Release Notes for Cisco IOS Release 12.2SXF and Rebuilds
Caveats in 12.2(18)SXF Rebuilds
Downloads: This chapterpdf (PDF - 2.05MB) The complete bookPDF (PDF - 8.72MB) | Feedback

Caveats

Table Of Contents

Caveats

Caveats in Release 12.2(18)SXF and Rebuilds

Open Caveats in Release 12.2(18)SXF and Rebuilds

Resolved Caveats in Release 12.2(18)SXF17b

Resolved Caveats in Release 12.2(18)SXF17a

Resolved Caveats in Release 12.2(18)SXF17

Resolved Caveats in Release 12.2(18)SXF16

Resolved Caveats in Release 12.2(18)SXF15a

Resolved Caveats in Release 12.2(18)SXF15

Resolved Caveats in Release 12.2(18)SXF14

Resolved Caveats in Release 12.2(18)SXF13

Resolved Caveats in Release 12.2(18)SXF12a

Resolved Caveats in Release 12.2(18)SXF12

Resolved Caveats in Release 12.2(18)SXF11

Resolved Caveats in Release 12.2(18)SXF10a

Resolved Caveats in Release 12.2(18)SXF10

Resolved Caveats in Release 12.2(18)SXF9

Resolved Caveats in Release 12.2(18)SXF8

Resolved Caveats in Release 12.2(18)SXF7

Resolved Caveats in Release 12.2(18)SXF6

Resolved Caveats in Release 12.2(18)SXF5

Resolved Caveats in Release 12.2(18)SXF4

Resolved Caveats in Release 12.2(18)SXF3

Resolved Caveats in Release 12.2(18)SXF2

Resolved Caveats in Release 12.2(18)SXF1


Caveats

Caveats in Release 12.2(18)SXF and Rebuilds

Caveats in Release 12.2(18)SXE and Rebuilds

Caveats in Release 12.2(18)SXD and Rebuilds

Caveats in Release 12.2(17d)SXB and Rebuilds

Caveats in Release 12.2(17b)SXA and Rebuilds

Caveats in Release 12.2(17a)SX and Rebuilds

Caveats in Release 12.2(14)SX and Rebuilds


NoteAll caveats in Release 12.2(18)S also apply to Release 12.2(18)SXD and later 12.2SX releases. See the "Caveats" section in the Cross-Platform Release Notes for Cisco IOS Release 12.2S publication:

http://www.cisco.com/en/US/docs/ios/12_2s/release/notes/122Srn.html

All caveats in Release 12.2(17d) also apply to Release 12.2(17d)SXB and rebuilds.

All caveats in Release 12.2(17b) also apply to Release 12.2(17b)SXA and rebuilds.

All caveats in Release 12.2(17a) also apply to Release 12.2(17a)SX and rebuilds.

For information about Release 12.2(17a), Release 12.2(17b), and Release 12.2(17d), refer to this publication:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_release_notes_list.html

All caveats in Release 12.2(14)S also apply to Release 12.2(14)SX and later 12.2SX releases. See the "Caveats" section in the Cross-Platform Release Notes for Cisco IOS Release 12.2S publication:

http://www.cisco.com/en/US/docs/ios/12_2s/release/notes/122Srn.html


Caveats in Release 12.2(18)SXF and Rebuilds

Open Caveats in Release 12.2(18)SXF and Rebuilds

Resolved Caveats in Release 12.2(18)SXF17b

Resolved Caveats in Release 12.2(18)SXF17a

Resolved Caveats in Release 12.2(18)SXF17

Resolved Caveats in Release 12.2(18)SXF16

Resolved Caveats in Release 12.2(18)SXF15a

Resolved Caveats in Release 12.2(18)SXF15

Resolved Caveats in Release 12.2(18)SXF14

Resolved Caveats in Release 12.2(18)SXF13

Resolved Caveats in Release 12.2(18)SXF12a

Resolved Caveats in Release 12.2(18)SXF12

Resolved Caveats in Release 12.2(18)SXF11

Resolved Caveats in Release 12.2(18)SXF10a

Resolved Caveats in Release 12.2(18)SXF10

Resolved Caveats in Release 12.2(18)SXF9

Resolved Caveats in Release 12.2(18)SXF8

Resolved Caveats in Release 12.2(18)SXF7

Resolved Caveats in Release 12.2(18)SXF6

Resolved Caveats in Release 12.2(18)SXF5

Resolved Caveats in Release 12.2(18)SXF4

Resolved Caveats in Release 12.2(18)SXF3

Resolved Caveats in Release 12.2(18)SXF2

Resolved Caveats in Release 12.2(18)SXF1

Resolved Caveats in Release 12.2(18)SXF


NoteThe caveat information for Release 12.2(18)SXF and rebuilds is updated frequently.

Release 12.2(18)SXF2 includes all fixes that are in Release 12.2(18)SXF1, Release 12.2(18)SXE4, Release 12.2(18)SXD7, and Release 12.2(17d)SXB11.

Release 12.2(18)SXF includes all fixes that are in Release 12.2(18)SXE3, Release 12.2(18)SXD6, and Release 12.2(17d)SXB10.

If you have a Cisco.com account that supports access to the Bug Toolkit, you can search for the most current Release 12.2SX caveat information at this URL:

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs


Open Caveats in Release 12.2(18)SXF and Rebuilds

Identifier
Technology
Description

CSCin96568

Infrastructure

FTS-7514-1: CISCO-PROCESS-MIB support for modular IOS

CSCsb92309

Infrastructure

reimplementation of cache_interface_state under CSCdw09607

CSCsf03710

Infrastructure

ION - Process and Mempool MIB - collapse of ion_mibs_all branch

CSCee25454

Unknown

SADB peering process leaks memory after overnight test


Resolved Caveats in Release 12.2(18)SXF17b

Resolved Infrastructure Caveats

CSCti25339—Resolved in 12.2(18)SXF17b

Symptoms: Cisco IOS device may experience a device reload.

Conditions: This issue occurs when the Cisco IOS device is configured for SNMP and receives certain SNMP packets from an authenticated user. Successful exploitation causes the affected device to reload. This vulnerability could be exploited repeatedly to cause an extended DoS condition.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2010-3050 has been assigned to document this issue.

Additional information on Cisco's security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Resolved LegacyProtocols Caveats

CSCtf74999—Resolved in 12.2(18)SXF17b

Summary A router configured for DLSw might crash when it receives a series of certain malformed packets. This issue requires a number of conditions and a narrow timing window.

Conditions: Cisco IOS devices configured for DLSw.

Workaround: The only workaround in the device is to disable DLSw if not needed.

Additional mitigations can be found in the following Applied Mitigation Bulletin: http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080326-dlsw

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.4/4.5:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2011-1625 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

CSCth69364—Resolved in 12.2(18)SXF17b

Cisco IOS Software contains a memory leak vulnerability in the Data-Link Switching (DLSw) feature that could result in a device reload when processing crafted IP Protocol 91 packets.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-dlsw.

Resolved WAN Caveats

CSCtd75033—Resolved in 12.2(18)SXF17b

Symptom: Cisco IOS Software is affected by NTP mode 7 denial-of-service vulnerability. Note: The fix for this vulnerability has a behavior change affect on Cisco IOS Operations for Mode 7 packets. See the section Further Description of this release note enclosure.

Conditions: Cisco IOS Software with support for Network Time Protocol (NTP) contains a vulnerability processing specific NTP Control Mode 7 packets. This results in increased CPU on the device and increased traffic on the network segments.

This is the same as the vulnerability which is described in http://www.kb.cert.org/vuls/id/568372

Cisco has release a public facing vulnerability alert at the following link: http://tools.cisco.com/security/center/viewAlert.x?alertId=19540

Cisco IOS Software that has support for NTPv4 is NOT affected. NTPv4 was introduced into Cisco IOS Software: 12.4(15)XZ, 12.4(20)MR, 12.4(20)T, 12.4(20)YA, 12.4(22)GC1, 12.4(22)MD, 12.4(22)YB, 12.4(22)YD, 12.4(22)YE and 15.0(1)M.

All other versions of Cisco IOS and Cisco IOS XE Software are affected.

To see if a device is configured with NTP, log into the device and issue the CLI command show running-config | include ntp. If the output returns either of the following commands listed then the device is vulnerable:

ntp master <any following commands> 
ntp peer <any following commands> 
ntp server <any following commands> 
ntp broadcast client ntp multicast client 
 
   

The following example identifies a Cisco device that is configured with NTP:

router#show running-config | include ntp ntp peer 192.168.0.12 
 
   

The following example identifies a Cisco device that is not configured with NTP:

router#show running-config | include ntp router# 
 
   

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L:

Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 
Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: 
http://www.cisco.com/techsupport Copyright ) 1986-2008 by cisco Systems, Inc. Compiled 
Mon 17-Mar-08 14:39 by dchih 
<output truncated> 
 
   

The following example shows a product that is running Cisco IOS Software release 12.4(20)T with an image name of C1841-ADVENTERPRISEK9-M:

Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), 
Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: 
http://www.cisco.com/techsupport Copyright ) 1986-2008 by Cisco Systems, Inc. Compiled 
Thu 10-Jul-08 20:25 by prod_rel_team 
<output truncated> 
 
   

Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS and NX-OS Software Reference Guide" at the following link: http://www.cisco.com/web/about/security/intelligence/ios-ref.html

Workaround: There are no workarounds other than disabling NTP on the device. The following mitigations have been identified for this vulnerability; only packets destined for any configured IP address on the device can exploit this vulnerability. Transit traffic will not exploit this vulnerability.


Note NTP peer authentication is not a workaround and is still a vulnerable configuration.


NTP Access Group

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat access control lists (ACLs) that permit communication to these ports from trusted IP addresses. Unicast Reverse Path Forwarding (Unicast RPF) should be considered to be used in conjunction to offer a better mitigation solution.

!--- Configure trusted peers for allowed access 
access-list 1 permit 171.70.173.55 
!--- Apply ACE to the NTP configuration 
ntp access-group peer 1 
 
   

For additional information on NTP access control groups, consult the document titled "Performing Basic System Management" at the following link:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_basic_sys_manage.html#wp1034942

Infrastructure Access Control Lists

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. Unicast RPF should be considered to be used in conjunction to offer a better mitigation solution.

Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the border of networks.

Infrastructure ACLs (iACLs) are a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for this specific vulnerability. The iACL example below should be included as part of the deployed infrastructure access-list, which will help protect all devices with IP addresses in the infrastructure IP address range:

!--- 
!--- Feature: Network Time Protocol (NTP)
!--- 
access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD 
INFRASTRUCTURE_ADDRESSES WILDCARD eq 123 
!--- Note: If the router is acting as a NTP broadcast client
!--- via the interface command "ntp broadcast client"
!--- then broadcast and directed broadcasts must be
!--- filtered as well. The following example covers
!--- an infrastructure address space of 192.168.0.X 
access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD host 192.168.0.255 eq 
ntp access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD host 
255.255.255.255 eq ntp 
!--- Note: If the router is acting as a NTP multicast client
!--- via the interface command "ntp multicast client"
!--- then multicast IP packets to the mutlicast group must
!--- be filtered as well. The following example covers
!--- a NTP multicast group of 239.0.0.1 (Default is
!--- 224.0.1.1) 
access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD host 239.0.0.1 eq ntp 
!--- Deny NTP traffic from all other sources destined
!--- to infrastructure addresses. 
access-list 150 deny udp any INFRASTRUCTURE_ADDRESSES WILDCARD eq 123 
!--- Permit/deny all other Layer 3 and Layer 4 traffic in
!--- accordance with existing security policies and
!--- configurations. Permit all other traffic to transit the
!--- device. 
access-list 150 permit ip any any 
!--- Apply access-list to all interfaces (only one example
!--- shown) 
interface fastEthernet 2/0 ip access-group 150 in 
 
   

The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists and is available at the following link

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml

Control Plane Policing

Provided under Control Plane Policing there are two examples. The first aims at preventing the injection of malicious traffic from untrusted sources, whilst the second looks at rate limiting NTP traffic to the box.

Filtering untrusted sources to the device.

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. Unicast RPF should be considered to be used in conjunction to offer a better mitigation solution.

Control Plane Policing (CoPP) can be used to block untrusted UDP traffic to the device. Cisco IOS software releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP can be configured on a device to help protect the management and control planes and minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic that is sent to infrastructure devices in accordance with existing security policies and configurations. The CoPP example below should be included as part of the deployed CoPP, which will help protect all devices with IP addresses in the infrastructure IP address range.

!--- Feature: Network Time Protocol (NTP) 
access-list 150 deny udp TRUSTED_SOURCE_ADDRESSES WILDCARD any eq 123 
!--- Deny NTP traffic from all other sources destined
!--- to the device control plane. 
access-list 150 permit udp any any eq 123 
!--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and
!--- Layer4 traffic in accordance with existing security policies
!--- and configurations for traffic that is authorized to be sent
!--- to infrastructure devices
!--- Create a Class-Map for traffic to be policed by
!--- the CoPP feature 
class-map match-all drop-udp-class match access-group 150 
!--- Create a Policy-Map that will be applied to the 
!--- Control-Plane of the device. 
policy-map drop-udp-traffic class drop-udp-class drop 
!--- Apply the Policy-Map to the
!--- Control-Plane of the device 
control-plane service-policy input drop-udp-traffic 
 
   

In the above CoPP example, the access control list entries (ACEs) that match the potential exploit packets with the "permit" action result in these packets being discarded by the policy-map "drop" function, while packets that match the "deny" action (not shown) are not affected by the policy-map drop function.

Rate Limiting the traffic to the device The CoPP example below could be included as part of the deployed CoPP, which will help protect targeted devices from processing large amounts of NTP traffic.

Warning: If the rate-limits are exceeded valid NTP traffic may also be dropped.

!--- Feature: Network Time Protocol (NTP) 
access-list 150 permit udp any any eq 123 
!--- Create a Class-Map for traffic to be policed by
!--- the CoPP feature 
class-map match-all rate-udp-class match access-group 150 
!--- Create a Policy-Map that will be applied to the
!--- Control-Plane of the device.
!--- NOTE: See section "4. Tuning the CoPP Policy" of
!--- for more information on choosing the most
!--- appropriate traffic rates 
policy-map rate-udp-traffic class rate-udp-class police 10000 1500 1500 
conform-action transmit exceed-action drop violate-action drop 
!--- Apply the Policy-Map to the
!--- Control-Plane of the device 
control-plane service-policy input drop-udp-traffic 
 
   

Additional information on the configuration and use of the CoPP feature can be found in: http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html

Further Description

Cisco IOS Software releases that have the fix for this Cisco bug ID, have a behavior change for mode 7 private mode packets.

Cisco IOS Software release with the fix for this Cisco bug ID, will not process NTP mode 7 packets, and will display a message "NTP: Receive: dropping message: Received NTP private mode packet. 7" if debugs for NTP are enabled.

To have Cisco IOS Software process mode 7 packets, the CLI command ntp allow mode private should be configured. This is disabled by default.

Other Resolved Caveats in Resolved in 12.2(18)SXF17b

Identifier
Technology
Description

CSCsv82285

Unknown

Cat6k: UDP port 10000 is opened by default

CSCtd09117

Unknown

CSM config sync timing out


Resolved Caveats in Release 12.2(18)SXF17a

Resolved Multicast Caveats

CSCtc68037—Resolved in 12.2(18)SXF17a

Symptom: A Cisco IOS device may experience an unexpected reload as a result of mtrace packet processing.

Conditions:

Workaround: None other than avoiding the use of mtrace functionality.

Other Resolved Caveats in Resolved in 12.2(18)SXF17a

Identifier
Technology
Description

CSCei16552

Infrastructure

cannot remove snmp-server engineID from running-config

CSCsc33389

Infrastructure

When snmp-server host is deleted, the trap is not sent to other hosts

CSCsx32841

Infrastructure

ceImageDescription may exceed 255 characters

CSCsz72591

IPServices

Router configured as a DHCP client crashes with crafted DHCP packet.

CSCtc26840

IPServices

HSRP-CISCO-MIB snmpwalk results in "OID not incrementing" error

CSCsd91182

Security

crypto pki export pkcs12 hangs when used with SCP

CSCsx42304

Security

Traceback during SCP copy

CSCsc92676

Unknown

Rainier:Traffic captured even after vacl config is removed

CSCsu31088

Unknown

Not able to execute any commands under intf after running SPA FPGA bert


Resolved Caveats in Release 12.2(18)SXF17

Resolved Security Caveats

CSCsh97579—Resolved in 12.2(18)SXF17

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20090923-tunnels.html.

CSCsx70889—Resolved in 12.2(18)SXF17

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20090923-tunnels.html

CSCsq31776—Resolved in 12.2(18)SXF17

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20090923-tunnels.html

Resolved Unknown Caveats

CSCsy15227—Resolved in 12.2(18)SXF17

Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage.

There are no workarounds that mitigate this vulnerability.

This advisory is posted at the following link: http://www.cisco.com/en/US/products/csa/cisco-sa-20090923-auth-proxy.html

Other Resolved Caveats in Release 12.2(18)SXF17

Identifier
Technology
Description

CSCin79116

Infrastructure

show memory summary could push the CPU util to 100%

CSCsa91716

Infrastructure

Command sh archive config diff hangs with a remote file in argument

CSCse09553

Infrastructure

no snmp-server sparse-table: ds1 physical layer has none 0 for HC

CSCsj06593

Infrastructure

CPU hog msgs for RFSS worker process and Async write process

CSCsk41686

Infrastructure

PARSER-3-CFGLOG_NOMEM: constanlty in log

CSCsr17897

Infrastructure

SXF : increase the buffer size for config generation

CSCsr60789

Infrastructure

W1.3: VSL crash after preemptive switchover in ifs_open_file_decrement

CSCsx05021

Infrastructure

Router crashes when filesystem becomes full

CSCta43093

Infrastructure

Add a check similar to CSCek58956

CSCef09586

IPServices

CMs stuck in init(d) if DHCP ser. ip addr. overlaps with diff VRF

CSCsa41736

IPServices

Router crash after enable NAT rate-limit feature

CSCsg00102

IPServices

SSLVPN service stops accepting any new SSLVPN connections

CSCsh49973

IPServices

NAT-ALG corrupts offset value of DNS PTR response

CSCsk23972

IPServices

Telnet failed with "No wild listener" error

CSCso42170

IPServices

CPUHOG & Traceback messages seen for IP NAT Ager process.

CSCsx33622

IPServices

Fix MSS calcuation issue in TCP

CSCsy88271

IPServices

6500 - SXF - Nat add-route does not work

CSCsz56393

IPServices

Modular IOS - SUP720 - Sends malformed syslog packet

CSCsz63733

IPServices

Traceback seen with FM Nat configuration

CSCsz89107

IPServices

high cpu due to ip_input process during SNMP trap

CSCta24043

IPServices

"%IPNAT-4-ADDR_ALLOC_FAIL" message seen when all ports are not allocated

CSCtb12332

IPServices

NAT: switch crashes at ipnat_find_map_entry with cat6k SXF16 image

CSCsw85254

MPLS

Bus error and crash at p_enqueue when modifying main:text

CSCsz19255

MPLS

LFIB: Tag rewrites are missing on LC for one of load sharable paths

CSCsz30515

MPLS

SUP720 crash due to tsptun_frr_process process hang

CSCsx15396

Multicast

Mcast IIF stays up while physical interface is down

CSCsx34506

Multicast

RPF failure with no PIM neighbor triggers PIM Hello

CSCsw43022

platform-76xx

HSRP Virtual IP Unreachable for some users

CSCsy38911

platform-76xx

MPLS TE Forwarding broken when enable LDP on TE tunnel

CSCta26106

QoS

RSVP-3-CONSISTENCY error followed by an unexpected reboot.

CSCsh15066

Routing

VRF has 2 ospf process, when one process is removed the router crashed

CSCsh23176

Routing

Router crashes @ rip_timer_process .

CSCsm57494

Routing

BGP update is not sent after reloading opposite router

CSCso07476

Routing

One way audio when RTP header compression is turned on

CSCsq49201

Routing

Password in BGP peer-session template not inherited

CSCsr11662

Routing

EIGRP active routes never go to SIA, queries not sent

CSCsr27794

Routing

BGP updates stuck during peer flap

CSCsr90248

Routing

"aggregate-address advertise-map" not updated dynamically

CSCsx06457

Routing

BGP may modify routes it does not own

CSCsx51299

Routing

Crash when remove and configure ipv6 ACL via telnet and console

CSCsx51596

Routing

TCAM ACL entry not correct after removing IP accounting

CSCsy58115

Routing

Continuous BGP mem increase with non established neighbors

CSCsy84134

Routing

ARP table is flushed when deleting secondary IP address

CSCuk55357

Routing

ALIGN-3-TRACE at ip_broadcast

CSCsb80803

Security

SSH Process: SCHED-3-UNEXPECTEDEVENT error message

CSCsg56609

Security

Crash on talk /tmp/tbdaemon-99/../os/connect.c:1105 seen at bootup

CSCsy17893

Security

Ping to itself doesn't work on IPIP tunnels

CSCsz84055

Security

System crashed unexpected while open ssh2 session

CSCek68108

Unknown

Router crashed at ace_policyloader_util.c after remove crypto map .

CSCek74844

Unknown

sysObjectID is wrong for 7603-S and 7609-S

CSCek77996

Unknown

High CPU caused by data traffic with crypto map in crypto connect mode

CSCsb25490

Unknown

Data is not being hardware switched after OIR/SSO on WS-X6148X2-RJ45

CSCsb88996

Unknown

slb traceback spurious memory access after slb statefull switchover

CSCsb96452

Unknown

IGMPV3 TO_INC{} leave mac entry table do not expire

CSCsc85962

Unknown

Replaying Main Mode packet causing IKE SA deletion

CSCsd45698

Unknown

Cat6K: SLB punted to CPU if src_index is port-channel index

CSCsf05390

Unknown

CPU HOG @ hwidb_iftype_unlist followed by router crash.

