at http://www.cisco.com/cisco/software/navigator.html.

Customers using Third Party Support Organizations

Customers with Cisco products that are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers, should contact that organization for assistance with the appropriate course of action.

The effectiveness of any workaround or fix depends on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Because of the variety of affected products and releases, customers should consult their service providers or support organizations to ensure that any applied workaround or fix is the most appropriate in the intended network before it is deployed.

Customers without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC):

  • +1 800 553 2447 (toll free from within North America)
  • +1 408 526 7209 (toll call from anywhere in the world)
  • e-mail: tac@cisco.com

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Customers without service contracts should request free upgrades through the TAC.

Refer to Cisco Worldwide Contacts at http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, instructions, and e-mail addresses for support in various languages.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability was found during the troubleshooting of customer service requests.
Other vulnerabilities were found during internal testing.

Status of this Notice: Final

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.


Distribution

This advisory is posted on Cisco Security Intelligence Operations at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

Additionally, a text version of this advisory is clear signed with the Cisco PSIRT PGP key and circulated among the following e-mail addresses:

  • cust-security-announce@cisco.com
  • first-bulletins@lists.first.org
  • bugtraq@securityfocus.com
  • vulnwatch@vulnwatch.org
  • cisco@spot.colorado.edu
  • cisco-nsp@puck.nether.net
  • full-disclosure@lists.grok.org.uk

Future updates of this advisory, if any, will reside on Cisco.com but may not be announced on mailing lists. Users can monitor this advisory's URL for any updates.


Revision History

Revision 1.3 2013-April-17 Updated CVE assignment. MITRE reassigned CVE-2013-2779 to the MVPNv6 vulnerability.
Revision 1.2 2013-April-15 Updated software table for SIP vulnerability
Revision 1.1 2013-April-10 Added xconnect to L2TP traffic section of "Vulnerable Products."
Revision 1.0 2013-April-10 Initial public release

Cisco Security Procedures

Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html. This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at http://www.cisco.com/go/psirt.