CSCsf10203

Unknown

MLD gces not freed even after MLD leaves and L3 traffic stopped

CSCsf27621

Unknown

False Command-Active condition blocking execute-on on MWAM processor

CSCsg32319

Unknown

Probe connections not cleaned up when access/vrf is configured .

CSCsg37484

Unknown

Bus Error in crypto_map

CSCsi54373

Unknown

OSM maps EXP into dBus-CoS during SVI based EoMPLS disposition

CSCsj26698

Unknown

Acct-Session-Id in Accounting-Request is different from in Access-Reques

CSCsk38024

Unknown

VS2: EtherChannel state on standby is incorrect due to out of order FEC

CSCsk87604

Unknown

Device crashes on configuring LPIP with multiple hosts.

CSCsl69123

Unknown

SIP-400:QoS:Police drops MPLSCP, CDPCP negotiation packets - SRA,SRB

CSCso35659

Unknown

L3 traffic rate limited after adding and removing Xcon to a SVI

CSCso75862

Unknown

Negative counter values for input queue on layer 3 interfaces

CSCso93350

Unknown

Boot string fails to set in rommon but no error message

CSCsq69567

Unknown

SSO Switchover + unicast-routing chg cause MC traffic loss for 2 minutes

CSCsr06037

Unknown

the monitor session source is removed by deleting sub-interface

CSCsr12976

Unknown

High CPU in ION ios-base process

CSCsr39272

Unknown

%DATACORRUPTION-1 due to spa sensor temp overruning buffer

CSCsr97097

Unknown

VS: RP IPC-5-WATERMARK msgs due to CARD_RESET, after SSO

CSCsr99518

Unknown

Granikos should not init rekey after recieving new outbound SA at QM3

CSCsu29301

Unknown

C2W21: Ingress SPAN on Sup - ACE module duplicates packets

CSCsu76360

Unknown

Memory Leak in IPSec Key Engine with HA on Sup720 RP

CSCsw17070

Unknown

18SXF: SSO switchover cause portchannel configuation lost in sup uplink

CSCsw21852

Unknown

CSM: memory leak in process "Laminar Icc Event"

CSCsw28582

Unknown

IPSec Tunnels go down after a "show run"

CSCsw43377

Unknown

add user warning for empty classes in OSM qos policy SXF7 and later

CSCsw52819

Unknown

Kernel dumper needs a few enhancements.

CSCsw53362

Unknown

c2w2b: Device crashes with NAT stress test

CSCsw68514

Unknown

SLB probes iin TESTing state while using client cmd in Vserver config

CSCsw87563

Unknown

packets with multicast mac and unicast ip are software routed by cat6500

CSCsw92171

Unknown

multiple "power-input" for new 6kW DC PS do not exist on Standby

CSCsx16206

Unknown

Traffic loss issue from SFM capable modules to other device through DEC

CSCsx21886

Unknown

ISSU switchover command sync issue

CSCsx23929

Unknown

MLPP link are not able pass traffic after SSO even when UP/UP stat on os

CSCsx39263

Unknown

TCAM entries are not installed for TCP intercept after SSO

CSCsx49889

Unknown

SPA-IPSEC-2G-3-ACEI0TCAMFAILE:SpdSpInstall:cannot install Sp TmInsertSp

CSCsx51231

Unknown

Service-policy removed from the interface, but FIE still has NBAR active

CSCsx58248

Unknown

Disable Crypto ACL in SXF

CSCsx67510

Unknown

Memory leak on SP when add/deleting channel groups on PA-MC-2T3+

CSCsx76308

Unknown

HA client crashing attempting to free unassigned memory

CSCsy06804

Unknown

DSCP not preserved during SVI based Eompls Disposition

CSCsy08838

Unknown

Zamboni allows clear packet inbound on protected interface

CSCsy24691

Unknown

entPhysicalTable has power-input 3 Sensor for 6kW DC PS1 and not PS2

CSCsy34566

Unknown

Disable VLAN mapping on ME6524, 6148A-GE-TX

CSCsy54365

Unknown

frequent datapath recovery and traffic loss on WS-X6704 with DFC

CSCsy74418

Unknown

Ping fail with bridging on interface - 6500 w/SUP2 and 6816

CSCsy78994

Unknown

Memory leak in Service Task

CSCsy82121

Unknown

IGMP Source only not working due to MC_CAP not set

CSCsy83830

Unknown

IOS-RLB crashes while deleting the username sticky

CSCsy85171

Unknown

CDL2 Read Error: Time out

CSCsy94866

Unknown

C2W2B: CSM Config sync causes memory leak

CSCsz01976

Unknown

Need a cli to dump the rommon environment and unset rommon variable

CSCsz14742

Unknown

EZVPN config not downloaded on the SPA/VPNSM

CSCsz20625

Unknown

Error message seen if SIP Is OIR'd during Standby SUP bootup

CSCsz42143

Unknown

WS-X6148A-GE-TX module fails keepalives when excessive errors on port.

CSCsz43438

Unknown

Encapsulation change on T1/E1 removes QoS Service Policy

CSCsz55834

Unknown

GLBP may provided BIA MAC instead of Virtual MAC for mobile users

CSCsz55950

Unknown

EoMPLS:DFC LTL programming is not correct for SRP as Core

CSCsz62046

Unknown

Crash at memcpy after CPUHOG in SNMP ENGINE

CSCsz67334

Unknown

ciscoEnvMonTemperatureStatus trap sent sporadically as NotFunctioning

CSCsz76015

Unknown

C2W2: Need cli to set PF_BIAS to ensure lower slot# Sup boots as active

CSCsz84544

Unknown

output drops increment on not-connected interface of 6548GE-TX module

CSCsz87648

Unknown

SP/RP and redundant system handshake broken when the kernel crashes.

CSCsz92508

Unknown

SPA module reloads when no response to keep-alive polling

CSCta12382

Unknown

Udld port config does not sync to standby in rpr-plus mode

CSCta12543

Unknown

Linecard takes MAC address from the linecard.

CSCta21771

Unknown

%CONST_DIAG-SP-3-HM_FCI_0_STUCK: Flow control stuck at 0 error on modul

CSCta26529

Unknown

Standby Reset set entPhysicalAssetID on PS1

CSCta27279

Unknown

WCCP s/w switching with Ingress redirection & interface ACL

CSCta32802

Unknown

Umbrella ddts for porting SR HA fixes+ 2T3E3 SPA fixes into SXF

CSCta42989

Unknown

"%CSM parser state" configuring CLI when configuring via XML also

CSCta47653

Unknown

Cat6k: SXF: Console hangs on reapplying running config with ACL

CSCta48521

Unknown

%DATACORRUPTION-1-DATAINCONSISTENCY: copy error

CSCta48968

Unknown

Modular IOS kernel crashinfo has missing information

CSCta52689

Unknown

cat6k crash in RP due to address error with wccp configuration

CSCta53157

Unknown

SPA-4XT3/E3 int in SIP-200 admin-down on standby after fpd upgrade

CSCta55498

Unknown

[Modular IOS] MIPS CP0 registers save algorthim needs a few improvements

CSCta62394

Unknown

RP crashes @crypto_ipsec_profile_map_val on removing vlan with HA config

CSCta71873

Unknown

Mcast traffic stops flowing across fabric to required fpoes

CSCta72199

Unknown

"aggregate-address advertise-map" not updated dynamically with ION image

CSCta76808

Unknown

add CLI command for medium buffer pool

CSCtb02774

Unknown

PI_E scanner needs to check high LTL index(0x740-0x77f) for PO interface

CSCtb23289

Unknown

Major temperature alarm has to force system shutdown

CSCtb23840

Unknown

%SYS-3-CPUHOG in Time Range Process with QoS Time based ACL

CSCtb28032

Unknown

Changing module corrupts Flex Link

CSCtb38547

Unknown

Incorrect CP0 values and empty kernel variable section in kernel crashin

CSCtb68478

Unknown

"Illegal nextSsIndex value" message should be removed

CSCsi56413

WAN

PA-POS-OC3SMI interface output stuck .


Resolved Caveats in Release 12.2(18)SXF16

Resolved AAA Caveats

CSCsv73509—Resolved in 12.2(18)SXF16

Symptoms: When "no aaa new-model" is configured, authentication happens through the local even when tacacs is configured. This happens for the exec users under vty configuration.

Conditions: Configure "no aaa new-model", configure login local under line vty 0 4 and configure login tacacs under line vty 0 4.

Workaround: There is no workaround.

Resolved Infrastructure Caveats

CSCse85652—Resolved in 12.2(18)SXF16

Symptom: The Cisco IOS HTTP server and the Cisco IOS HTTPS server provide web server functionality to be used by other Cisco IOS features that require it to function. For example, embedded device managers available for some Cisco IOS devices need the Cisco IOS HTTP server or the Cisco IOS HTTPS server to be enabled as a prerequisite.

One of the functionalities provided by the Cisco IOS HTTP server and the Cisco  IOS HTTPS server is the WEB_EXEC module, which is the HTTP-based IOS EXEC Server. The WEB_EXEC module allows for both "show" and "configure" commands to be executed on the device through requests sent over the HTTP protocol.

Both the Cisco IOS HTTP server and the Cisco IOS HTTPS server use the locally configured enable password (configured by using the enable password or enable secret commands) as the default authentication mechanism for any request received. Other mechanisms can also be configured to authenticate requests to the HTTP or HTTPS interface. Some of those mechanisms are the local user database, an external RADIUS server or an external TACACS+ server.

If an enable password is not present in the device configuration, and no other mechanism has been configured to authenticate requests to the HTTP interface, the Cisco IOS HTTP server and the Cisco IOS HTTPS server may execute any command received without requiring authentication. Any commands up to and including commands that require privilege level 15 might then be executed on the device. Privilege level 15 is the highest privilege level on Cisco IOS devices.

Conditions: For a Cisco IOS device to be affected by this issue all of the following conditions must be met:

An enable password is not present in the device configuration

Either the Cisco IOS HTTP server or the Cisco IOS HTTPS server is enabled

No other authentication mechanism has been configured for access to the Cisco IOS HTTP server or Cisco IOS HTTPS server. Such mechanisms might include the local user database, RADIUS (Remote Authentication Dial In User Service), or TACACS+ (Terminal Access Controller Access-Control System)

The Cisco IOS HTTP server is enabled by default on some Cisco IOS releases.

Workaround: Any of the following workarounds can be implemented:

Enabling authentication of requests to the Cisco IOS HTTP Server or the Cisco IOS HTTPS server by configuring an enable password

Customers requiring the functionality provided by the Cisco IOS HTTP server or the Cisco IOS HTTPS server must configure an authentication mechanism for any requests received. One option is to use the enable password or enable secret commands to configure an enable password. The enable password is the default authentication mechanism used by both the Cisco IOS HTTP server and the Cisco IOS HTTPS server if no other method has been configured.

In order to configure an enable password by using the enable secret command, add the following line to the device configuration:

enable secret mypassword  

Replace mypassword with a strong password of your choosing. For guidance on selecting strong passwords, please refer to your site security policy. The document entitled "Cisco IOS Password Encryption Facts" explains the differences between using the enable secret and the enable password commands to configure an enable password. This document is available at the following link: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00809d38a7.shtml

Enabling authentication of requests to the Cisco IOS HTTP Server or the Cisco IOS HTTPS server by configuring an authentication mechanism other than the default

Configure an authentication mechanism for access to the Cisco IOS HTTP server or the Cisco IOS HTTPS server other than the default. Such authentication mechanism can be the local user database, an external RADIUS server, an external TACACS+ server or a previously defined AAA (Authentication, Authorization and Accounting) method. As the procedure to enable an authentication mechanism for the Cisco IOS HTTP server and the Cisco IOS HTTPS server varies across Cisco IOS releases and considering other additional factors, no example will be provided. Customers looking for information about how to configure an authentication mechanism for the Cisco IOS HTTP server and for the Cisco IOS HTTPS server are encouraged to read the document entitled "AAA Control of the IOS HTTP Server", which is available at the following link: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008069bdc5.shtml

Disabling the Cisco IOS HTTP Server and/or the Cisco IOS HTTPS server functionality

Customers who do not require the functionality provided by the Cisco IOS HTTP server or the Cisco IOS HTTPS server can disable it by adding the following commands to the device configuration:

no ip http server no ip http secure-server  

The second command might return an error message if the Cisco IOS version installed and running on the device does not support the HTTPS server feature. This error message is harmless and can safely be ignored.

Please be aware that disabling the Cisco IOS HTTP server or the Cisco IOS HTTPS server may impact other features that rely on it. As an example, disabling the Cisco IOS HTTP server or the Cisco IOS HTTPS server will disable access to any embedded device manager installed on the device.

Further Problem Description: In addition to the explicit workarounds detailed above it is highly recommended that customers limit access to Cisco IOS HTTP server and the Cisco IOS HTTPS server to only trusted management hosts. Information on how to restrict access to the Cisco IOS HTTP server and the Cisco IOS HTTPS server based on IP addresses is available at the following link:

http://www.cisco.com/en/US/docs/ios-xml/ios/https/configuration/12-4/nm-http-web.html#GUID-BB57C0D5-71DB-47C5-9C11-8146773D1127

Customers are also advised to review the "Management Plane" section of the document entitled "Cisco Guide to Harden Cisco IOS Devices" for additional recommendations to secure management connections to Cisco IOS devices. This document is available at the following link: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

CSCsi13344—Resolved in 12.2(18)SXF16

Symptom: Three separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities and a cross-site request forgery (CSRF) vulnerability have been reported to Cisco by three independent researchers.

The Cisco Security Response is posted at the following link: http://www.cisco.com/en/US/products/csr/cisco-sr-20090114-http.html

Conditions: See "Additional Information" section in the posted response for further details.

Workarounds: See "Workaround" section in the posted response for further details.

CSCsr72301—Resolved in 12.2(18)SXF16

Symptom: Three separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities and a cross-site request forgery (CSRF) vulnerability have been reported to Cisco by three independent researchers.

The Cisco Security Response is posted at the following link: http://www.cisco.com/en/US/products/csr/cisco-sr-20090114-http.html

Conditions: See "Additional Information" section in the posted response for further details.

Workarounds: See "Workaround" section in the posted response for further details.

Resolved IPServices Caveats

CSCsk64158—Resolved in 12.2(18)SXF16

Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the workarounds section of the advisory.

This advisory is posted at the following link: http://www.cisco.com/en/US/products/csa/cisco-sa-20090325-udp.html

CSCsv04836—Resolved in 12.2(18)SXF16

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.

In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.

Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20090908-tcp24.html.

CSCsw18636—Resolved in 12.2(18)SXF16

Symptom: High CPU utilization after receives a ARP packet with protocol type as 0x1000.

Conditions: This problem occurs on SUP32 running 12.2(33)SXI. This problem does not occur on SUP720. The problem is only seen when you have bridge-group CLI being used which lead to arp pkts with protocol types as 0x1000 being bridged. The problem does not apply for IP ARP packets.

Workaround: Filter the ARP packet. The device Config should have bridge-group creation first; followed by interface specific bridge-group options.

Additional Information: This problem is now isolated to command ordering in the startup-config file. The bridge <> command is saved before the bridge-group <> command (which is run in the interface-config mode) is saved. The linking of IDB to bridge structure is not happening correctly and some check fails in the bridge code that lets the packet to be processed again and again instead of being dropped.

If the bridge-group <> command is removed in the startup-config and only applied after the bridge <> command is run, the problem will go away. Please use this workaround until a fix is put in.

CSCsr29468—Resolved in 12.2(18)SXF16

Cisco IOS Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload.

Cisco has released free software updates that address this vulnerability.

Several mitigation strategies are outlined in the workarounds section of this advisory.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20090325-tcp.html

CSCsm27071—Resolved in 12.2(18)SXF16

A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS Software are enabled. A sequence of specially crafted TCP/IP packets could cause any of the following results:

The configured feature may stop accepting new connections or sessions.

The memory of the device may be consumed.

The device may experience prolonged high CPU utilization.

The device may reload.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the "workarounds" section of the advisory.

The advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20090325-ip.html

Resolved LAN Caveats

CSCsv05934—Resolved in 12.2(18)SXF16

Summary: Cisco's VTP protocol implementation in some versions of Cisco IOS and CatOS may be vulnerable to a DoS attack via a specially crafted VTP packet sent from the local network segment when operating in either server or client VTP mode. When the device receives the specially crafted VTP packet, the switch may crash (and reload/hang). The crafted packet must be received on a switch interface configured to operate as a trunk port.

Workarounds: There are no workarounds available for this vulnerability.

This response is posted at http://www.cisco.com/en/US/products/csr/cisco-sr-20081105-vtp.html

Resolved Multicast Caveats

CSCso90058—Resolved in 12.2(18)SXF16

Symptom: MSFC crashes with RedZone memory corruption.

Conditions: This problem is seen when processing an Auto-RP packet and NAT is enabled.

Workaround: None known at this time.

Resolved Routing Caveats

CSCsx73770—Resolved in 12.2(18)SXF16

Symptom: A Cisco IOS device that receives a BGP update message and as a result of AS prepending needs to send an update downstream that would have over 255 AS hops will send an invalid formatted update. This update when received by a downstream BGP speaker triggers a NOTIFICATION back to the sender which results in the BGP session being reset.

Conditions: This problem is seen when a Cisco IOS device receives a BGP update and due to a combination of either inbound, outbound, or both AS prepending it needs to send an update downstream that has more than 255 AS hops.

Workaround: The workaround is to implement bgp maxas-limit X on the device that after prepending would need to send an update with over 255 AS hops. Since IOS limits the route-map prepending value to 10 the most that could be added is 21 AS hops (10 on ingress, 10 on egress, and 1 for normal eBGP AS hop addition). Therefore, a conservative value to configure would be 200 to prevent this condition.

Other Resolved Caveats in Resolved in 12.2(18)SXF16

Identifier
Technology
Description

CSCef97900

AAA

AAAA-3-DROPACCTLOWMEM warning message somewhat misleading

CSCin40015

AAA

telnet to NAS fails when user profile has access-profile

CSCsl29214

AAA

AAA server change leads to bus error crash after "show run" is issued

CSCso95210

AAA

AAA Client creates bad Message Authenticator attr for every first packet

CSCsx28646

ATM

Unable to configure atm pvp l2transport

CSCsx40747

Content

Router hangs while doing ip casa configurations

CSCsc86307

Infrastructure

c3845 crashed @ show_systat

CSCsm32392

Infrastructure

memory corruption crash at nv_ifs_open and nv_ifs_close

CSCso49598

Infrastructure

Stby reloads cont. when upto MAXINT logical int created thru int ran

CSCsq03621

Infrastructure

Timestamps in "show rmon events" wrap at 2^32-1 milliseconds (7+ weeks)

CSCsw35917

Infrastructure

SP syslog messages not sent as SNMP traps by RP's SNMP agent

CSCec72958

IPServices

Software forced crash when translating LDAP packet

CSCsk16821

IPServices

DHCP does not NAK after DHCPREQUEST from unknown client .

CSCso02053

IPServices

NAT does not add dynamic aliases after reload.

CSCso04657

IPServices

SSLVPN service stops accepting any new SSLVPN connections

CSCso54027

IPServices

Spurious memory access in ttcp_rcv_stats

CSCsq60504

IPServices

Modular IOS Sup720: crashed with tcp timeout logs

CSCsr08771

IPServices

Crash seen @ dhcpd_pool_nvgen and dhcpd_copy_bootfile

CSCsx32283

IPServices

Malformed L field in LDAP crashes 6k with NAT

CSCsh33167

LegacyProtocols

Dlsw transparent cache holds MAC address for disconnected circuit

CSCsk41552

Management

T/B %SCHED-3-THRASHING of cdp2.iosproc process_wait_for_event

CSCsb52253

MPLS

IPv4 iBGP multipath in MPLS network needs to be blocked or hardcoded

CSCsc78971

MPLS

LDP:Incorrect address withdraw after IP address removal on shutdown i/f

CSCse22900

MPLS

w/mis-config'd dup vrf CEF/BGP table MPLS label mismatch may occur

CSCsk99530

MPLS

LFIB untagged entries while LIB has valid lables in CSC MPLS VPN c12000

CSCsm70668

MPLS

OIR over E3:POS impacting complete Traffic with biscuit tunnel

CSCsu45425

MPLS

FIB/LFIB not updated correctly on GSR runing 12.0(33)S1 after route-flap

CSCsw19951

MPLS

SP & DFC crash when forwarding a packet with MPLS

CSCse03637

Multicast

PIM Dense Mode - Prune sent in error after assert is won .

CSCsj88725

Multicast

Wrong (S,G) RPF after route change, no upstream join

CSCsm77608

Multicast

IP Multicast packets are Process switched.

CSCsr09312

Multicast

crash when doing mrm stop

CSCsr49316

Multicast

Crash ipv6_static_route_find after configured & executed show ipv6 rpf x

CSCsv99150

platform-76xx

status led of ge-wan module not showing proper status

CSCsg25664

PPP

dLIFoMLPPPoATM PA: Corrupted PC crash PR

CSCsr81271

PPP

Invalid VCD error messages upon PVC flap

CSCek63384

QoS

Service-Policy is Lost When the Multilink Interface is Reset .

CSCsv85791

QoS

Flexwan+/PA-MC-2T3+ introduce 5+ seconds delay on egress

CSCee30355

Routing

Memory leak at ip_multicast_ctl

CSCeg49075

Routing

MSFC2 remark lines in ACLs duplicated in the NDR MSFC

CSCei86031

Routing

changing match command on fly does not filter route correctly .

CSCej49366

Routing

Removing default-metric under EIGRP deletes routes erroneously

CSCek75079

Routing

Problem in type7 to type5 translation if summary-addr configured

CSCsa72878

Routing

ISIS: clns route from end-system not in database

CSCsb15164

Routing

Security holes while configuring a standard ACE with host address

CSCsc01880

Routing

%FIB-4-FIBCBLK: Missing cef table for tableid 770 during routing table e

CSCse53019

Routing

redistribution not triggered when BGP as-path/community changes

CSCse68877

Routing

CEF/BGP table MPLS label mismatch YW3 Non Multi-path

CSCsg46366

Routing

OSPF NSSA LSA forwarding address set even when P bit wil be clear.

CSCsg68717

Routing

A weird behavior in maxpath configuration in ebgp+ibgp case

CSCsi01324

Routing

Modifying acl concerned with distribute-list withdraw summary route

CSCsi03434

Routing

Memory leak @ ospf_redist_work_enqueue

CSCsj09838

Routing

RR some prefix might not be sent after bgp neighbor flaps .

CSCsj13911

Routing

Cat3750:EIGRP does not receive reply for query between some Vlan

CSCsk35688

Routing

Aggregate routes not processed if child routes are deleted pre-maturely

CSCsk72259

Routing

Auto-repair not updating inconsistent cef entries

CSCsl32318

Routing

OSPF: new fix for CSCsk36324 SPF loop

CSCsl84712

Routing

Error- %OSPF-4-FLOOD_WAR: Process 123 re-originates LSA ID 10.55.122.148

CSCsm50741

Routing

Removal of DCbitless LSA causes problems

CSCsm95129

Routing

"no ip next-hop-self eigrp" not working when redistribute from BGP

CSCsm96901

Routing

Unable to ping between vrfs through transparent bridge

CSCso08786

Routing

Standby reloads due to config sync failure on inherit peer-policy cmd.

CSCso54167

Routing

BGP peer stuck with table version 0

CSCsr67361

Routing

I/O memory leaks when BGP neighbor points to a local address

CSCsr88362

Routing

eigrp routes aren't updated after SSO switchover

CSCsu24087

Routing

Cisco7609 crashes after "clear ip bgp neighbor x.x.x.x soft in"

CSCsu36709

Routing

Unable to boot IOS image on PE (vrf-enabled) router - software fault

CSCsv01474

Routing

'ip rip advertise' command lost after interface flap/clear ip route

CSCsv27607

Routing

BGP: Outbound route-map updating withdraw only one member

CSCsw28893

Routing

Cost no longer showing with each eigrp route after IOS upgrade

CSCsw65441

Routing

ARP packets drops due to excessive ARP requests sourced from SVI

CSCsx15841

Routing

aggregate-address does not NVGEN upon switchover on cat6k

CSCsc91824

Security

SSH from router disconnects vty session if there is no matching cipher

CSCsd81870

Security

Teraterm + TTSSH2 does not work in SSH Ver.2

CSCeh00399

Unknown

RRI: refcount not inc on rekey in certain circ lead to route removal

CSCei29284

Unknown

Rockies3 SUP32 SNMP:Traceback msg when execute private vlan script

CSCek28863

Unknown

Need to change default SCP keepalive timeout on IOS to CSM module

CSCsc73409

Unknown

IGMPv3 report suppression doesnt send out group records correctly

CSCsc98850

Unknown

ZAMBONI:Could not send pmtu information vlan 65535 pmtu 0 Error

CSCsd04937

Unknown

Crash in chunk_free called from mfib_const_rp_free after (*,G) HW enable

CSCse12518

Unknown

MET optimized update can cause blackholing and duplicates

CSCsg14926

Unknown

Standby can not boot because of insufficient memory with 32K interfaces

CSCsg53526

Unknown

Some packets to vip are denied by inbound acl after server nat

CSCsh22225

Unknown

CWAN_HA-STDBY-4-IFCFG_PLAYBACK_ERROR:

CSCsh98849

Unknown

SIERRA: Active and stby SP and active RP crashed@rf_proxy_fatal_error

CSCsi14145

Unknown

runt counter not implemented correctly

CSCsi66012

Unknown

2 garbage values in show module csm x ft details

CSCsi88920

Unknown

MLD rcvr in SVI stops receiving v6 mcast trffc if another rcvr leaves

CSCsk23521

Unknown

EARL-SPSTBY-2-SWITCH_BUS_IDLE is seen with SW switched traffic

CSCsl02190

Unknown

ICMPv6 to all node multicast address fail .

CSCsm31178

Unknown

policy-map stops working on a good int if wrongly applied on another int

CSCsm43962

Unknown

Cat6k L2TP packet looped through blocked port

CSCsm66023

Unknown

IPv6 VTI RP crashed ace_reverse_map when changing tnlsrc from v4 to v6

CSCsm75286

Unknown

bgp route-map doesn't work correctly when deleted part of sequences

CSCsm76792

Unknown

PM HA bulk sync posting RF_DONE before bulk sync has finished

CSCsm85936

Unknown

UUT cpu at 40% with bi-dir traffic across a single tunnel

CSCsm93648

Unknown

C2W2:080226 Rtr crashed when moving tunnels from VTI to GRE/TP

CSCso11822

Unknown

LACP PC switchport, on OIR, "channel group 112 active" config gets lost

CSCso29141

Unknown

DFC installs drop index for MAC-address

CSCso88042

Unknown

Wism module Allowed-Vlan statements lost on reload

CSCso88772

Unknown

sp-inband tx capture causes primary SUP to hang

CSCsq22383

Unknown

SP crash due to CPU hog by online diags

CSCsq42885

Unknown

Line card crashes with %IPC-2-ONINT error on OSM

CSCsq51378

Unknown

ATM PA Interface shows up/up after force redundancy, no cables connected

CSCsq56941

Unknown

6500 - Static MAC cleared from port-channel member ints after reload

CSCsq73122

Unknown

Proxy-ARP returns BIA instead of VMAC with LAM

CSCsq75704

Unknown

FW2 FE PA Interface stays up/down with no conn and goes up/up after sso

CSCsq80145

Unknown

VACL does not work against self initiated packet

CSCsq83789

Unknown

LTL for unknow unicast is wrongly programmed for some L3 interfaces

CSCsq84116

Unknown

Cisco 7604 with OC3, Flexwan crashes into ROMMON

CSCsq90844

Unknown

bridge-group config make packets be routed

CSCsq94136

Unknown

Burst of traffic cause anti-replay check to fail

CSCsr29559

Unknown

WCCP flap corrupts mcast CEF adjacency

CSCsr37131

Unknown

buginf calls in l2trace when 'debug l2trace' is disabled

CSCsr45495

Unknown

PBR with deny statements : TCAM running out of masks

CSCsr51799

Unknown

pa-mc-8t1 interface down after stopping BERT prematurely

CSCsr69929

Unknown

ACL based uRPF check is causing acl permit packets to be dropped

CSCsr88625

Unknown

Seeing ME_AR#0 WARNING: Cannot FLUSH Dic#0 when WS-X6708-10GE boots

CSCsr88845

Unknown

unicast BootP replies dropped by DHCP snooping

CSCsu05800

Unknown

C2W2: need to extend the wait time for bus sync after sso

CSCsu07931

Unknown

cbQosPoliceConformedByte64 counter displays aggregate instead conformed

CSCsu18231

Unknown

IKE process fails to start phase1 if in up-no-ike and DPD triggered

CSCsu33707

Unknown

Multicast traffic will not stop after PIM prune

CSCsu37481

Unknown

Netflow Incorrect Octet value with packet-based sampling

CSCsu37899

Unknown

SXF15: autostate configuration missing after SSO

CSCsu45210

Unknown

Upgrade 12.2SXF-> 12.2SXH with Port-Security causes standby boot loop

CSCsu46982

Unknown

I/O rate counter inaccurate when applying serv policy and MPLS traffic

CSCsu49002

Unknown

ciscoIpMRouteBps sometimes indicates wrongful value

CSCsu49257

Unknown

Cstn-id timer should be restarted when access-request is seen

CSCsu57958

Unknown

DHCP-Snooping not intercepting DHCP messages from the Server

CSCsu68698

Unknown

No syslogs and stack on console when SP crashes due RP boot timeout

CSCsu86524

Unknown

IKMP process leak: check_ipsec_proposal

CSCsu91725

Unknown

Bus crash problem due to cipSecGlobalStats MIB query

CSCsu99270

Unknown

CPUHOG observed when configuring more vlan interfaces

CSCsv07858

Unknown

IfIndex for unconfigured VLAN on 7613

CSCsv10229

Unknown

Failed to assert Physical Port Administrative State Down alarm

CSCsv17989

Unknown

interface in SIP200 show "admin down" when it is physical down

CSCsv18579

Unknown

'recognized & transferred a satvcl packet' observed on 6708 / module 1

CSCsv63144

Unknown

Controller remains DOWN after switchover

CSCsv64079

Unknown

SXF7: Patching fails with WiSM Card on Cat6500

CSCsv66827

Unknown

Clearing the SSH session from a different vty session crashes the box.

CSCsv85551

Unknown

SP crash due to consume all scp triggered by OIR loop when PS go off

CSCsw35155

Unknown

reduce move count for SAs in SXF

CSCsw38075

Unknown

%SYS-2-GETBUF: Bad getbuffer error messages after IOS upgrade

CSCsw43953

Unknown

Error message seen if SIP Is OIR'd during Standby SUP bootup

CSCsw65477

Unknown

MLD snooping broken in SXF16 engg (pre-release) images

CSCsw68032

Unknown

Serial links UP/DOWN after SSO on OSM Module

CSCsw69911

Unknown

SIP-400 POS WRED queues tail dropping without random drops

CSCsw75293

Unknown

18SXF: RP Mapping not seen in last hop router in Sup2 image

CSCsw82431

Unknown

18SXF16:Device crashes while unconfiguring PBR configs.

CSCsw96891

Unknown

CPUHOG observerd after issuing exec commands

CSCei77073

WAN

NTP client need to reset auto learnt source IP address


Resolved Caveats in Release 12.2(18)SXF15a

Identifier
Technology
Description

CSCsu45425

MPLS

FIB/LFIB not updated correctly on GSR runing 12.0(33)S1 after route-flap


Resolved Caveats in Release 12.2(18)SXF15

Resolved Caveats for Product `all' and Component `bgp'

CSCsk69927—Resolved in 12.2(18)SXF15

Symptoms:

All the BGP routes are dropped when IOS device receives BGP update with atomic-aggregate length as 254 (0xfe).

Conditions:

The topology consists of two eBGP peers with test traffic across the link. The BGP process does not crash, and routes are not restored after the event.

Workaround:

None.

Resolved Caveats for Product `all' and Component `mlp'

CSCsa49019—Resolved in 12.2(18)SXF15

Symptoms: A memory leak may occur in the "Multilink Events" process, which can be seen in the output of the show memory summary command:

0x60BC47D0 0000000024 0000000157 0000003768 MLP bundle name 
0x60BC47D0 0000000028 0000000003 0000000084 MLP bundle name 
0x60BC47D0 0000000044 0000000001 0000000044 MLP bundle name 
0x60BC47D0 0000000048 0000000001 0000000048 MLP bundle name 
0x60BC47D0 0000000060 0000000001 0000000060 MLP bundle name 
0x60BC47D0 0000000064 0000000013 0000000832 MLP bundle name 
0x60BC47D0 0000000068 0000000008 0000000544 MLP bundle name 
0x60BC47D0 0000000072 0000000001 0000000072 MLP bundle name 
0x60BC47D0 0000000076 0000000001 0000000076 MLP bundle name 
0x60BC47D0 0000000088 0000000018 0000001584 MLP bundle name  

Conditions: This symptom is observed when two interfaces are configured in the same multilink group or are bound to the same dialer profile.

Workaround: There is no workaround.

Other Resolved Caveats in Release 12.2(18)SXF15

Identifier
Product
Component
Description

CSCsg18288

all

aaa

Enable authentication ignores Tacacs+ configuration in rare situation

CSCso95426

all

aaa

Exposure of Radius-Keys in debugs.

CSCei33231

all

atmcommon

ATM PVC bundle protected group test failed with bumping exhausted

CSCek74474

all

atmcommon

no/default proto ip inarp cmd ineffective until ATM VC bounced.

CSCsd92325

all

bgp

Config sync: no neighbor 192.168.240.34 triggers standby reset

CSCsf06946

all

bgp

Removing loopback interface causes continuous standby RP reloading

CSCsi27696

all

bgp

oldest ebgp bestpath not retained in eibgp multpath cases

CSCsi68795

all

bgp

PE wrongly assigns local label to a vpnv4 confederation prefix

CSCsi98730

all

bgp

CEF/BGP table MPLS label mismatch in IOS 12.4(6)T5

CSCsl92283

all

bgp

Unable to add into routing table if static route use interface + gateway

CSCso62166

all

bgp

Crash @ bgp_netlist_validate when ibgp established with metric

CSCso93535

all

bgp

Upon removing a VRF, BGP route timers in other VRF's get reset

CSCsq13938

all

bgp

reload on 'show ip bgp vpnv4' when import src delinked by BGP deconfig

CSCsq21198

all

bgp

PE loses VPNv4-MDTs from a RR when another RR fails (or shuts neighbor)

CSCsl04386

all

cat6000-env

%BIT-STDBY-4-OUTOFRANGE : Traceback on Bootup .

CSCse53517

all

cat6000-wireless

WiSM: Tracebacks seen after SSO switchover

CSCsm78651

all

csg

malloc memory issue in standby SP supervisor

CSCsi15183

all

eigrp

change MTU value causes %DUAL-3-INTERNAL in ipigrp2_add_item_dest

CSCsm70580

all

ftp

c2w2:ciscoFtpClientMIB: ftp_fs.proc extra processes can deadlock & crash

CSCsi76936

all

glbp

Crash in GLBP if debug is enabled and it rcvs pkt from unknown group

CSCsl70070

all

hsrp

CPUHOG when doing HSRP SNMP query

CSCsq29165

all

install

Rockies-sup3:UUT hangs during installation

CSCsm45634

all

ip

BGP VPNv4 route is not actived immediately after receving update

CSCsl60092

all

ipc

Active SP crashed @ipc_fragment_cleanup with VSL shut/no shut test

CSCsl92316

all

ipmulticast

LNS: %SYS-3-CPUHOG when clear l2tp tunnel, sessions have multicast

CSCsl26998

all

ip-pbr

Switch crashes on applying PBR with next-hop verify-availability

CSCsm04442

all

ip-rip

Router crash at rip_find_sum_idb

CSCeg35237

all

ipsec-core

Watchdog crash after sh crypto session

CSCsm13389

all

ipsec-routing

RRI is not called be if QM rekey timer expiry forces SA deletion

CSCsh38140

all

isis

CEF drops when using CEF LB paths and active link recovers from failure

CSCsm30973

all

mpls-lfib

bgp multipath with ipv4+label nexthop: label missing in cef

CSCso22730

all

mpls-lfib

Prefixes get assigned imp-null local label after OIR linecard

CSCsi77983

all

netflow-switch

RP crashed ipflow_pak_pre_check on shutdown the trunk port

CSCso87348

all

netflow-switch

Corruption in subflow code

CSCsm04256

all

neutrino

CPUHOG and crash after 'show memory detailed all statistics' issued

CSCsm69827

all

neutrino

%SYS-2-MALLOCFAIL:Process= "GraphIt" in SXH1_fc3

CSCsg32308

all

ntp

copy/paste of ntp-authentication-key statement is not possible

CSCek58956

all

os

Need process_ok_to_reschedule check in process_may_suspend

CSCsq50429

all

osm-qos

OSM card unexpected reload @ cwtlc_qos_create_global_qid_info

CSCsa73179

all

ospf

Memory corruption/crash when 'no default-information orig' under RIP

CSCsm91801

all

ospf

ASBR not updating metric in LSA-5 redistributing from 2-nd OSPF process

CSCsm01126

all

parser

PRE-B crashes while in progress to standby cold-config

CSCsj49293

all

pas-2pos-7xxx

POS Interface Output Rate (200 mbps) > Line rate (155 Mbps)

CSCsd14706

all

pim

PIMV2 router send PIMV1 RP-reachable messages loading recieve router CPU

CSCsq14151

all

pim

RPF of (S,G) is set to NULL, When (S, G, R) entry is convered to (S, G)

CSCsd62013

all

snmp

Traceback on Standby RP@add_lpmapping_entry_private+74

CSCsj91738

all

spa-ipsec-2g

Non-ip packet with mcast-mac addr cause high CPU with VPN-SPA VRF mode.

CSCso26788

all

ssh

Re-work CSCin91851 for SXF

CSCsr60782

all

ssh

Fix SA warnings in ssh2_support.c

CSCsr85093

all

ssh

SXF15: SSH session fails withRSA signature verification failed after SSO

CSCsq48201

all

trans-bridging

c7300:Bridge IRB-Router crash and traffic flow issue

CSCsi63649

all

ts

%SYS-3-TIMERNEG:Cannot start timer with negative offset,TTY Background

CSCsd37499

c12000

ifs

%IFS-3-FSMAX: Failed to add ?, maximum filesystems 64 msg with Traceback

CSCsq48271

c6venus-slb

laminar

adding redundant CSM causes config sync to indicate in sync when not

CSCsk32095

c7200

pas-2fast-ethernet

PA-2FE-TX port flaps on applying qos policy

CSCsq20970

c7500

7x00-t1e1

ATM option missing, while configuring T1 controller for mode atm

CSCsg22830

c7600

c7600-ha

Standby not coming up after sso switchover

CSCsj43677

c7600

c7600-ha

Active Sup720 crash when removing Standy supervisor

CSCsq19146

c7600

c7600-sip-200

FPD creation for new pegasus rx (1.6) FPA image for Sip-1 CR

CSCsm32363

c7600

cat6000-acl

Netflow SLB sw-installed entries not aging out

CSCek78066

c7600

cat6000-env

Whitney:CLI & MIB mismatch for aux-1 temperature Sensor SUP32

CSCsi41749

c7600

cs7

ITP-76:%SYS-2-INTSCHED: 'sleep for' at level 2 (Process- "MIP Mailbox")

CSCsq60553

c7600

cwpa2

Create cwslc-rommon3.bin for cwpa2 to accomodate release Rommon (1.8)

CSCsr99933

c7600

loadbal

FWLB: High purge rate causes CPU to increase by 15%

CSCsm87735

c7600

osm-choc-ds0

OSM CHOC12/T1 - t1 shutdown does not disable Serial interface

CSCso78097

c7600

osm-ct3

OSM-ct3 MFR interface is flapping

CSCsq47166

c7600

osm-gigwan

GE-WAN interface stays down with autonegotiation enabled

CSCso59971

c7600

osm-pos

OSM OC3 POS : Wrong traffic counters

CSCsq19159

c7600

snmp

RP crashes in chassismib_add_sub_card_entry after linecard reload

CSCsq19476

c7600

spa-ipsec-2g

DMVPN over POS - wrong spa vlan in cef adj after boot, gre sent in clear

CSCso89823

c7600

spa-pos-oc12

Pos interface "rxload" and "input bytes" counters incorrectly increment

CSCsc69804

c7600

vipmlp

SIP1-ChOC3:Initial packets fail with SW-MLP on SIP-200

CSCsq12119

c7600

vpn-sm

SXF13 Crash on VPNSM OIR due to chunk memory double free.

CSCsi00712

cat6000

c6k-wan-common

Connected ipv4 routes for WAN interfaces missing on reload

CSCsi99875

cat6000

c6k-wan-common

BOOM: spa_eeprom_read_bit on BOOTUP

CSCsg39754

cat6000

cat6000-acl

DHCP snooping redirect ACL permits more than just bootpc and bootps port

CSCso97524

cat6000

cat6000-acl

Packet drop after TCAM exception happened

CSCsf17163

cat6000

cat6000-cm

TCAM mask/entry resource not released after conf/unconf pacl

CSCsm53873

cat6000

cat6000-diag

Module 1/0 failed in health monitoring configuration (error code 23)

CSCsq53822

cat6000

cat6000-env

Monitor session removal may affect traffic through WS-X6148A-RJ-45

CSCsq47140

cat6000

cat6000-fabric

67xx module may not come online

CSCsr54630

cat6000

cat6000-fabric

Patch workaround and s222 build fix for CSCso53756

CSCso87838

cat6000

cat6000-filesys

HSRP: with aggressive timers HSRP peer flaps when "wr mem"

CSCsk93587

cat6000

cat6000-firmware

TestFabricCh0Health test failure with unidir traffic via Ch1on Berytos

CSCsl39710

cat6000

cat6000-firmware

cat6000 mac-address-table does not add entries for local fwsm mac . .

CSCsq14259

cat6000

cat6000-firmware

TX Flowcontrol goes on when link negotiation is disabled

CSCsq79253

cat6000

cat6000-firmware

Pinnacle interrupts not re-enabled after memory inconsistency detected

CSCsq85850

cat6000

cat6000-firmware

Opnext GLC-LH-SM :remote port stays up when local RX cable is removed

CSCsq41311

cat6000

cat6000-hw-fwding

I/O memory leak in Medium buffers

CSCsq77464

cat6000

cat6000-hw-fwding

mls rate-limit unicast cef receive value re-written upon TCAM exception

CSCsr28305

cat6000

cat6000-hw-fwding

Packet drops on L2 portchannel on WS-X6708-10G

CSCsl72912

cat6000

cat6000-ipc

VS2: WS-X6708 DFC crash in local_cb1(Segment violation)

CSCsr09554

cat6000

cat6000-ipc

Move SIBYTE SB_RMON_OVRFL messages under debug

CSCsu03772

cat6000

cat6000-l2

Dot1q native vlan tagging is not working with "switchpot nonegotiate"

CSCsq59297

cat6000

cat6000-l2-infra

port-channel IDB gets mixed up

CSCsh16213

cat6000

cat6000-mcast

Disabling MLDsnooping does not clean special MACs 3333.0000.0016, 3333.0

CSCsm59926

cat6000

cat6000-mcast

RP receives 2 copies of each PIM register with MVPN

CSCso44072

cat6000

cat6000-mcast

High CPU due to multicast traffic getting punted to software

CSCso71355

cat6000

cat6000-mcast

PVLAN - 6500 - Multicast flood broken from pvlan port to promiscuous

CSCsg19793

cat6000

cat6000-portsecur

Psecure absolute aging on DFC causes MAC inconsistency w/ Central EARL

CSCsq04355

cat6000

cat6000-span

Fix in CSCso81632 is not complete

CSCso85395

cat6000

cat6000-svc

Unable to add the 256th vlan

CSCso84567

cat6000

cat6000-wccp

6500 with WCCP and CoPP punts non-TCP packets into CoPP policy.

CSCsb60078

cat6000

cat6k-v6-mcast

After SSO switchover, mcast ergess Vlan gets out of sync among DFCs

CSCsj28026

cat6000

cat6k-vs-snmp

WhitneyVS: Unable to mibwalk clcFdbVlanInfoTable . .

CSCsq68529

cat6000

decnet

After reload, there is no mac-address on SVI not running DECnet

CSCso68344

cat6000

dhcp

Switch acting as DHCP server crashes on issuing no service dhcp command.

CSCsq37376

cat6000

elam

Packet Buffer Capture May Crash a 6500 in IOS

CSCsm82958

cat6000

loadbal

radius sticky entry deleted even if the idle timer is not 0

CSCso30038

cat6000

mcast-vpn

A OIL is not registerd properly in mroute table with static igmp group

CSCsl90285

cat6000

pas-pos

POS-APS: CWPA-3-NODISPATCH messages seen when configuring APS

CSCsi74360

cat6000

spa-ipsec-2g

packet loops between icpu and ocpu while sending clear mcast traffic

CSCsq39079

cat6000

spa-ipsec-2g

SPA-IPSEC-2G Crash under load due to IKE session establishment

CSCsq37078

cat6000

vipmlp

Input errors incrementing on Multilink 5 in admin down state

CSCso00793

itp

cwpa2

ITP-76: Flexwan Memory version "VI4DP647228EBK-MD" causes reload


Resolved Caveats in Release 12.2(18)SXF14

Resolved Caveats for Product `all' and Component `dns'

CSCsk25697—Resolved in 12.2(18)SXF14

Symptom:

A router with DNS server configured may show CPUHOG tracebacks when it receives repeated crafted udp packets to its port 53.

Sample for 3800 router:

%SYS-3-CPUHOG: Task is running for (40004)msecs, more than (2000)msecs (5/0),process = DNS Server Input.

-Traceback= 0x60D68CDC 0x6033D984 0x6180E58C FFFFFFA0 3F 4E 60
0x708DFD18 06 FFFFFFFE FFFFFF88 FFFFFFA5 FFFFFFA3 FFFFFF92 FFFFFFA7 FFFFFF8B 7A 3A FFFFFFF5 17 FFFFFF9B FFFFFFC9 FFFFFF9B FFFFFFA2

Conditions:

Router needs to have dns server configured and listen to udp port 53

conf t  
ip dns server  
end  

Workaround:

Apply rate limit to port 53 to interfaces facing untrusted networks:

access-list 100 permit udp any any eq domain  
access-list 100 deny ip any any  
interface GigabitEthernet0/0  
ip address 10.2.2.2 255.255.255.0  
rate-limit input access-group 100 8000 1500 2000 conform-action transmit exceed-action 
drop 

Resolved Caveats for Product `cat6000' and Component `cat6000-sw-fwding'

CSCek49649—Resolved in 12.2(18)SXF14

Symptom: Cisco Catalyst 6500 and Cisco 7600 modules are reachable via 127.0.0.x addresses.

Conditions: Cisco Catalyst 6500 and Cisco 7600 series devices use addresses from the 127.0.0.0/8 (loopback) range in the Ethernet Out-of-Band Channel (EOBC) for internal communication.

Addresses from this range that are used in the EOBC on Cisco Catalyst 6500 and Cisco 7600 series devices are accessible from outside of the system. The Supervisor module, Multilayer Switch Feature Card (MSFC), or any other intelligent module may receive and process packets that are destined for the 127.0.0.0/8 network. An attacker can exploit this behavior to bypass existing access control lists; however, an exploit will not allow an attacker to bypass authentication or authorization. Valid authentication credentials are still required to access the module in question.

Per RFC 3330, a packet that is sent to an address anywhere within the 127.0.0.0/8 address range should loop back inside the host and should never reach the physical network. However, some host implementations send packets to addresses in the 127.0.0.0/8 range outside their Network Interface Card (NIC) and to the network. Certain implementations that normally do not send packets to addresses in the 127.0.0.0/8 range may also be configured to do so.

Destination addresses in the 127.0.0.0/8 range are not routed on the Internet. This factor limits the exposure of this issue.

This issue is applicable to systems that run Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the MSFC) and Native Mode (IOS Software on both the Supervisor Engine and the MSFC).

Workaround:

Administrators can apply an access control list that filters packets to the 127.0.0.0/8 address range to interfaces where attacks may be launched.

ip access-list extended block_loopback
deny ip any 127.0.0.0 0.255.255.255 
permit ip any any
 
   
interface Vlan x
ip access-group block_loopback in
 
   

Control Plane Policing (CoPP) can be used to block traffic with a destination IP address in the 127.0.0.0/8 address range sent to the device. Cisco IOS Software releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP may be configured on a device to protect the management and control planes to minimize the risk and effectiveness of direct infrastructure attacks. CoPP protects the management and control planes by explicitly permitting only authorized traffic that is sent to infrastructure devices in accordance with existing security policies and configurations.

!-- Permit all traffic with a destination IP
!-- addresses in the 127.0.0.0/8 address range sent to
!-- the affected device so that it will be policed and
!-- dropped by the CoPP feature
!
access-list 111 permit icmp any 127.0.0.0 0.255.255.255
access-list 111 permit udp any 127.0.0.0 0.255.255.255
access-list 111 permit tcp any 127.0.0.0 0.255.255.255
access-list 111 permit ip any 127.0.0.0 0.255.255.255
!
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3
!-- and Layer4 traffic in accordance with existing security
!-- policies and configurations for traffic that is authorized
!-- to be sent to infrastructure devices
!
!-- Create a Class-Map for traffic to be policed by the
!-- CoPP feature
!
class-map match-all drop-127/8-netblock-class
match access-group 111
!
!-- Create a Policy-Map that will be applied to the
!-- Control-Plane of the device.
!
policy-map drop-127/8-netblock-traffic
class drop-127/8-netblock-class
police 32000 1500 1500 conform-action drop exceed-action drop
!
!-- Apply the Policy-Map to the Control-Plane of the
!-- device
!
control-plane
service-policy input drop-127/8-netblock-traffic
!
 
   

Additional information on the configuration and use of the CoPP feature is available at the following links:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html

Infrastructure Access Control Lists (iACLs) are also considered a network security best practice and should be considered as, long-term additions to effective network security as well as a workaround for this specific issue. The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection ACLs. The white paper is available at the following link:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml

Further Problem Description:

None

Other Resolved Caveats in Release 12.2(18)SXF14

Identifier
Technology
Description

CSCdu79630

AAA

Username on vty not displayed if accounting is not configured

CSCsl57645

AAA

tacacs-server directed-request fails for enable authentication on 6500

CSCsj88665

Access

Bus error with PA-MC-2T3+ when deleting channel-group

CSCsm12247

Content

WCCP: hash assignment may be lost after service group change

CSCsk70446

Infrastructure

NRT: tracebacks @ data_inconsistency_error - 7200 for HTTP config .

CSCsl06515

Infrastructure

Sup720 Crash with 11 eFlexWan linecards

CSCso99219

Infrastructure

Match ip address with Named ACL not work in route-map

CSCec51750

IPServices

Router reloads do to bus error. and illegal access to low address

CSCsi57927

IPServices

FTP session hangs TCP in closewait after CLI times out . .

CSCsl23788

IPServices

Dlsw+ peer waits in AB_PENDING or WAIT_WR status with modular IOS

CSCsm36306

IPServices

NAT creates overlapping translation entries using the same IG address

CSCsm59037

IPServices

no service dhcp command causes switch to reload

CSCsk94676

LegacyProtocols

dlsw with tbridge, COMMON_FIB-4-FIBIDBMISMATCH

CSCsl78965

MPLS

High CPU in SNMP engine, mplsVpnVrfRouteEntry

CSCso47703

MPLS

Spurious Access error on rsvp_frr_event_lsp_down_psb

CSCek75931

Multicast

LNS: %SYS-3-CPUHOG When sessions have multicast

CSCsk26429

Multicast

Router configured for IGMP Proxy may not send IGMP Join

CSCsm17426

Multicast

RP-bit not cleared on s,g; traffic outage for 4 minutes

CSCsm44620

Multicast

Shutdown interface present in PIM interface list

CSCsm48322

Multicast

IPv6 Multicast RP ignores embedded RP register messages

CSCse40966

PPP

MLP links down after SSO switchover if aaa new-model cfged

CSCsj60595

QoS

SIP-400 : offered rate in sh policy-map int is not accurate

CSCsm29181

QoS

Crash when NBAR applied to sub-interface

CSCsm49062

QoS

cwan2: show queueing interface reports double count for wfq drops

CSCef16315

Routing

default-information originate route-map causes default route aging

CSCek47667

Routing

clear bgp ipv6 unicast * does not work .

CSCsc58258

Routing

OSPFv3: 64-bits long keys for LSDB

CSCsc72090

Routing

EIGRP doesn't honor interface IP MTU when sending packets

CSCsc96014

Routing

EIGRP neighbors from primary add space deleted when sec add removed

CSCse65277

Routing

MU:default isis metric maximum returns parser error

CSCse85383

Routing

OSPFv3: Restructure link-state request list (CSCsd03021)

CSCsj21785

Routing

TE tunnel does not reoptimize after mtu change

CSCsj56281

Routing

BGP inherit peer-policy not working after router reload

CSCsk35985

Routing

OSPFv3: router crashes for "show ipv6 ospf lsdb" after redist of routes

CSCsl06336

Routing

removing 'maximum-paths import 6' causes duplicate paths in VRF table

CSCsl30331

Routing

Prefixes permitted despite the deny action on route-map continue

CSCsl70287

Routing

RIP default-originate not working after a switchover

CSCsm43938

Routing

stby resets when large config/arp table to sync over to it

CSCso60089

Routing

7200: KBOOT image build failed

CSCso64274

Routing

0.0.0.0/0 redistributed entry not removed RIP DB after deleting command

CSCso73076

Routing

can not delete ACE enties in ACL

CSCsc92417

Security

Secure copy feature intreaction issues with Archive command

CSCsg03753

Security

cat6k memory leak in map->peers and peering_info_list_chunk

CSCsl34391

Security

Output of 1st page of "sh crypto ipsec sa" is blank

CSCso03917

Security

Rtr crash on "sh cry ipsec sa" @ crypto_ipsec_manipulate_ident_tree

CSCef71952

Unknown

EzVPN server disconnects all PAT users of same IP address

CSCek74347

Unknown

Router crash after ip address slarp retry

CSCsb81527

Unknown

sup2:Need enhanced FIB fatal error handling

CSCsb97997

Unknown

dot1dTpFdbAddress is broken

CSCsd42319

Unknown

SIP400 crashes during bootup with current pikespeak image

CSCsd58422

Unknown

%IXP_MAP-3-QOS_CONFIG: error detected: Can't download policymap

CSCsd82457

Unknown

EOU Policy can't exempt Cisco 7935 Conference Station & Wireless phones

CSCsg00173

Unknown

v4 Sparse/SSM traffic when src is in PVLAN src port/DFC is not routed

CSCsg16964

Unknown

Sup32 crashes with 23rd image tb@_shmwin_error

CSCsi52715

Unknown

PISA:SIP200 and FW2 reboots on SSO switchover

CSCsi97434

Unknown

A router may crash when ipsec is established

CSCsj25906

Unknown

Configuration changes made after scheduling a reload do not get saved

CSCsj48453

Unknown

AW: CAT6k does not forward multicast traffic to WISM in L3 mode

CSCsk07255

Unknown

Sip-600 crash on SSO

CSCsk09552

Unknown

New varbinds showing real & virtual server info needed in SLB traps

CSCsk44233

Unknown

While raising the interrupt level, bgp_route_map_inform tries to suspend

CSCsk67578

Unknown

Flow End sysUpTime higher value than the Router sysUpTime

CSCsk80552

Unknown

Shut and no shut of interface causes the delay in forming rp mapping

CSCsk82877

Unknown

METROPOLIS #0 cnt=1 reg:[1B0]kic_kic_int 02

CSCsk87262

Unknown

Switch crashes when polling port security MIB for SIP or Flexwan

CSCsk88760

Unknown

122SR:Routers crashes on unconfiguring vlan in the LACP mode

CSCsl02812

Unknown

TCP SYN packet lost for web applications when NAT outside IF is ATM

CSCsl18958

Unknown

IOS-SLB: Multicast packets are droped in SUP22 when FWLB is operational

CSCsl32344

Unknown

Group of 4 ports on 6708 stops passing traffic

CSCsl52748

Unknown

SUP32 crash in tyfib_get_hw_index

CSCsl71339

Unknown

Prevent ssa interrupts from corrupting sfp i2c accesses

CSCsl74456

Unknown

VPN-SPA : TCAM not programmed on POS sub-interface after a reload

CSCsl74976

Unknown

Punted MPLS-tagged traffic causes control plane instabilities

CSCsl80682

Unknown

SPA crashes if crypto acl changed

CSCsl94393

Unknown

OPNEXT / Sup32 uplink port stays up when far-end port down.

CSCsl98238

Unknown

QoS statistics-export only exports to directly-connected destinations

CSCsm11898

Unknown

IOS:SLB: Incorrect NAT Translation when Nat client is enabled

CSCsm18546

Unknown

Root port is not selected with frameraly and bridge domain configs

CSCsm30858

Unknown

PIM register packets upmarked to TOS 6 by PTcam redirection

CSCsm31037

Unknown

URL maps are not properly downloaded to CSG

CSCsm37673

Unknown

Traffic from SSLM service module not going over multi-module etherchanne

CSCsm45453

Unknown

Missing 'lbusDrops' counter for WS-X6516A-GBIC in Native IOS

CSCsm48398

Unknown

mls cef adj leaking

CSCsm48410

Unknown

Vlan-based qos applied to channel when not configured after reload

CSCsm48913

Unknown

Transient SPI aging window is too long

CSCsm59039

Unknown

Message "ME_AR#0 WARNING: Cannot FLUSH Dic#0" seen for WS-X6708A-10 LC

CSCsm69112

Unknown

Multicast output drop w/ IGMP snooping @ near line rate 1Gbps

CSCsm70774

Unknown

Router crashes at cfg_kron_plcy_sbmd_cmd.

CSCsm73173

Unknown

Spurious memory access seen @ slb_lam_cfg_ft_track_interf

CSCsm79163

Unknown

Commit 8.6(0.306)R3V25 C2 FW libraries to the v122_18_sxf_throttle

CSCsm82382

Unknown

7600 standby RP memory leaking cause CEF disable

CSCsm83948

Unknown

CISCO7609 returns sysObjectId as ciscoProducts.402 (which is cisco7606)

CSCsm84257

Unknown

crash in ipflow_periodic context due to watchdog timeout

CSCsm86027

Unknown

B2B failover,ace_tunnel_compare:Invalid address_type, router crashed

CSCsm89251

Unknown

IPSec SA lifetime gets reduced during rekey

CSCsm94421

Unknown

Configuring STP cost in an etherchannel to the defaulthas no effect

CSCsm95456

Unknown

Duplicate L3 packets with 6708 and DEC

CSCsm97669

Unknown

Cat6K with NAT-T through PAT: IKE packets with src_port != 4500 dropped

CSCsm97775

Unknown

fix compile error for earl6

CSCsm99170

Unknown

Memory Leak seen in fw_lcp process

CSCso10819

Unknown

LC not reset after 10 consecutive failures of TestMacNotification

CSCso12903

Unknown

RE MET address check missing while running MET patch on IO bus timeout

CSCso17569

Unknown

VPN-SPA: WAN interface mtu incorrectly programmed on the SPA

CSCso20519

Unknown

Cheronia: Fix SMB drive strength programming.

CSCso31506

Unknown

IPv6 AH Extension Headers Punted to Software on PFC-3B & 3C

CSCso37640

Unknown

DHCP snooping ACL's are not getting programmed after switchover.

CSCso38129

Unknown

Tracebacks seen on standby & switch crash after switchover w/ct3 config

CSCso53741

Unknown

VPNSPA does not handle duplicate IPSec SA correctly in nested tunnel

CSCso81945

Unknown

removing natpool doesn't remove from the slb-policy automatically

CSCso89550

Unknown

cat6k crash due to SP: Supervisor has bad local fabric channel

CSCsq00884

Unknown

"mls qos trust" cmd lost under port-channel interface when upgrading IOS


Resolved Caveats in Release 12.2(18)SXF13

Resolved Infrastructure Caveats

CSCsk33054—Resolved in 12.2(18)SXF13

This is the Cisco Product Security Incident Response Team (PSIRT) response to a vulnerability that was reported on the Cisco NSP mailing list on August 17, 2007 regarding the crash and reload of devices running Cisco IOS after executing a command that uses, either directly or indirectly, a regular expression. The original post is available at the following link:

http://puck.nether.net/pipermail/cisco-nsp/2007-August/043002.html

The Cisco PSIRT posted a preliminary response on the same day and is available at the following link:

http://puck.nether.net/pipermail/cisco-nsp/2007-August/043010.html

Preliminary research pointed to a previously known issue that was documented as Cisco bug ID CSCsb08386 (registered customers only) , and entitled "PRP crash by show ip bgp regexp", which was already resolved. Further research indicates that the current issue is a different but related vulnerability.

There are no workarounds available for this vulnerability. Cisco will update this document in the event of any changes.

The full text of this response is available at

http://www.cisco.com/en/US/products/csr/cisco-sr-20070912-regexp.html

Resolved Security Caveats

CSCsi17158—Resolved in 12.2(18)SXF13

Symptoms: Devices running Cisco IOS may reload with the error message "System returned to ROM by abort at PC 0x0" when processing SSHv2 sessions. A switch crashes. We have a script running that will continuously ssh-v2 into the 3560 then close the session normally. If the vty line that is being used by SSHv2 sessions to the device is cleared while the SSH session is being processed, the next time an ssh into the device is done, the device will crash.

Conditions: This problem is platform independent, but it has been seen on Cisco Catalyst 3560, Cisco  Catalyst 3750 and Cisco Catalyst 4948 series switches. The issue is specific to SSH version 2, and its seen only when the box is under brute force attack. This crash is not seen under normal conditions.

Workaround: There are mitigations to this vulnerability: For Cisco IOS, the SSH server can be disabled by applying the command crypto key zeroize rsa while in configuration mode. The SSH server is enabled automatically upon generating an RSA key pair. Zeroing the RSA keys is the only way to completely disable the SSH server.

Access to the SSH server on Cisco IOS may also be disabled via removing SSH as a valid transport protocol. This can be done by reapplying the transport input command with `ssh' removed from the list of permitted transports on VTY lines while in configuration mode. For example: line vty 0 4 transport input telnet end

If SSH server functionality is desired, access to the server can be restricted to specific source IP addresses or blocked entirely using Access Control Lists (ACLs) on the VTY lines as shown in the following URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html

More information on configuring ACLs can be found on the Cisco public website: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

Resolved Unknown Caveats

CSCsg35077—Resolved in 12.2(18)SXF13

Symptoms: A device that is running Cisco IOS software may crash during processing of an Internet Key Exchange (IKE) message.

Conditions: The device must have a valid and complete configuration for IPsec. IPsec VPN features in Cisco IOS software that use IKE include Site-to- Site VPN tunnels, EzVPN (server and remote), DMVPN, IPsec over GRE, and GET VPN.

Workaround: Customers that do not require IPsec functionality on their devices can use the no crypto isakmp enable command in global configuration mode to disable the processing of IKE messages and eliminate device exposure.

If IPsec is configured, this bug may be mitigated by applying access control lists that limit the hosts or IP networks that are allowed to establish IPsec sessions with affected devices. This assumes that IPsec peers are known. This workaround may not be feasible for remote access VPN gateways where the source IP addresses of VPN clients are not known in advance. ISAKMP uses port UDP/500 and can also use UDP/848 (the GDOI port) when GDOI is in use.

Further Problem Description: This bug is triggered deep into the IKE negotiation, and an exchange of messages between IKE peers is necessary.

If IPsec is not configured, it is not possible to reach the point in the IKE negotiation where the bug exists.

Other Resolved Caveats in Release 12.2(18)SXF13

Identifier
Technology
Description

CSCee89849

AAA

Router reloaded at vtemplate_build_command_strings

CSCsc98046

AAA

TACACS Accounting isn't sending stop time in the stop packet.

CSCsf30451

AAA

radius-server attrib 32 include-in-access-req/accounting-req not sent

CSCsh46990

AAA

Console hangs with enable/line as aaa fall-back methods

CSCsl33966

AAA

C6509 : attribute 32 nas-Id not sent for Auth (missed by CSCsf30451 ) .

CSCsm06740

AAA

Memory Leak in AAA accounting and Virtual Exec

CSCsl41784

Access

ION: ARP Input memory leak with "mobile ip arp"

CSCsd84347

ATM

PVC stops sending OAM loopback if AIS/RDI received

CSCse13374

ATM

IMA ports on 7600 always initialized to default clocking on bootup .

CSCsl65335

Content

WCCP: reload following ACL update

CSCsa65031

Infrastructure

show rtr distriution-statistics inactive status

CSCsb66972

Infrastructure

show memory shows negative numbers with 4GB RAM

CSCsh42866

Infrastructure

Static analysis on SNMP code

CSCsi15080

Infrastructure

RP crash when listing files by using the context-sensitive help

CSCsj83966

Infrastructure

Syslog traps cause CPUHOG when lot of interface come up at same time. .

CSCsk06492

Infrastructure

snmp-server drop vrf-traffic implementation in 12.2 SRB train

CSCsk37278

Infrastructure

BFD clients flaps when boot string is removed from "show running" .

CSCsg60447

IPServices

7200: BVI stops receiving CLNS/ISIS packets

CSCsh58099

IPServices

ftp process should call a registry cleanup- Message Could not register..

CSCsj29841

IPServices

Port forwarding breaks NAT-overload on a 6509

CSCsk29013

IPServices

IGMP groups in the vrf not rejoined after executing a cle ip mr vrf

CSCsk39022

IPServices

Modular IOS: ip directed-broadcast not working

CSCsl10348

IPServices

Crash writing to or from ftp/tftp server in modular IOS

CSCsl36293

IPServices

Bus Error crash at standby_arp_add_if while config-change .

CSCsm54171

IPServices

Crash seen with "copy runn tftp" and large hostname in modular IOS

CSCsh34949

LegacyProtocols

DLSW router crash with Bus Error

CSCdy83805

MPLS

%MPLS_TE-3-CONSISTENCY: consider replacing errmsg with buginf

CSCsa70235

MPLS

LDP doesnt withdraw all labels after routes gone

CSCsd55004

MPLS

FRR path gets reoptimized while in Active state

CSCsk30567

MPLS

local label for inter-as vpn not programmed on LC Eng 5 on an ASBR .

CSCsk36276

MPLS

SXF11: on SSO switchover tracebacks are seen at network_redist_ndb_updat

CSCsk55768

MPLS

TAG adj doesn't recover after flap

CSCsl72702

MPLS

MPLS should not allocate labels on standby RP in HA setup

CSCeg85087

Multicast

S,G expire timer set to 3:00 when no downstream pim join

CSCsg95192

Multicast

no ip rp-address <ACL name> causes an address error

CSCsh56720

Multicast

CPUHOG/Watchdog timeout when using igmp static group class-map cmd

CSCsh78277

Multicast

Sierra: mwheel CPUhog on RPF link failure causing crash .

CSCsl20422

platform-76xx

PXF points incorrect adjacency

CSCsl27840

PPP

Router may Crash / Hang, Module Reset @ Shut ATM member + MLPOA

CSCse18146

QoS

SIP1-CT3: SIP1 crashed after switchover @giant_node_process .

CSCsi73132

QoS

Multicast DSCP value not copied to PIM-SM RP-register packet

CSCsk53642

QoS

RSVP PATH msg not forwarded to MCAST receiver .

CSCsk63794

QoS

FlexWAN WS-X6582-2PA + T3+ Serial PA may crash/reload

CSCsk79703

QoS

SIP-200 crashes when moving MFR bundle from OSM to SIP-200

CSCsl70734

QoS

Commiting CSCsk53642 broke build.

CSCee04303

Routing

Spurius Memory access during boot while processing an isis update

CSCeg25475

Routing

Distribute-list configured in ipv4 acts in vpnv4 address-family

CSCsf00171

Routing

summary route not flushed from ospf database

CSCsh82953

Routing

EIGRP pece routes missing extcomm attrs after redistribution to BGP .

CSCsi80057

Routing

RIP default-information originate with route-map not working correctly .

CSCsj78403

Routing

clear ip bgp causes crash to RR client with conditional route injection

CSCsj99269

Routing

BGP: VPNv4 general scanner runtime close to 1 hour at boot time .

CSCsk34344

Routing

Wrong share-count 1:10 via confed-external BGP peers using dmzlink-bw

CSCsk70844

Routing

%SYS-4-REGEXP: new engine: regexp compilation had failed -BGP Router

CSCsl07297

Routing

SXF11: BGP "no neighbor" command caused Address Error exception .

CSCsl47915

Routing

Redistribution of ospf in rip with prefix-list not working properly

CSCsm17391

Routing

ISIS routes are not learned through interfaces

CSCsm27979

Routing

router may crash for "address error exception" doing sh ip route vrf

CSCsg48392

Security

Resuming SSH Session Fails After Disconnecting Another One (Not Console)

CSCsj45031

Security

Cat6k unable to SCP files from Tectia ssh server

CSCsm22805

Security

hsrp crypto map config got removed after reload

CSCsm32840

Security

Router crash in dmvpn-vrf setup after cheronia reset

CSCeb69473

Unknown

connect '/terminal-type' command memory corruption

CSCee13737

Unknown

CSM - sho mod csm # sticky reports invalid # of connections

CSCei28317

Unknown

PIM-6-INVALID_RP_JOIN reports 0.0.0.0 for source of invalid neighbor

CSCei49932

Unknown

Out-Discard counter showing value of zero on WS-X6148-GE-TX

CSCek45036

Unknown

Interuppt throttling to be implemented for Sibyte Modular IOS images.

CSCek55870

Unknown

fabric buffer-reserve queue default issues

CSCek76062

Unknown

Router crashed @ validmem_complete_interrupt .

CSCin67287

Unknown

NxDS0 BERT capability on PA-MC-8TE1+

CSCin89549

Unknown

Router crashes if AAA returns ipv4 address attrib with no xauth

CSCsb36463

Unknown

RF-bit not set in the DBUS hdr for the FS switched+RTD port snooped pkt

CSCsc56179

Unknown

mac-address is not purge when interface is shutdown .

CSCsd18278

Unknown

Host backpressure is not handled by SPA IPC firmware code

CSCsd66406

Unknown

SP error msg is not printed part of syslog levels

CSCsd90173

Unknown

TestIPSecEncrypDecrypPkt HM test config init error reporting is needed

CSCse31973

Unknown

NF double counts packets when span is configured.

CSCsf32441

Unknown

ALIGN-3-CORRECT: messages from process_t1e1s

CSCsg27123

Unknown

Learning not disabled on SPAN dest without learning option

CSCsg29305

Unknown

hw-module subslot reload crashes the router .

CSCsh17328

Unknown

WS-SVC-WISM-1-K9 reports 0.0 in entPhysicalVendorType

CSCsh23961

Unknown

Multicast netflow not working for Vlan interface (SVI)

CSCsh64639

Unknown

VS2: [dead threads] process takes a large chunk of CPU util

CSCsh83109

Unknown

HapiEchoTest fails on SPA-IPSEC-2G when reset.

CSCsh84657

Unknown

STP Loopguard: Ability to disable loopguard for Po270 and higher for FWM

CSCsh85531

Unknown

E1 channels down after PE reload

CSCsh88532

Unknown

Auto-LAG EtherChannel not configurable; doesn't trust QoS. .

CSCsh97395

Unknown

IDSM: Monitor config was removed after RPR switchover

CSCsi00706

Unknown

Sierra: upon fib tcam exception to use ratelimiter and not reload

CSCsi52382

Unknown

radius attribute 5 nas-port not sent in access-request for RA VPN users

CSCsi74194

Unknown

18SXF: Egress SPAN may cause high CPU

CSCsi79991

Unknown

VACL capture not supported for the GE-WAN or GigabitEthernet on SIP-400

CSCsi98587

Unknown

Excessive MET refs and memleak after ipv4 stress, crash follows .

CSCsj00385

Unknown

logging event link-status default negates existing interface config

CSCsj07935

Unknown

%CONST_DIAG-SP-2-HM_MOD_RESET:Failed TestFabricCh0Health .

CSCsj10375

Unknown

802.1X: VLAN Changing on port causes link to go down

CSCsj27352

Unknown

RX Priority q-limit is set to default after reload

CSCsj37078

Unknown

permit missing for internal vlan acl - causing vrf connectivity failure

CSCsj72438

Unknown

Control plane instability and %EARL-DFC3-2-SWITCH_BUS_IDLE: Switching bu

CSCsj83102

Unknown

crash upon card type configuration on WS-X6582-2PA / PA-MC-8TE1+

CSCsk30146

Unknown

Router crashed %DUMPER-3-PROCINFO: pid = 12315: (sbin/ios-base) SIGBUS

CSCsk40931

Unknown

Port Security Inactivity Aging is not working as expected

CSCsk41134

Unknown

ISAKMP SA neg not successful for in tunnel mode w/ RSA-SIG

CSCsk55423

Unknown

7600's SPD implementation allow COS 5 or above in Extended headroom

CSCsk58040

Unknown

WS-X6148A-GE-45AF retains previous modules MACs after OIR

CSCsk77164

Unknown

Connectivity problems to addresses switched based on aggregate label

CSCsk84237

Unknown

SIGSEGV, Segmentation violation in rf_proxy_fatal_error . .

CSCsk84944

Unknown

unidirectional Ethernet UDE is broken on WS-6704 after SW upgrade

CSCsk91267

Unknown

Module fails to come up with (FRU-power failed)

CSCsl00130

Unknown

GRE tunnel not HW accelerated after reboot when source from HSRP address

CSCsl08912

Unknown

Vlan access list not working when have "xconnect vfi #" under the SVI

CSCsl08952

Unknown

rapid link changes causes memory leak on sup32 int with service policy

CSCsl12827

Unknown

Handling Transit IpSec in VRF mode

CSCsl18765

Unknown

6500-7600 : SPAN of EoMPLS port causes packet reflection or loop

CSCsl19708

Unknown

Naxos : Disable Telesto Internal TERMINATION For Reference Clock, PB RAM

CSCsl21106

Unknown

Tunnel destination command crashes MSFC running in hybrid mode .

CSCsl26033

Unknown

Modifying the BFG doesn't re-create the SA's

CSCsl26997

Unknown

Catalyst 6500 may crash when reseting VPNSM module .

CSCsl27236

Unknown

%SYS-3-CPUHOG: Task is running for (126000)msecs, causes RP crash .

CSCsl30750

Unknown

Memory leak after create-apply-remove-delete policies on QM Process RP

CSCsl32122

Unknown

Remote Access for certificate users fails during mode config

CSCsl34647

Unknown

18SXF: RPR RF Keep alive swover not working

CSCsl49734

Unknown

IF_INDEX_ILLEGAL errors and crash due to memory corruption on standby RP

CSCsl51380

Unknown

Sup720 and Sup32 TCAM & SSRAM Consistency Checkers refinement

CSCsl52092

Unknown

DHCP db agent considers port-channel interface (poX) as invalid

CSCsl53494

Unknown

C7600-SSC-400: Error message display incorrect product name

CSCsl59553

Unknown

SIP-400: bursty traffic causes packet drop even in low rates

CSCsl61086

Unknown

urpf global disable even some intf with urpf

CSCsl63311

Unknown

6500 May Experience High CPU due to NAT traffic

CSCsl68327

Unknown

Packet loss during rekey

CSCsl70148

Unknown

PIM enabled p2p Crypto GRE Tunnels not installed in Hardware

CSCsl70634

Unknown

67xx EC tx/rx traffic dependency resulting in low throughput

CSCsl75136

Unknown

Cat6k with Sup32 failed to boot up after power cycle.

CSCsl75719

Unknown

sxf13 show int tunnel with blank display

CSCsl83211

Unknown

Sup32 running ION image fails to bootup after a power-cycle.

CSCsl84317

Unknown

Active crashes on applying acl to EoMPLS subif on SIP-600

CSCsl89069

Unknown

Zamboni crashed at illegal event/state combinationin CfgMonInd, clear sa

CSCsl89176

Unknown

Cat6k may crash when vlanTrunkPortEntry is polled via snmp

CSCsl97653

Unknown

bcm2_5421_isr bcm2_num: 1 messages seen in the log

CSCsm01129

Unknown

Back-out the ubins commit done in CSCse31973

CSCsm01399

Unknown

Bus idle recovery may cause 10GE interface to remain down

CSCsm05486

Unknown

mtu mis probram in adj thru tunnel interface after b2b failover

CSCsm08419

Unknown

debounce timer issue on sup32 10GE uplink and 6708

CSCsm15350

Unknown

vpnspa crashed at assert failure in l2-mcpu.c on line

CSCsm17983

Unknown

Memory corruption by l3_mgr_e7_fmask_init_platform

CSCsm21126

Unknown

C7600-SSC-400: Resync fabric interface on fabric error

CSCsm32493

Unknown

Backout of CSCsh94882

CSCsm35364

Unknown

SPA-IPSEC-2G get reload automatically by RP

CSCsm67778

Unknown

To make CSCsl68327 patch friendly and restore the symbols

CSCsj68446

WAN

NTP will not sync - NTP packets received but ignored by NTP process .


Resolved Caveats in Release 12.2(18)SXF12a

Identifier
Product
Component
Description

CSCsm06740

all

aaa

Memory Leak in AAA accounting and Virtual Exec


Resolved Caveats in Release 12.2(18)SXF12

Resolved Caveats for Product `all' and Component `aaa'

CSCsj91123—Resolved in 12.2(18)SXF12

Symptom:

Double freeing of freed memory. Router reloads after authentication attempt fails on vty/console.

Conditions:

While performing aaa accounting, the accounting structure was freed twice. Which results in crash. The below CLI is configured "aaa accounting send stop-record authentication failure" which sends a stop record for authentication failure.

Workaround:

Remove "aaa accounting send stop-record authentication failure" , which will disable sending of the stop record at authentication failure.

Resolved Caveats for Product `all' and Component `dlsw'

CSCsk73104—Resolved in 12.2(18)SXF12

Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets.

Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080326-dlsw.html

Resolved Caveats for Product `all' and Component `ifs'

CSCsk61790—Resolved in 12.2(18)SXF12

Symptoms: Syslog displays password when copying the configuration via FTP.

Conditions: This symptom occurs when copying via FTP. The Syslog message displays the password given by the user as part of syntax of FTP copy.

Workaround: There is no workaround.

Other Resolved Caveats in Release 12.2(18)SXF12

Identifier
Product
Component
Description

CSCsj89305

all

aaa

RADIUS/NAS-IP address is sent out as 0.0.0.0

CSCse20115

all

ata-filesystem

System hangs when writing to a file, when the disk space is full

CSCek61180

all

atmcommon

crash @ write_to_url, doprintc_core, atm_remove_vc

CSCsc75426

all

bgp

Crash when BGP sends update with bad attribute .

CSCsg16778

all

bgp

router may crash at bgp_update_nbrsoo after deleting BGP neighbor .

CSCsg55591

all

bgp

MPLS VPN Local label not allocated/programmed for sourced BGP network

CSCsj56086

all

cat6000-acl

WCCP and VACL cause Cisco router CPU High

CSCsk41374

all

cat6000-acl

device crash seen when auth-proxy enabled on the LPIP vlan .

CSCsh99116

all

cat6000-fib

bits/sec counter is way off in show int vlan

CSCsa79984

all

comm-serv

CTRLC_ENBL should be cleared when line is reset

CSCsi58303

all

eigrp

eigrp resync peer graceful-restart repeatedly after reload .

CSCsj25940

all

eigrp

%SYS-2-NOTQ: unqueue didn't find 6433F698 in queue .

CSCsc38968

all

fr

Frame-relay EEK failure does not keep subinterface down

CSCsj84641

all

install

some patches failed to commit during install commit of 41 patches.

CSCek76776

all

ip

ip interface settings persistent after deleting/adding sub-interface

CSCsk46195

all

ip

Arp entry does not age out with private vlans and no ip sticky-arp

CSCsk26719

all

ip-acl

show ip access crash with per-user acl

CSCsk26973

all

ipsec-dmvpn

Memory leak in nhrp_cache_delete for incomplete cache entries

CSCsk21328

all

ipv6

6504 crashes in IPV6

CSCsk65482

all

loadbal

clear ip slb CLI is defined with wrong privilege level

CSCsf13044

all

mcast-vpn

MVPN: Bidir mroute OIF missing - pim joins not received from MDT tunnel

CSCej00319

all

mpls-ldp

RP Crash for E2 E3 E4 E4P interaction

CSCsk05059

all

mpls-lfib

NRT: traceback tfib_post_table_change_ tfib_ipfib_ ip_fib_table_

CSCsk52331

all

mpls-lfib

Xconnect configuration triggers entire fib table walk

CSCsb67427

all

mpls-vpn

Label not allocated for imported iBGP in ASBR/PE after flap 'mpls ip'

CSCeh56158

all

nat

NAT outside source translation fails for GRE packets .

CSCsd80770

all

netflow-switch

Netflow exports UDP packets with source port 0

CSCir01217

all

neutrino

name_svr.proc[64]: Could not register interest

CSCsj17820

all

nhrp

Hub crashes during unconfiguration due to program counter error

CSCek33384

all

ospf

Tunnels stay down after cutover at MPLS head test cases

CSCsl14632

all

ospf

SXF12:%LDP-5-NBRCHG: LDP Neighbor is down after SSO Switchover .

CSCef54653

all

ppp

Members inactive in a multilink bundle except the first member. .

CSCsd30719

all

ppp

A2A: Stdby sup crashes @ mlp_remove_link .

CSCek78675

all

qos

SIP200 crash at hqf_cwpa_pak_enqueue_local during qos test .

CSCsh91974

all

security

PIM CLI causes RP crash when issued under control-plane subconfig prompt

CSCsg39295

all

snmp

Syslog Displays Password if SCP or FTP Selected in CISCO-COPY-CONFIG-MIB

CSCsk61555

all

socket

Bus Error Exception in sock_tcp_directwakeup . .

CSCsk81396

all

socket

NAM process crash in 12.2SXF .

CSCsj60938

all

ssh

SCP with redirect option locks up console or VTY line .

CSCef52888

all

tcp

PMTUD: MSS is not adjusted which causes the BGP flaping .

CSCeh35980

all

tcp

after unconfig & config of BGP, seeing a crash in TCP .

CSCek68118

all

tcp

window scale option(03030001) occurs in debug ip tcp packet output .

CSCsj89544

all

tcp

TCP retransmissions get dropped below IP layer. .

CSCsk80935

all

udp

SXF12, SNMP response being broadcast .

CSCsh31782

all

vpn-sm

Bus error crash - show crypto isakmp sa

CSCsi91658

all

wccp

Wccp stops layer 2 redirection when dscp is present in the redirect acl

CSCsl04908

all

wccp

WCCP: shutdown of appliance i/f leads to c6k reload

CSCsl06110

c7600

c7600-acl

DHCP snooping agent: parse failures when importing the DB

CSCsk89335

c7600

c7600-env

After SSO switchover, see 6K DC power supplies mismatched .

CSCsk06769

c7600

c7600-lcsw-bridge

shut on L2 int cause packets to loop back on T1 int causing traffic loss

CSCsk19652

c7600

c7600-snmp

Failed to assert Physical Port Administrative State Down alarm

CSCsj95291

c7600

cat6000-fib

100% CPU (FIB Control Queue Process) after enabling MPLS .

CSCsj58538

c7600

ha-idb-sync

Lots of prowler/patriot interface go down for few second during sso swov

CSCsk66339

c7600

isis

ISIS fails remove native path from local RIB / del path from global RIB

CSCsk08765

c7600

osm-choc-ds0

Bus error when executing 'encapsulation frame-relay mfr' .

CSCsj76268

c7600

osm-ct3

Autosense LMI stops responding invalid lmi type on OSM-12CT3/T1

CSCsk19333

c7600

osm-gigwan

GE-WAN interface shows incorrect link state with ws-g5483 GBIC

CSCsk82821

c7600

tcp

The UUT not able to receive the Large ICMP message.

CSCsi51649

cat6000

cat6000-acl

RP crashes@fm_send_inband_install_message+21C in many cases with NAT

CSCsj60883

cat6000

cat6000-acl

Error msg. Unable to change flowmask to full-flow because Cx is configur

CSCsk21414

cat6000

cat6000-acl

NAC : Buffer leak in small buffer pool .

CSCsk34237

cat6000

cat6000-acl

Egress multicast replication broken due to wccp .

CSCsj68911

cat6000

cat6000-cm

DFC mem leak in SP Logger Proces when redundancy force-switchover issued

CSCsc98471

cat6000

cat6000-diag

show diagnostic sanity fails to check software modularity boot string .

CSCsk60874

cat6000

cat6000-diag

show tech needs 'show diagnostic results' and 'show diagnostic events' .

CSCsk27835

cat6000

cat6000-env

Disable unsupported service modules in SXF Software Modularity images

CSCsk80934

cat6000

cat6000-env

Add errmsg to clearly indicate if lc reset due to power convertor failur

CSCsk33661

cat6000

cat6000-fabric

show platform hardware capacity should include LTL usage .

CSCsk83646

cat6000

cat6000-firmware

BX10 ports don't link-up after Centaurus resets . .

CSCsh34467

cat6000

cat6000-ha

Standby constanly reset due to RF request with large configuration .

CSCsk80787

cat6000

cat6000-ha

SXF12 CLI: system crash when create Po interfaces . .

CSCsk18206

cat6000

cat6000-hw-fwding

TCAM adjacency hardware programming problem with PBR and NAT .

CSCsk70087

cat6000

cat6000-hw-fwding

Sup720 TLB exception created by fill_earl_vlan_stats_hdr .

CSCsc75381

cat6000

cat6000-l2

Native vlan mismatch is not detected if native not allowed on trunk .

CSCsg50698

cat6000

cat6000-l2

18SXF: set entPhysicalAlias of XENPAK cause stdby-reset .

CSCsk33724

cat6000

cat6000-l2

DOM does not work anymore for cwdm gbic/sfp

CSCsh33518

cat6000

cat6000-l2-infra

STP information is not in sync with Active .

CSCsh97848

cat6000

cat6000-l2-infra

Sierra: LACP pdus should be untagged .

CSCsk83524

cat6000

cat6000-l2-infra

L3 physical interface input drop counter is incorrect .

CSCse59209

cat6000

cat6000-lacp

Seeing spurious mem trace back when change etherchannel mode to pagp

CSCek73332

cat6000

cat6000-mcast

Bidir shadow entry is missing some interfaces in oif

CSCsk02962

cat6000

cat6000-mcast

Supervisor Reload after SSO switchover on Multicast MET reconstruction .

CSCsk03679

cat6000

cat6000-netflow

VS2: show mls nde intermittently causes ALIGN-3-SPURIOUS T/B's

CSCsd43185

cat6000

cat6000-qos

Tx queue cos maps for even ports of card WS-X6416-GBIC are incorrect.

CSCsl15604

cat6000

cat6000-qos

Uplink Port becomes untrusted after SSO and shut/no shut of egress port

CSCsl21934

cat6000

cat6000-qos

Port is untrusted after SSO & shut/noshut of any port sharing same asic

CSCsk55012

cat6000

cat6000-snmp

setting portDuplex from 'full' to 'full' may cause standby reset .

CSCsk58810

cat6000

cat6000-snmp

should NOT allow enable port-security on negotiating trunk interface .

CSCsb83142

cat6000

cat6000-span

SPAN / Monitor instances in IOS report ifOperStatus wrongly as down

CSCsg21809

cat6000

cat6000-statistics

Add bridge asic status collection support .

CSCsk24272

cat6000

cat6000-sw-fwding

SUP720-3B RP Crash due to I/O Buffer Leak by NDE w/ NAM 127.0.0.x Addr

CSCsj85485

cat6000

eigrp

EIGRP NSF - MSFC switchover causes hello's to be sent over passive intf

CSCsk88656

cat6000

osm-gigwan

Cat6k: link-flap is observed on OSM-2+4GE-WAN+ after reload .

CSCsd18296

cat6000

osm-qos

Bdwth guarantee not met in cbwfq when cfged with llq in child in MIV .

CSCek39186

cat6000

spa-ipsec-2g

MAC-address for HSRPs VIP not in FVRF vlan if tunnel redirected .

CSCsd92208

cat6000

spa-ipsec-2g

vlan map ocpu is wrong in the active vpnspa after sso+b2b failover .

CSCsk33740

cat6000

spa-ipsec-2g

replay window size of 1024 causes IPSec Policy Check and Replay Failure

CSCsl13477

cat6000

spa-ipsec-2g

SSO not working with crypto maps terminating at same peer address .

CSCsc77148

unknown

novell

Router crash while issuing show ipx cache command. Cleanup SA warnings.


Resolved Caveats in Release 12.2(18)SXF11

Identifier
Technology
Description

CSCsh23142

AAA

aaa local authentication not happening for authproxy .

CSCsh59019

AAA

Avoiding AAA client hangs, if a protocol subsystem is not present.

CSCsj97165

AAA

%AAA-3-BADMETHODERROR: Router crash @ aaa_get_new_acct_reg_type .

CSCsc57207

Access

itevent flooding: code 10 arg0 0 arg1 0 arg2 0 error messages on 7200

CSCsi00099

Access

Spurious Memory Access Error @ ct3sw_check_freedm_fifo

CSCsj37071

Access

PA-MC-E3 will not recover after workload stress

CSCed17607

ATM

Reapplying oam-pvc manage does not send oam cells until shut/no shut

CSCsj57084

ATM

Voice packets in LLQ experience latency

CSCsj78525

ATM

%ALIGN-3-CORRECT, %ALIGN-3-TRACE on the 7500 with 123-22

CSCeg88630

Infrastructure

E3 GE:Linkdown trap via snmp not properly raised

CSCei79855

Infrastructure

IOS resilience fails to work properly with secure boot command .

CSCek56630

Infrastructure

race condition in process_sleep_on_timer code

CSCsb95806

Infrastructure

Incorrect 64bit counter on 1Gb MPLS interface via SNMP .

CSCsg15939

Infrastructure

Switches crash after remove/plug in compact flash

CSCsg43466

Infrastructure

%IPC-5-INVALID: Invalid Dest Port w/ TB @ ipc_xmt_account after SSO

CSCsg71381

Infrastructure

Disabling cisco-specific lsa and tty, removea all ospf trapa from conf

CSCsh28948

Infrastructure

High CPU for sh run/wr mem with PTA sessions up

CSCsh48919

Infrastructure

Embedded spaces in DOSFS dirs/file names cause crash in some platforms

CSCsj58223

Infrastructure

Bus Error after 'show memory' .

CSCsj92874

Infrastructure

Catalyst 6500 May Not Send linkup/linkdown SNMP Traps and may reload

CSCsk10335

Infrastructure

Traceback @ ipc_send_message_blocked during bootup .

CSCsk38461

Infrastructure

Show platform hardware command getting rejected .

CSCeb76035

IPServices

Spurious access or crash from snmp_trap_for_tty

CSCeh65511

IPServices

Connected int IP may not be reachable with a static NAT trans

CSCsg97662

IPServices

Cant disable skinny (tcp 2000) .

CSCsi10974

IPServices

Error configuring dhcp option 67

CSCse13882

LegacyProtocols

Show dlsw peer caused router to crash

CSCsj98895

LegacyProtocols

v2-single-tcp peer connection is established on a non confg/prom peer

CSCsg88433

Management

IP Telephone issues seen with Dhcp snooping and NAC posture validation

CSCsk09197

MPLS

RSVP hello instance remains at shut-down interfaces

CSCek26940

Multicast

Need to unhide interval for send-rp-discovery

CSCsg24505

Multicast

PIM-DM Assert winner does not always send prune

CSCsi03359

Multicast

Sending extra PIM hello if the first one does not go through

CSCsj64230

Multicast

bidir DF election should not be restarted on a downstream interface

CSCsi98355

platform-76xx

LOP does not bring the line protocol down on OSM-1OC48-POS

CSCsj64023

platform-76xx

MPLS: Sup2 OSM sending TTL=0 packets on MPLS VPN

CSCsj93609

platform-76xx

Missing DS3-MIB table entries for OSM-1CHOC12/T3

CSCsj93636

platform-76xx

Incorrect value returned for dsx3TotalUASs

CSCse28421

PPP

%AAAA-3-BADSTR error when Multilink interface goes down .

CSCsd17641

QoS

SIP-400 QOS: after changing hier. policy, the policy no longer attaches

CSCee04271

Routing

eigrp does not send update of poisoned route to stub router

CSCee19119

Routing

IP installs route for PPP interfaces that did not complete IPCP

CSCee73221

Routing

Split Horizon is in effect on redistributed static routes .

CSCei93768

Routing

check heaps CHUNKBADMAGIC crash at BGP Router when remove dmzlink ba .

CSCek62005

Routing

ip prefix list deletes lists before sending notif (causing rtr crash

CSCsc73725

Routing

EIGRP packet pacing should have lower minimum value

CSCsc83742

Routing

BGP MAXPFX Sylog message does not include VRF tableid info

CSCsc98835

Routing

CPUHOG when access-list is modified causes OSPF and BGP session drops .

CSCsd11019

Routing

Rainier:After RPR-Plus switchover standby RP crashes

CSCsd74189

Routing

show ip bgp vpnv4 vrf NAME community-list NAME gives error mesg.

CSCsf05579

Routing

ISIS passive-interface default problem in IOS 12.2(18)SXF

CSCsg21418

Routing

Bus error related to CLNS fast switching

CSCsg40507

Routing

SIERRA:ISIS/BFD session doesnt come up after changing ip-addr of interf

CSCsg71797

Routing

bgp bestpath as-path multipath-relax - command crashes Supervisor card

CSCsg95101

Routing

ALIGN-3-SPURIOUS: Spurious memory access

CSCsh57509

Routing

RIPv2 does not delete redundant paths with different next hops .

CSCsh88825

Routing

bgp: advertisement-interval not nvgened for peer-groups

CSCsi11438

Routing

OSPF does not remove maxage LSAs and age goes to bigger than 16 bit

CSCsi14346

Routing

EIGRP: neighbor command missing in VRF.

CSCsi20281

Routing

Static route redistribution into RIP fails on ACL change

CSCsi25729

Routing

ISIS doesn't enable BFD except after micro reload

CSCsi57971

Routing

ISIS does not advertise prefix of passive interface

CSCsi58867

Routing

CPUHOG After show ip route static or show ip route connected

CSCsj06265

Routing

Switch crashes when doing clear ip ospf process

CSCsj17950

Routing

ISIS redistributed static routes might not be advertised

CSCsj72039

Routing

Prefix not in ISIS database if serial interface and passive

CSCsj77819

Routing

After SSO traffic is punted to the CPU for 20 seconds

CSCsk27685

Routing

FIB-DFC2-4-FIBMSG: Invalid message received On bootup .

CSCdz55178

Unknown

QoS profile name of more then 32 chars will crash the router .

CSCef82084

Unknown

Spurious memory access in pot1e1_tx_interrupt

CSCei76590

Unknown

Different wattage WS-CAC-4000W-US caused PSREDUNDANTMISMATCH output

CSCej02181

Unknown

SLB: cannot configure weight 0

CSCek66590

Unknown

C7600-SSC-400: Crash in show hw-m subslot x status volt

CSCek67701

Unknown

SPA-IPSEC-2G: Crashdump not getting saved on NMI .

CSCek68218

Unknown

sip-600 crashing with diagnostics error online_wan_diag_rp_request

CSCek72777

Unknown

%CWAN_HA-STDBY-4-IFCFG_PLAYBACK_ERROR for 7600 SIP card .

CSCin67370

Unknown

Changing ACL or the crypto map leaves it empty ident tree .

CSCsb29131

Unknown

show crypto ipsec sa identity detail causes system to reload

CSCsb62762

Unknown

Crash no vlan access-map test .

CSCsc28731

Unknown

chassisFanStatus is minorFault when one fan is present on WS-C6509-NEB-A

CSCsd13448

Unknown

IOS SLB custom udp probes don't support faildetect

CSCsd66276

Unknown

IDSM: monitor session dest config removed after two sso switchovers .

CSCsd77622

Unknown

show policy-map interface doesn't show drop counters .

CSCsd88768

Unknown

%SYS-2-BADSHARE: Bad refcount in datagram_done fix for PA-MCX-8TE1

CSCse17175

Unknown

Line down on some serilal interfaces for Chann STM-1 SMI PA

CSCse32876

Unknown

dot1x:cli missing for Ten Gig Ports for dot1x initialize/ reauthenticate

CSCse33420

Unknown

LACP: config for some other port-channel gets removed on bundling ports

CSCsf03730

Unknown

interface remains down even after E1 level local loopback on STM1

CSCsf17739

Unknown

Sup720 SVI does not show multicast traffic rate

CSCsf98341

Unknown

UDLD failed to receive PDU when linked to L3 port.

CSCsg09423

Unknown

IPSEC SAs dont recover after rekey with 3000 IKE SAs and PKI (RSA-Sig) .

CSCsg11616

Unknown

iprouting restart crashes Sup due to Block overrun at 5E64940 (red zone

CSCsg52355

Unknown

RHI Injected routes lost after SUP switchover

CSCsg52740

Unknown

OC48 OSM replicates same packet at line rate

CSCsg55315

Unknown

Packets duplicated out of Gig1/1 when SPAN Monitor session enabled

CSCsg72976

Unknown

CSM - need to add standby state to mib object slbRealServerState

CSCsg99914

Unknown

sip-200 power-cycles after BGP flap (not responding to keepalive)

CSCsh18773

Unknown

Incorrect link behavior with Xenpak

CSCsh33770

Unknown

contrl vlan not set; zamboni remains in initializing state .

CSCsh48983

Unknown

Sup720 GE uplink SFP port ->err-disable on reload of adj switch

CSCsh52941

Unknown

AUTHPROXY:CLI to increase the number of HTTP Proxy process

CSCsh53141

Unknown

IKE SA not getting deleted after clear crypto session

CSCsh80130

Unknown

Add warning/comments to interfaces when Auto Lag is used for interface

CSCsh92031

Unknown

Sierra: Standby RP crashed at auth_proxy_posture_clear_nacl

CSCsi09388

Unknown

VPNSM SA deleted by idle timeout

CSCsi10945

Unknown

Http Auth-proxy with OTP does not display token/SNK challange

CSCsi11874

Unknown

Sup720 DFC forwarding some packets to MSFC instead of hw switching

CSCsi22243

Unknown

Memory leak in *Dead* process due to HTTP Proxy Server

CSCsi24069

Unknown

Collect additional debug info for Modular IOS kernel crashes

CSCsi32655

Unknown

MOD CSG <#> config mode command applied to a running CSM clears config

CSCsi65363

Unknown

Not able to run to t1 loopback when using a PA-MC-T3 with flexwan

CSCsi76115

Unknown

r3:WiSM hw-module reset causes traceback. Cannot decode data descriptor

CSCsi87837

Unknown

IF-MIB does not support gig interfaces on SPA-IPSEC-2G

CSCsi90816

Unknown

show policy-map interface caused sup32 crash . .

CSCsi91324

Unknown

MCAST packet drop when other interface goes down on DFC

CSCsi93273

Unknown

Leak in Big buffer pool on SIP card with NetFlow-export version 9

CSCsi94863

Unknown

New xenpak background task .

CSCsi99234

Unknown

RP crash at validblock with %SYS-6-BLKINFO: Corrupted redzone blk

CSCsi99991

Unknown

When CMM is rebooted, FE goes into ErrDisabled state

CSCsj03722

Unknown

exit command is subject to authorization

CSCsj10744

Unknown

Input queue wedged with Inband Edit Packets on SIP-400

CSCsj11561

Unknown

Inconsistent MTU for Adj. entries used by MLS Netflow and MLS CEF

CSCsj14847

Unknown

crypto connect command dropped after reload on unchannelized 2CT3+ .

CSCsj18014

Unknown

Caller ID string received with extra characters

CSCsj18494

Unknown

Leak +MN to pfc to avoid flooding due to tx span .

CSCsj29583

Unknown

Add warning message to 12.2SXF when configuring PACL

CSCsj30109

Unknown

Cat6k with FlexWan & IPSEC AM making as unreachable BGP neighbors

CSCsj33042

Unknown

Cat6k crashes when unconfiguring vserver (CSM)

CSCsj34552

Unknown

ip address of vlan interface not programmed into spa-ipsec-2g

CSCsj35776

Unknown

Some of the VCs are INACTIVE after SPA OIR

CSCsj40286

Unknown

Interface counters stop working under heavy load

CSCsj42303

Unknown

6K installs ffff.ffff.ffff in CAM table under very specific conditions

CSCsj45951

Unknown

DOM Polling May Cause Link Flaps on Some Xenpak Transceivers .

CSCsj52192

Unknown

FE stays up when remote 'inline powered' is shutdown w/ 100Mbps/Full

CSCsj53663

Unknown

EEM: RP crashed at fh_fd_syslog_event_match

CSCsj56102

Unknown

Upgrade of DFC rommon fails in 12.2SX train IOS

CSCsj56703

Unknown

SSO failover causes RSTP forwarding and physical interfaces blocking .

CSCsj58287

Unknown

7600-SSC-400 crashes on reload

CSCsj61101

Unknown

FRR goes down after few mints when Explicit-null is enabled .

CSCsj64453

Unknown

HSRP support in protocol policing

CSCsj66829

Unknown

Switch crash with clear ip igmp snoop stat and show ip igmp snoop st

CSCsj67096

Unknown

Issue w/NATed traffic on PortChannel (WS-X6408 and WS-X6516) on Sup720

CSCsj68774

Unknown

SIP-600 SXF bus error in const_mpls_collect_imp_te_stats .

CSCsj72251

Unknown

BOOTP replies dropped if DHCP snooping is enabled

CSCsj73669

Unknown

Disable DOM hardware periodic updates (xenpaks/x2s)

CSCsj81067

Unknown

IPSec VPN SPA: OLD-CISCO-CHASSIS-MIB does not return cardType

CSCsj81502

Unknown

show pagp clis are not displaying the correct information .

CSCsj82051

Unknown

Cachelines not invalidated on ICPU in error case .

CSCsk09302

Unknown

CDP packets not received on WS-6704-10GE/CFC links with MLS QoS enabled

CSCsk12525

Unknown

Disabling 67xx line cards with DFC3C/DFC3CXL except WS-X6708-10GE

CSCsk16974

Unknown

Sup2 - Bus Asic #0 out of sync error .

CSCsk17205

Unknown

OSM:MFR LMI packets are not send out through the MFR i/f

CSCsk19590

Unknown

Mem Leak in IKE NODE causes router crash . .

CSCsk20887

Unknown

Packets are route cached on multilink bundle .

CSCsk28585

Unknown

stats is wrong for TE tunnel, right for physical interface for ip2tag .

CSCei22295

WAN

Traceback is seen at fr_svc_teardown_calls

CSCsb87686

WAN

Spurious Access when attempting to configure a connection on MFR bundle


Resolved Caveats in Release 12.2(18)SXF10a

CSCsj92874—Catalyst 6500 May Not Send linkup/linkdown SNMP Traps and may reload

Resolved Caveats in Release 12.2(18)SXF10

Resolved IPServices Caveats

CSCsh04686—Resolved in 12.2(18)SXF10

Symptoms: With X.25 over TCP (XOT) enabled on a router or Catalyst switch, malformed traffic that is sent to TCP port 1998 causes the device to reload. This symptom was first observed in Cisco IOS Release 12.2(31)SB2.

Conditions: This symptom is observed only when X.25 routing is enabled on the device.

Workaround: Use IPsec or other tunneling mechanisms to protect XOT traffic. Also, apply ACLs on affected devices so that traffic is accepted only from trusted tunnel endpoints.

CSCsi39674—Resolved in 12.2(18)SXF10

Symptom: Devices may reload upon receiving multiple short lived TCP sessions to the telnet port.

Conditions: Devices that run IOS and support IOS Software Modularity are affected. Images that support IOS Software Modularity will have "-vz" in their image name.

Resolved Security Caveats

CSCsg40567—Resolved in 12.2(18)SXF10

Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.

Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.

Workaround: Disable the ip http secure server command.

Resolved Unknown Caveats

CSCsi01470—Resolved in 12.2(18)SXF10

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080326-mvpn.html.

CSCsi86396—Resolved in 12.2(18)SXF10

Symptoms: Two subinterfaces may have the same CEF interface index.

Conditions: This symptom is observed on a Cisco Catalyst 6500 series switch and Cisco 7600 series router when the following configuration sequence occurs:

1) Create subinterface 1, 2, and 3.

2) Delete subinterface 1.

3) Create subinterface 4.

4) Enable subinterface 1.

In this situation, subinterface 1 and 4 may have the same CEF IDB.

Workaround: There is no workaround. You must reload the platform to clear the symptoms.

CSCsi99869—Resolved in 12.2(18)SXF10

Symptom: Bus error crash (signal 10) seen after the following error message:

%MCAST-SP-6-GC_LIMIT_EXCEEDED: MLD snooping was trying to allocate more Layer 2 
entries than what allowed (7744) 
 
   

Conditions: This has been observed on a Catalyst6500 running IOS version 12.2(18)SXF1.

Workaround: A workaround exist to disable ipv6 mld snooping via the command no ipv6 mld snooping.

There is no negative impact of implementing the workaround as long as there is no IPV6 multicast traffic in the network.

CSCsj16969—Resolved in 12.2(18)SXF10

Symptom: A Cisco IOS device supporting IPv6 MLD may crash with a data bus error exception and stack trace PC = 0xA0000100

Conditions: Device is running normal production traffic. Presence of malformed MLD packet in this network caused the issue.

Workaround: Disabling MLD snooping on the VLAN or globally on the box will stop the crash.

CSCsg70474—Resolved in 12.2(18)SXF10

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at

http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html.

Other Resolved Caveats in Release 12.2(18)SXF10

Identifier
Technology
Description

CSCse69002

AAA

Accounting of auth failure doesn't work with some switches

CSCsb23106

Access

7206vxr with NPE-G1 bus error crash when OIR PA-2T3+

CSCdv70135

ATM

ATM QoS classes can not be configured.

CSCek39364

ATM

CLI: HA Standby router reloads while unconfiguring atm bundle .

CSCsb26631

ATM

Memory leak - ATM_PVCTRAP process

CSCsb54857

ATM

ATM shaping parameters removed from ATM vc-class for IMA upon bootup

CSCsg30875

Content

wccp blocking telnet to router

CSCsh98343

Content

WCCP redirect-list and mask-acl merge results in wrong redirect info

CSCsi05906

Content

WCCP:appliance failover does not update TCAM adjacency

CSCef66939

Infrastructure

VRF aware SNMP may generate trap with incorrect address

CSCeh65692

Infrastructure

Align Spurious memory access errors .

CSCeh74715

Infrastructure

SNMPv1 should not send traps with counter64

CSCsd13491

Infrastructure

show memory statistics history displays wrong values in processor pool

CSCsd46517

Infrastructure

Huge Memory allocation on c1721 during snmpwalk .

CSCse98807

Infrastructure

Traceback, Process=SNMP Timers, %SCHED-3-STUCKMTMR during regression .

CSCsi22502

Infrastructure

installer imf.tar file not being zipped creates uninstallable image

CSCsi99930

Infrastructure

%Error opening slavedisk0:/<filename> (Cluster chain broken on file)

CSCek66164

IPServices

show command pipeline redirect into rcp crashes the router

CSCsd43344

IPServices

isis-nsf info doesnt sync with standby in SSO mode .

CSCsd87810

IPServices

IOS tftp server should not differentiate between / and backslash in path

CSCsh31939

IPServices

c2w1:ciscoFtpClientMIB:Get & Set opration cause process deadlock & crash

CSCsi29875

IPServices

3/27: SP: oir_rf_reload_self: icc_req_imm failed, node not booting

CSCsi45840

IPServices

ARP requests for HSRP virtual IP may fail after switchport cmd is used .

CSCsi77774

IPServices

On modular IOS,Telnet on VRF int is allowed irrespective of vrf-also key

CSCsi78162

LegacyProtocols

SNASw %DATACORRUPTION-1-DATAINCONSISTENCY messages

CSCsg05873

Management

Buffer leak with SNA Focalpoint PU consuming middle buffers with NMVTs

CSCse22161

QoS

RP pool Memory corruption SXF4 - checkheaps_process/validblock crash

CSCsi05251

QoS

bus error crash at get_rateinterval_from_service_policy at subint delete

CSCef34800

Routing

BGP changes to accept max value for MED attribute

CSCeg43753

Routing

Router crashes at bgp_vpnv4_revise_route_update - corrupt PC & Sig10 .

CSCeg58039

Routing

BGP: changing the max-paths value may cause a crash .

CSCsb63652

Routing

bgp aggregate-address results in high BGP Router process utilization .

CSCsb96034

Routing

Traffic down for too long after SSO switchover .

CSCsd41237

Routing

vrf import map is not working .

CSCsd52225

Routing

BGP soft-reconfiguration keeps the old next-hop

CSCsd72747

Routing

nssa summary to null0 disappears after 'clear ip ro *'

CSCse91962

Routing

prefix stays in BGP table with RD 0:0 even after vrf's RD is configured

CSCsf32449

Routing

Sup720 MVPN PE - Tunnel does not come back up after reload .

CSCsg14026

Routing

Routers/Switches forward traffic destined to Class E Addresses

CSCsg52336

Routing

Crash at ospf_flush_area_summary_lsa after 'no ip vrf' of unassigned vrf

CSCsh61119

Routing

High CPU due to ARP refresh triggered by Serial interface flap

CSCsh80008

Routing

BGP: soft reconfiguration inbound and neighbor weight has no effect

CSCsi45422

Routing

iprouting.iosproc process reloads when making changes to static routes

CSCsi62559

Routing

SPD classifies OSPF IP Precedence 0 as priority .

CSCsj23579

Routing

Invalid memory action (malloc) @ SSO Switchover .

CSCei07548

Security

ocsp response timestamps are mishandled

CSCei85164

Security

OCSP fails when timezone is configured

CSCsh37957

Security

IPsec MIB entries not populated, IKE entries seem OK

CSCei52830

Unknown

Banner command sync is broken by CSCin86483 .

CSCej32124

Unknown

no mls verify commands doesnt take effect on standby supervisor

CSCek37222

Unknown

FR-flat:classification is broken in class-default with random-detect .

CSCek54572

Unknown

crash at ace_create_cm_head_node .

CSCek57760

Unknown

IP MTU of GRE tunnel not used by SPA-IPSEC

CSCek68265

Unknown

Major alarm on active caused syst. shutdn instead of swover to stdby

CSCek75394

Unknown

High CPU after enabling MPLS on interface .

CSCek77954

Unknown

test platform firm get cu-sfp-phy print-reg <port> <reg-no> .

CSCsa75285

Unknown

WS-X6582-2PA crashing cisco7600 when booting up with PA-MC-STM-1SMI

CSCsb13358

Unknown

failaction gtp purge doesnt delete some gtp stickies when probe fail

CSCsb14543

Unknown

t/b pm_port_counters_lock on module reset of active supervisor

CSCsb57042

Unknown

%SYS-SP-3-OVERRUN at test_hm_diag_scratch_regs

CSCsc11689

Unknown

Configure/Unconfigure PACL may cause memory leak.

CSCsc33080

Unknown

%PFINIT-SP-1-CONFIG_SYNC_FAIL_RETRY: Sync'ing the private configuration

CSCsc83961

Unknown

Both APS protect & working ports forwarding traffic

CSCsd33992

Unknown

%PM-SP-STDBY-3-INTERNALERROR: when boot up

CSCsd77207

Unknown

Bidir traffic changed from HW to SW switch after add 200 sub-inf quickly

CSCsd79536

Unknown

Standby RP crashes once at reload after installing set of patches .

CSCse54191

Unknown

CSM fails over when incorrect HSRP group fails

CSCse98369

Unknown

class-default bandwidth percent 100% - SPA ATM fails

CSCse98795

Unknown

bus error while printing access-list

CSCsf18752

Unknown

mls ip slb search wildcard rp breaks gtp slb if 2 sfarms are confgd

CSCsf23115

Unknown

SUP720 does not recognize FAN2 after one of fans failed. .

CSCsg06577

Unknown

'Desc ordr internal vlan allocation' brings up sup with major diag error

CSCsg07870

Unknown

crash seen on switchover at pf_redun_sync_port_asic_on_swover .

CSCsg16272

Unknown

Catalyst6500 LinkDown snmp trap does not generate while performing OIR .

CSCsg30355

Unknown

OIR of redundant sup w/ CatOS crash the Cat6500 System running IOS

CSCsg38231

Unknown

'crypto eng gre vpnblade' cmd does make the tunnels to be accelerated by

CSCsg55237

Unknown

L2 flooding stops when new MAC address entries are learnt

CSCsg92670

Unknown

7600 : MLS FIB frozen, Sanity Check of MLS FIB s/w structures failed

CSCsh20211

Unknown

'Complete' diags fail TestNetflowInlineRewrite test on Service Modules

CSCsh33128

Unknown

MMLS/MVPN: Partial SC internal vlan not included in (*,G)

CSCsh34872

Unknown

With mls mpls recirc configd primary internal vlan has vpn-num .

CSCsh36377

Unknown

crypto connect cmd not updated in standby RP for ATM subif .

CSCsh38728

Unknown

Show int displays half even if port is hard coded to full

CSCsh39318

Unknown

10K / PRE-2 crashes at %MROUTE-4-ROUTELIMIT

CSCsh49239

Unknown

After redundancy failover Mcast packets drop for 60-90sec on SUP uplink

CSCsh54951

Unknown

PBR: TCAM incorectly programmed when match statement is NOT used

CSCsh61061

Unknown

VPM-SM:ISAKMP Lifetimes do not replicate correctly in interchassis setup

CSCsh62565

Unknown

SSH keys regenerated every hour cause route flaps due to high CPU load

CSCsh68976

Unknown

memory leak at xcvr_idprom when executing show hw-module all tranceiver

CSCsh77220

Unknown

SSO failover causes certain configs being removed .

CSCsh94882

Unknown

Unity client not initiating mode config should be rejected

CSCsh98909

Unknown

VRRP traffic not hardware switched on Sup2/MSFC2

CSCsh99351

Unknown

Packet reflection on EoMPLS links

CSCsi00173

Unknown

Bus error at crypto_ipsec_unlock_peer .

CSCsi02885

Unknown

OSM-1CHOC12/T1-SI incrementing abort, interface administrativel

CSCsi12289

Unknown

FWSM Does Not Display Correct Timezone for DST

CSCsi15191

Unknown

BOM messages observed while activation of rollback on stndby supervisor

CSCsi16904

Unknown

VPN-SPA does not send ISAKMP packet with notification payload included

CSCsi40628

Unknown

Dual RSPAN session causes loop between 2 6500 chassis .

CSCsi41791

Unknown

Leak: SPA-IPSEC-2G crash-> No More Free Buffers ; SPA_IPSEC-3-PWRCYCLE .

CSCsi42270

Unknown

IOS-SLB Radius Server LB may not mark a real as failed

CSCsi42517

Unknown

SRB Crashes when upgrading from SXF to SRB with SLB stateful config

CSCsi52209

Unknown

7600-sip-600 crash at PXF-DFC1-2-FAULT: T0 OHB Exception: SLIP FIFO full

CSCsi60125

Unknown

Hosts receive TCP RST due to incorrect NAT translation on cat6k .

CSCsi64204

Unknown

SXF:SIP400:ATMSPA Noticeable delay in output of show int atm command

CSCsi69350

Unknown

Newly active crashed on upgrading rp rommon @ emt_call .

CSCsi76192

Unknown

r3:show wism status not populated until standby up after SSO

CSCsi90011

Unknown

User Auth after Machine Auth causes dot1x security violation

CSCsi91875

Unknown

Cat6k crashes when unconfiguring vserver during snmp poll

CSCsi97192

Unknown

Vrf Agg label is not programmed in vpn-cam, SP thinks it as Ipv6 Agg lab

CSCsi98993

Unknown

Block FPD for Intel SPROM based ATM SPAs

CSCsj01891

Unknown

%SYS-SP-3-OVERRUN at test_hm_diag_scratch_regs

CSCsj04905

Unknown

IOS-SLB: FWLB sticky config not get removed

CSCsj16292

Unknown

DATACORRUPTION-1-DATAINCONSISTENCY: copy error

CSCsj23211

Unknown

'Complete' diags fail TestNetflowInlineRewrite test on Service Modules

CSCsj27811

Unknown

EOBC buffer leak caused by CMM module .

CSCsj28277

Unknown

Sup720 ignores IGMPv3 report if first group in Exclude list is 224.0.0.x

CSCsj30444

Unknown

SUP-2 Router crashes after boot UP

CSCsj40706

Unknown

incorrect ifIndex from multi HC OID Get to various cards

CSCsj47546

Unknown

POS: RDI-P must not be sent when the interface detects PLM-P

CSCsj60722

Unknown

TestNetflowInlineRewrite: diag failure on bootup

CSCsi33554

WAN

Connected net for virtual-template is not created in vrf routing table


Resolved Caveats in Release 12.2(18)SXF9

Resolved Caveats for Product `all' and Component `pim'

CSCsd95616—Resolved in Release 12.2(18)SXF9

Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080924-multicast.html.

Resolved Caveats for Product `all' and Component `socket'

CSCse56501—Resolved in 12.2(18)SXF9

A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080326-IPv4IPv6

Resolved Caveats for Product `all' and Component `ssh'

CSCsc19259—Resolved in 12.2(18)SXF9

The server side of the Secure Copy (SCP) implementation in Cisco Internetwork Operating System (IOS) contains a vulnerability that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. This vulnerability could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information.

The IOS Secure Copy Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS Secure Copy Server service are not affected by this vulnerability.

This vulnerability does not apply to the IOS Secure Copy Client feature.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-scp.html.

CSCse24889—Resolved in 12.2(18)SXF9

Symptoms: Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.

Conditions: This symptom is observed on a Cisco platform that is configured for SSH version 2 after it has received malformed SSHv2 packets.

Workaround: As an interim solution until the affected platform can be upgraded to a Cisco IOS software image that contains the fix for caveat CSCse24889, configure SSH version 1 from the global configuration mode, as in the following example:

config t  
ip ssh version 1 
end  

Alternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:

!10.1.1.0/24 is a trusted network that
!is permitted access to the router, all
!other access is denied
 
   
access-list 99 permit 10.1.1.0 0.0.0.255
access-list 99 deny any
 
   
line vty 0 4
access-class 99 in
end 

Further Problem Description:

For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cntrl_acc_vtl.html

For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Resolved Caveats for Product `c2800' and Component `voice-xgcp'

CSCsd81407—Resolved in 12.2(18)SXF9

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html.

Resolved Caveats for Product `c3600' and Component `voice-sip'

CSCeb21064—Resolved in 12.2(18)SXF9

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html.

Other Resolved Caveats in Release 12.2(18)SXF9

Identifier
Product
Component
Description

CSCsh82746

all

7x00-t1e1

Input Errors Counter not incrementing properly with Runt Errors

CSCsb45696

all

802.1x

Crafted EAP Response Identity packet may cause device to reload

CSCef27578

all

aaa

The router crashes when test aaa stop CLI is issued

CSCsh74025

all

atmcommon

clns packets not being punted by an enhanced flexwan .

CSCsd32373

all

bgp

BGP does not flag multipath correctly, causing loadbalancing issues .

CSCse04220

all

bgp

Clearing IPv6 BGP sessions can cause crash .

CSCsi06948

all

bgp

Bus error when issuing BGP dampening related commands .

CSCsi58259

all

c7600-atom

EARL7 PFC EoMPLS: CE to CE connectivity is broken with ATM as core

CSCsb19159

all

cat6000-filesys

Command copy const_nvram:vlan.dat startup-config might crash switch .

CSCsh94940

all

cat6000-hw-fwding

Supervisor crash by memory corruption (BADFREEMAGIC) in free block .

CSCsg52887

all

clns

SegV at ctunnel_oqueue when 'no ctunnel destination' on one side

CSCsd25653

all

comm-serv

vrf-also in named ACL for VTY line not saved in running configuration

CSCsi34572

all

dot1x-ios

PC does not get a new DHCP address for machine authentication dot1x

CSCeh78345

all

eventmgr

Ensure EEM policies close tty session properly upon exit.

CSCea53765

all

fib

Facility to periodically validate adjacency prefix against RIB

CSCsh76592

all

fib

Crash in mtrie_longest_match when VRF is removed from config

CSCsa72748

all

fr

router crash due to watchdog timeout on frame relay broadcast

CSCek55001

all

ifs

Dir /recursively with many directories crashes the router

CSCsf04921

all

ifs

18SXF6: getnext loop condition detected on ciscoFlashFileTable .

CSCsg40016

all

ifs

show tech causes various system problems

CSCsi42143

all

ifs

Image installation fails with error msg 'Failed to create output file' .

CSCsh74322

all

install

rp fails bootup when reload installed image with 42 patch in 1 tar ball

CSCsh35311

all

ios-authproxy

Proxyacl downloaded from the ACS cause spurious memory access

CSCek39048

all

ip

Modular IOS: default distribute-list route-map crash router .

CSCse44079

all

ipmulticast

Multicast UDL - High CPU in IGMP Input when UDL interface down .

CSCsd50828

all

ip-pbr

AS-path based redistribution fails

CSCsg42246

all

ip-rip

CPUHOG in IP Background, and router reload .

CSCsh57795

all

ip-rip

Removing 1 RIP neighbor removes all neighbors

CSCsh85355

all

ipsec-core

Address Error exception at crypto_ipsec_clear_peer_sas

CSCsg99872

all

ipsec-isakmp

VPNSM: IPSEC accounting (start/stop) not sent under some conditions

CSCsg47462

all

ip-tunnels

Address error crash at tunnel_ep_addr_compare

CSCsb07279

all

isis

Adding new on route-map which is redistributed by ISIS, is not seen

CSCsi41944

all

isis

Virtual Exec CPUHOG

CSCsd32192

all

mcast-switching

GRE Tunnel With Checksum Enabled Does Not Transmit Multicast Packets

CSCsd40153

all

mpls-ldp

Rainier: label is not advertise to downstream ldp neighbor after reload

CSCsf98345

all

mpls-ldp

vrf-interface down cause LDP peer reset

CSCsh83034

all

mpls-lfib

High CPU on Supervisor caused by FIB Control Task process

CSCsh82993

all

mpls-vpn

Aggregate label missing if static route exists for same network

CSCsc93633

all

nbar

Software bus error crash on 7206VXR w/12.3(14)T3 w/ NBAR configured

CSCsd59610

all

os

%SYS-4-REGEXP: new engine: regexp compilation had failed.

CSCsg42072

all

os

Virtual Exec sessions not freeing memory

CSCsi62514

all

os

SXF9: ION image not bootable ROCKIES3_INTEG_070423

CSCek70058

all

osm-qos

OSMs may crash due to memory corruption on applying certain qos config.

CSCse60482

all

osm-qos

OSM QoS per VLAN shaping not configurable for EoMPLS with TE Tunn

CSCsc52057

all

ospf

OSPF passive-interface default bleeds to OSPF VRF subinterfaces

CSCse64565

all

ospf

OSPF passive-interface default pb when converting switchport to L3

CSCsg92954

all

pas-chstm1

Poor Voice Quality over congested Links

CSCef89952

all

pim

Router crashes when state-refresh message is rcvd for non-dense grp .

CSCsd16043

all

pim

Auto-RP for multicast may prematurely expire the group to RP mappings .

CSCeg38418

all

pki

Router crash when OCSP server use key hash as id

CSCsd09892

all

qos

no fair-queue causing VIP crash .

CSCse94388

all

qos

SIP200 crash at dlfi_do_fragment on HQF with priority .

CSCsi01422

all

qos

Hierarchical Frame-Relay QoS does not work .

CSCse51263

all

rcp

RP side console Exec process hangs deadly sometimes

CSCsf08419

all

remote-registry

EIGRP memory leak in registry_ion.c when neighbor flaps.

CSCsh83559

all

remote-registry

Modular IOS: memory leak in xdr_reference

CSCse80032

all

snmp

Mediation Device cannot resync SNMP engine time after 7600 reload .

CSCse95758

all

snmp

Access Lists support for all CONFIG-COPY-MIB protocols under snmp-server

CSCsh79371

all

snmp

SNMP memory leak for Modular IOS on 12.2(18)SXF6 .

CSCsi08777

all

spa-ipsec-2g

Memory Leak seen in Chunk Manager process .

CSCsi42769

all

spa-ipsec-2g

VPNSPA crashes with large certificates (PKI) .

CSCsf32211

all

spa-pos-oc3-12

Input bytes counter continues incrementing when a line protocol is down

CSCsb74409

all

ssh

IOS ssh client blocks Virtual Exec / SSH Process

CSCse79611

all

ssh

SSH source-interface command not working

CSCse53090

all

tcl-bleeding

After console timeout, access can be done to standby console.

CSCed95187

all

tcp

IP ID field is predictable for connectionless RST packets .

CSCef13860

all

tcp

Invalid TCB pointer traceback on exiting from a CPU session

CSCsg00846

all

tcp

Crash of RP blob due to a missed inetd_service_mutex unlock

CSCsg19598

all

tcp

SSH session hangs intermittently

CSCsg56926

all

tcp

no logging console not working in ION for tcp debugs

CSCsi51178

all

tcp

Switch crashes due to ssh session at pak_client_set_pid .

CSCsb86257

all

telnet

Named ACL configured on VTY in with VRF

CSCsd42600

all

telnet

%SYS-3-BAD_RESET alongwith SegV exception crash

CSCsh56081

all

trans-bridging

Spanning tree of vlan-bridge is operated incorrectly

CSCsg99600

all

udp

Modular IOS : ip helper address 1.1.1.255 not work

CSCsh21505

all

udp

ip helper address on vrf interface in ION, dhcp routed with global table

CSCsh75069

all

udp

Input Queue Wedge with UDP Echo packets .

CSCsi23203

all

vipmlp

Remove service policy from T1 prior to adding it to the multilink bundle

CSCuk61773

all

wccp

WCCP: ignore redirect assignment messages with identical content

CSCsd76528

c10000

qos

Queues not released after deletion of mtch vlan for HQoS policies .

CSCsa46154

c12000

ip-pbr

12.0(27)S03.1118 Deleting 100 Route-Maps at a time forces failover to RP

CSCsd84497

c2800

ios-authproxy

auth-proxy requests stuck in init state

CSCeg51185

c6venus-slb

laminar

New varbinds reqd in slbRealStateChange & slbVirtualStateChange trap

CSCek31610

c6venus-slb

laminar

IOS changes to support sticky replication in CSM

CSCsb84087

c6venus-slb

laminar

CSM: config-sync cmd not able to remove vlan from standby csm port-chann

CSCsd24461

c6venus-slb

laminar

Configuring CSM with SSL stickyness shows as src-ip stickyness.

CSCsh74881

c6venus-slb

laminar

CSM with a pair of bridged vlans can cause a variable to not function

CSCsg79810

c7600

c7600-sip-400

The MPLS MTU is overruled by the ip mtu on ATM interface

CSCsi10231

c7600

c7600-sip-600-vpls

VPLS: VC types 4 and 5 can not co-exist within same VFI on 7600-SIP-600

CSCsi22379

c7600

c7600-sip-600-vpls

SIP600 vpls drops packets from VC Type 4 neigh when control word present

CSCek25660

c7600

cat6000-hw-fwding

tarceback found at l2_modify_one_entry(0x207b9614)+0x48 .

CSCse61387

c7600

cat6000-qos

After LC is removed, show policy-map control-plane still show LC counter

CSCse89548

c7600

cat6000-routing

SYS-DFC4-3-CPUHOG::FIB Control Queue Task

CSCsh23192

c7600

loadbal

DNS probe does not recover after failure when configured with VRF

CSCsi77083

c7600

osm-ucode

Fix for CSCsh21998 in v122_18_sxf_throttle is erroneous

CSCsh46565

c7600

qos

PWAN2 HQoS(LLQ): shape ave rate is not applied .

CSCsi48550

c7600

vipmlp

dMLP: account lost_frags& rx discards as bundle intf input error

CSCsd08468

cat6000

c7600-mpls

SP crash at %EARL_L2_ASIC-SP-4-L2L3_SEQ_ERR due to invalid packets

CSCsg91545

cat6000

cat6000-acl

ACL TCAM inconsistency seen if ipv6 acl with 2k mask is used .

CSCsh76923

cat6000

cat6000-acl

Memory Corruption or bus error crash on cat6k running NAT .

CSCsf29400

cat6000

cat6000-cmm-voice

Native IOS Sup discards or filters ARP replies from CMM for ACT module

CSCsh49043

cat6000

cat6000-firmware

Output drops in Queue3 after changes in cos-map config on 6148A-GETX .

CSCsh89589

cat6000

cat6000-firmware

ARP fails on FWSM with SFM or SFM2 and S2/MSFC2

CSCsc77287

cat6000

cat6000-ha

SIERRA: Telnet/console: freeze by remote command module slot

CSCsh45258

cat6000

cat6000-ha

delay execution of redundancy force switchover in case stdby nrd .

CSCek68281

cat6000

cat6000-hw-fwding

Syslog instead of crashing on correctable FIB SSRAM ECC errors

CSCsd95877

cat6000

cat6000-hw-fwding

%MLS_ACL_COMMON-SP-4-MLS_ACL_CONSIST appears on active SP on sso.

CSCse90572

cat6000

cat6000-hw-fwding

FIB TCAM exception related enhancements

CSCsb85030

cat6000

cat6000-l2

lost connectivity after port security disabled/removed - packets drop

CSCsf20751

cat6000

cat6000-l2

FlowControl inconsistency between Po and gig interfaces after SW upgrade

CSCsh38443

cat6000

cat6000-l2

Removing associated vlan would trigger the mac-add to get purge every 5m

CSCsh98208

cat6000

cat6000-mcast

PIM Snooping strips out Prune List in a (*,g) Join (s,g) RPT prune msg .

CSCsi57912

cat6000

cat6000-mpls

6PE: router mac not programmed for the IPV6 MPLS reserved vlan after SSO

CSCse10113

cat6000

cat6000-netflow

Missing hwidb for fibhwidb netflow_vlan1038 (ifindex 216) : .

CSCsg47044

cat6000

cat6000-netflow

NDE is not exporting packets

CSCsf11787

cat6000

cat6000-oir

EARL bus idle error occurs when the switching bus stall occurs

CSCsg72678

cat6000

cat6000-oir

TCAM entries not displayed for DFC card after OIR .

CSCsh93083

cat6000

cat6000-routing

Hadware uRFP with ACL stops after reboot

CSCsg49395

cat6000

cat6k-vs-infra

%BIT-SP-4-OUTOFRANGE: bit is not in the expected range

CSCsb44267

cat6000

cwpa

bus error crash when forwarding IPX over GRE

CSCsg09757

cat6000

ios-infra

MP(Maintenance Pack) information missing in the MIB .

CSCsh96773

cat6000

laminar

CSM FT : unable to track port-channel interfaces

CSCsi73534

cat6000

laminar

CSM: CSCsb84087 breaks config-Sync feature

CSCse34615

cat6000

loadbal

Radius Acct on-off messages are dropped by Vserver

CSCse56921

cat6000

loadbal

GTP SLB Reloads at the time of session/sticky creation in multiple vserv

CSCsb01373

cat6000

msfc-filesys

MSFC3: Free NVRAM space reduces every time config is written to memory

CSCsg45480

cat6000

osm-ucode

Prevent Invalid IP Packets from OSM causing L2/L3 errors and SP crash

CSCsh21998

cat6000

osm-ucode

MPLS: Sup2 OSM sending TTL=0 packets with aggregate summary-only

CSCsf25728

cat6000

sr-bridging

Unable to session to FWSM when source-bridge ring-group is configured

CSCsg38618

wism

wlc-infra

Session to a 24 bit address fails on WiSM


Resolved Caveats in Release 12.2(18)SXF8

Resolved Caveats for Product `all' and Component `dlsw'

CSCsf28840—Resolved in 12.2(18)SXF8

A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.

There are workarounds available for this vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070110-dlsw.html

Resolved Caveats for Product `all' and Component `ftp'

CSCsg16908—Resolved in 12.2(18)SXF8

Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.

The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.

This vulnerability does not apply to the IOS FTP Client feature.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070509-iosftp.

Resolved Caveats for Product `all' and Component `pki'

CSCsd85587—Resolved in 12.2(18)SXF8

A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

The vulnerable cryptographic library is used in the following Cisco products:

Cisco IOS, documented as Cisco bug ID CSCsd85587

Cisco IOS XR, documented as Cisco bug ID CSCsg41084

Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999

Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348

Cisco Firewall Service Module (FWSM) CSCsi97695

This vulnerability is also being tracked by CERT/CC as VU#754281.

Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070522-crypto.html .

Note: Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/en/US/products/csa/cisco-sa-20070522-SSL.html

Resolved Caveats for Product `all' and Component `ssl'

CSCsb12598—Resolved in 12.2(18)SXF8

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070522-SSL.html

Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/en/US/products/csa/cisco-sa-20070522-crypto.html

A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

Resolved Caveats for Product `cat6000' and Component `osm-ucode'

CSCsg40425—Resolved in 12.2(18)SXF8

Symptoms: An Optical Services Module (OSM) may reset unexpectedly and generate the following error messages:

%POSLC-3-SOP: TxSOP-0 SOP. (source=0x18, halt_minor0=0x4000)
%CWANLC-3-FATAL: Fatal Management interrupt, gen_mgmt_intr_status 0x0,
line_mgmt_intr_status 0x1, reloading

Conditions: This symptom is observed on a Cisco Catalyst 6500 series and Cisco 7600 series.

Workaround: There is no workaround.

Other Caveats Resolved in 12.2(18)SXF8

Identifier
Technology
Description

CSCsd49317

AAA

no tacacs-server administration causes router hang .

CSCsg43322

AAA

AAA: No free authorization/accounting lists for network

CSCsa91863

Access

PA-E3 may reports LOF on reload

CSCse06752

Access

LAM /32 cef entry shows unresolved

CSCdy11156

ATM

13E:12E:RP crashed while applying config on ATM-PA,mgd_timer_stop .

CSCea82222

Infrastructure

timeout login response is broken on TTY and VTY lines with no AAA

CSCek42751

Infrastructure

%Error opening system:/running-config (No such file or directory)

CSCek58966

Infrastructure

Remove IPSLA Feature CLI From Modular IOS

CSCek64188

Infrastructure

Fragmentation fix of CSCek64051 is incomplete

CSCek65370

Infrastructure

Disable IP SLA CLI/SNMP from modular ios image in SXF

CSCsc04397

Infrastructure

Spurious memory access made at Fcheck_interface_state

CSCsc09336

Infrastructure

fix memory leak in display_posix_memory_info ion_lib_show_memory.c .

CSCse56676

Infrastructure

Some SNMP notifications go to the wrong host

CSCsg22769

Infrastructure

CPU utilization goes beyond 99% due to dfs_disk1.proc. .

CSCsh23981

Infrastructure

IPC ISSU: First message to seat 0x2070000 not found .

CSCee30364

IPServices

ip ftp username not used after username was previously used in URI .

CSCek12203

IPServices

File system issues after unsuccessful FTP operation. .

CSCsb27868

IPServices

DHCP Relay should unicast offer/ack on unnum ethernet sub- int

CSCsc12899

IPServices

SSM Mapping configuration inside a VRF broken

CSCse05736

IPServices

A router running RCP can be reloaded with a specific packet .

CSCsg49987

IPServices

HSRP learned groups appear in SNMP MIB

CSCsh29830

IPServices

NAT: Clear IP NAT translation * creates hardware entry for RSHELL.

CSCsc68540

MPLS

mplsTeNotifyPrefix trap emitted instead of correct TE trap name

CSCsg44555

MPLS

7600 MPLS TE mid-point stuck at up/down and Juniper headend up/up

CSCsg86806

MPLS

Client over MPLS unable to ping interfaces

CSCsh58729

MPLS

crash while configuring multiple back up path tunnels

CSCsc25557

platform-76xx

PORT3: Router crashed in CWAN OIR Handler in attempt to lock a semaphore

CSCsg21429

platform-76xx

STM-16 interface in OSM line card flaps endlessly upon SUP switchover .

CSCsg40425

platform-76xx

OSM-1OC48-POS-SI+ keeping reset due to POSLC-3-SOP .

CSCsg87037

platform-76xx

ATM OSM has compatibility issue with 3rd vendor device

CSCsh41006

platform-76xx

change earl reset patch-limit crash disable test cmd to a config cmd

CSCse91675

PPP

SWMLP: all intf are going down w/46 byte pkt size 8links/bundles@LR trfc

CSCeh82893

QoS

PP:R3:SIP400:QOS: LLQ+police drop rate counters are broken

CSCek34117

QoS

SIP1+ATM(OC3 SPA): Crashed at hqf_walk_and_police_inline() .

CSCsd56696

QoS

A2A: FR Adaptive shaping is not accurate .

CSCef15420

Routing

router reload at ed_get_reuseintervals Part II

CSCef84062

Routing

Bus error in bpath_unlock due to null path .

CSCeg03019

Routing

cef not working between different tunnels .

CSCek48274

Routing

clear ip bgp soft in may not delete all the BGP prefix

CSCsa49922

Routing

EIGRP internal route remains in RT but not in topology table

CSCsb34032

Routing

ISIS: router exception at mgd_timer when un-config isis cmds

CSCsc46337

Routing

BGP peer doesnt have an Index, session will not establish .

CSCsc83821

Routing

ISIS: TLV 237 not found in database when isis metric is configured

CSCsd59023

Routing

RP Arping for adjacent next-hop bringing up PTA sessions with AAA .

CSCse24873

Routing

Default-information originate in BGP shouldnt be tied to peer group

CSCse34050

Routing

ISIS keep advertizing passive interface, even after doing shutdown

CSCsf20947

Routing

BGP 'neighbor default-originate' advertisement ignored after link flap.

CSCsf26043

Routing

Cat6k Selective Packet Discard not classify ISIS at high-priority

CSCsg11830

Routing

12.2(18)SX Default-information originate does not generate default route

CSCsg26492

Routing

Error: can not find acl. Abort - msg when removing permit entry in ACL .

CSCsg43140

Routing

Switch may crash due to bgp over vpn .

CSCsg46638

Routing

BGP does not send withdraw when distribute-list is configured

CSCsg55209

Routing

BGP paths increase, with same prefix and next-hop under soft-reconfig .

CSCsg65298

Routing

OSPF: connected network learnt via ospf after interface shutdown #2

CSCsb54378

Security

watchdog timeout crash when starting ssh session from the router .

CSCsd76601

Security

Resuming SSH Session Fails After Other Session Has Been Disconnected .

CSCsd92405

Security

router crashed by repeated SSL connection with malformed finished messag

CSCse40423

Security

With ATM, tunnel interfaces do not ping until a shut-noshut is done .

CSCec76468

Unknown

crash in show route-map when delete route-map during concurrent conf

CSCef56327

Unknown

PA-MC-STM1: Cannot set/keep clock source line in config

CSCeg02918

Unknown

Bus Error at auth_proxy_proc_profile

CSCeh54725

Unknown

MIB object go into loop during snmp query

CSCei09247

Unknown

Local serial link goes up/down when remote link is admin down

CSCei12353

Unknown

Flow End sysUpTime higher value than the Router sysUpTime

CSCek55639

Unknown

Failed to assert Physical Port Administrative State Down alarm

CSCek65022

Unknown

7600-SSC-400: SPA-IPSEC-2g EFC clock hardware issue .

CSCek66277

Unknown

Diagnostics test 18 TestAclDeny should be marked Disruptive .

CSCsa97042

Unknown

Secured port dropping traffic after applying & removing mac-filter

CSCsb64767

Unknown

Unconf/confg port of L2 Eth chnl stop Mcast Traffic fwding out the port

CSCsc08947

Unknown

6k IOS Autostate: L3 int up/up if last L2 port disabled while L3 is shut

CSCsc69076

Unknown

SIP1-ChOC3: Spurious access at swsb_delete on unconfig of T1 chnl group

CSCsc73699

Unknown

Bus error at ipflow_get_template_id with NetFlow v9 .

CSCsd19181

Unknown

Crypto connect command is dropped from serial interface after reload .

CSCsd74091

Unknown

Misc. fixes for GCE handling for standby as DFC

CSCsd98852

Unknown

EEM does not allow read from stdin

CSCse37364

Unknown

traceback @ hal_get_dist_job on toggling mmls

CSCse39956

Unknown

VPLS:UCODE:Replication broken when CW followed by NO_CW VC

CSCse49388

Unknown

Tunnel int fails to receive traffic when links of a diff tunnel shut .

CSCse65726

Unknown

command no tacacs-server admin resets router

CSCse66269

Unknown

ION free memory dropping during mcast failovers but no process leaking

CSCse84602

Unknown

Error messages from Standby Sup when configuring OSM card channelization

CSCse84695

Unknown

Standby supervisor may crash when configuring osm card past FREEDM limit

CSCse88708

Unknown

Early stop of Bert test on OSM-1CHOC12/T1-SI produces error

CSCse97422

Unknown

crash on sup720, when executing 'sh tech' with long regexpr .

CSCsf10605

Unknown

crypto session count incorrect after ungraceful disconnect

CSCsf31458

Unknown

R3Vail: SupW image - entPhysicalTable is not SSO aware. .

CSCsg01366

Unknown

CSM config sync cause stacks to run low and crash router

CSCsg02241

Unknown

SUP720/SUP32 NAT translates incorrectly

CSCsg02391

Unknown

PORT_SECURITY-SP-2-INELIGIBLE error after module reset

CSCsg03739

Unknown

cat6k with vpnsm several possible crypto ikmp leaks .

CSCsg07525

Unknown

Periodic (30sec) traffic loss/dup over dis port-cha due to wrong RBH

CSCsg08200

Unknown

JQL: Bootup diagn for LC detect major failure after RPR swover .

CSCsg08304

Unknown

JQL: UDLD failure detected on neighbor switch after RPR switchover .

CSCsg16425

Unknown

show ip slb reals command displays huge connections value

CSCsg24609

Unknown

Whitney: snmp CISCO-L2-CONTROL-MIB getmany errors .

CSCsg34141

Unknown

Secure mac learnt on non secure port creates a static entry

CSCsg35506

Unknown

JQL: port-channel member in suspend due to flowcontrol mismatch .

CSCsg37435

Unknown

ifIndex missing for 802.1Q vLAN subif after GigEth card OIR .

CSCsg40391

Unknown

Dot1x: Port config on authenticated port changed after linecard reset

CSCsg51230

Unknown

VS2: MLS multicast operating state is IDLE, after SSO switch over

CSCsg51724

Unknown

cbQosCMDropPkt stays at 0 while CLI counters shows positive values

CSCsg61773

Unknown

MMLS: Egress mode, OIF inconsistent between SP/RP, traffic blackholed

CSCsg62119

Unknown

Cat6K Spurious Memory access

CSCsg64170

Unknown

SSO switchover causes service module to appear down for 10-30 secs .

CSCsg64306

Unknown

%MCAST-SP-6-L2_HASH_BUCKET_COLLISION

CSCsg69489

Unknown

Reroute of LSP between two link with label constitutes to traffic loss .

CSCsg72398

Unknown

SLB:Packets getting process switched w/ multiple UDP Vservers

CSCsg73179

Unknown

bi-dir mls rp doesnt get updated after a change in topology .

CSCsg76239

Unknown

Fast Path mcast pkts hit RP cpu if ACL configured on OIF .

CSCsg77142

Unknown

Memory leak in Cat6k SNMP Trap process

CSCsg80948

Unknown

Uneven load-sharing for 4-path ECMP case

CSCsg90190

Unknown

Software does not limit 96 Ports LC inline Power based on HW Limitation

CSCsg97079

Unknown

18SXF7 ION image should also bundle FlexWan1

CSCsh01749

Unknown

mls qos marking ignore port-trust has no effect with EoMPLS configurat .

CSCsh05800

Unknown

Mcast egress replication - VDB is not updated on L3 PO subinterfaces

CSCsh07037

Unknown

OSM may crash with CHUNKBADMAGIC error, when WRED threshold is conf > 2k

CSCsh17979

Unknown

Ports PWR_DENY not enough system PWR/chassis BackPlane PWR (Not Real)

CSCsh20950

Unknown

18SXF8: PRBS support needs to be disabled on the Malabar8 module

CSCsh22835

Unknown

Major Error is seen with module 6 after swithover in rpr mode. .

CSCsh25976

Unknown

C2W1: SSO sync issue with PSFANINCOMPAT & PSFANFAIL sensor .

CSCsh29863

Unknown

New active crashes after switchover in rpr mode .

CSCsh31306

Unknown

T1 serial o/p drops / no QOS drops - flexwan - T1 multichannel PA.

CSCsh32199

Unknown

Input queue drop counter incrementing even when interface disconnected

CSCsh37008

Unknown

Need to enable Malabar8 in WS-C6509-NEB-A chassis with one fan .

CSCsh41192

Unknown

Memory leak in IPSEC key engine process .

CSCsh42914

Unknown

Cat6500 Netflow does not export all flows with sampled netflow

CSCsh44288

Unknown

Hybrid: Remove uRPF check w/ACL knob from hybrid IOS images

CSCsh48947

Unknown

PWR_DENY Port 47/48 on each LC max PWR support Backplane per LC or VDB

CSCsh54325

Unknown

SIP600/ES20 PXF punt path broken when sup slot is 1 or 2

CSCsh61396

Unknown

R3.8: Hydra module resets during to excessive LCP_FW_ERR Qchip msgs

CSCsh66367

Unknown

Wrong Ubin Images committed to v122_18_sxf_throttle on CSCsh61396

CSCsh85155

Unknown

mls adjacency has extra punt entry after FRR cutover .

CSCsb46223

Voice

Bus error crash at Tcl_DStringAppend


Resolved Caveats in Release 12.2(18)SXF7

Resolved LegacyProtocols Caveats

CSCsf28840—Resolved in 12.2(18)SXF7

A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.

There are workarounds available for this vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070110-dlsw.html

Resolved Management Caveats

CSCsf07847—Resolved in 12.2(18)SXF7

Symptoms: Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behaviour by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router.

Conditions: This issue occurs in IOS images that has the fix for CSCse85200.

Workaround: Disable CDP on interfaces where CDP is not required.

Further Problem Description: Because CDP is a Layer-2 protocol, the symptom can only be triggered by routers that reside on the same network segment.

Other Caveats Resolved in 12.2(18)SXF7

Identifier
Technology
Description

CSCsa93523

Access

7200 PA-E3 incrementing carrier transitions and packet drops

CSCea26450

ATM

PVC may stay down when interface cable is pulled out/put back rapidly

CSCsd20327

Content

WCCP going up/down

CSCeh85133

Infrastructure

Memory leak in Syslog Traps process

CSCsd29469

Infrastructure

Cat6000 SNMP stops responding while polling from ciscoEnhancedMemPoolMIB

CSCsd49133

Infrastructure

Alarms are not pouplated in ceAlarmTable - ceAlarmList is empty.

CSCsg32222

Infrastructure

Need the support for 64 bit bit/second OID on Cat6k/7600

CSCsg70355

Infrastructure

adopt new default summer-time rules from Energy Policy Act of 2005.

CSCei93982

IPServices

Modified ALG classification base on src & dst port

CSCsc78813

IPServices

DNS reply payload does not get translated in the NAT router.

CSCsd51530

IPServices

autocommand-options nohangup is removed on line vty 0-4

CSCse04560

IPServices

tftp-server allows for information disclosure .

CSCdz80245

LAN

SNMP: Need ifDescr output without description

CSCsg01823

LegacyProtocols

DECnet mac-address (aa00.0400.###) missing from interface after reload

CSCsb52900

MPLS

mpls forwarding table label inconsistency after switchover

CSCse92050

Multicast

With mis-configuration, router may reload at twheel_running

CSCse11678

PPP

SIP: Ping fails after removal of primary link from multilink bundle.

CSCsg02881

PPP

MLP: Bandwidth of down MLP group should be sum of member bandwidths

CSCsd37025

QoS

CPUHOG and crash when removing nbar policy-map

CSCse25833

QoS

%SYS-2-CHUNKBADMAGIC every 10 sec with 12.2(18)SXF4

CSCsf11353

QoS

Autobahn:FW2 kept crash at hqf_dp_set_blt_quantum and dlfi_inform_config

CSCei29944

Routing

RP crashes at bgp_get_msg_count while sho ip bgp summ

CSCei32930

Routing

EBGP+label : soft-reconfig inbound broken

CSCsb50606

Routing

Leak in dead process due to TCBs from BGP active connections

CSCsc43989

Routing

CEF adjacency inconsistent with NHRP cache entry

CSCsd03383

Routing

OSPF:TE Tunnel route not installed if parallel path eq max-path

CSCsd53402

Routing

ABR delets OSPF summary route for 5sec after DR is changed

CSCsd74396

Routing

eigrp authenticaion fails with md5 enabled

CSCsd81600

Routing

OSPF Stub-links should advertise LSInfinity when max-metric configured

CSCse41484

Routing

DMVPN / VPN-SPA / few GRE packets not encrypted when negotiating the SAs

CSCse51804

Routing

DMVPN tunnels not stable; keeps flapping

CSCse89119

Routing

OSPF discard route (Null0) is disappeared from RIB when AD is changed

CSCsf99057

Routing

JQL: OSPF Stub-router should work with SSO/RPR-Plus if NSF is disabled

CSCsg16748

Routing

ABR deletes OSPF type 3 LSA after it received max-aged type 2 LSA

CSCsb47257

Security

bus error crash @ pki_add_to_obj_list

CSCsf05479

Security

Address error at gre_ipip_fastsend

CSCsg10671

Security

No message when CA re-enrollment fails

CSCdy47789

Unknown

Non-directed LDP neighbors showing up under targetted discovery list

CSCeg41330

Unknown

crypto isakmp client config max-logins is case sensitive

CSCeh95801

Unknown

IPSec Accounting: DN not sent in group-id with EzVPN + CERT

CSCei58681

Unknown

port channel does not form after minlinks added and removed

CSCej78221

Unknown

CSG Refund policy with more than 10 entries causes cat6K to crash

CSCej83614

Unknown

Multicast packets punted with deny acl on outgoing interface

CSCej86174

Unknown

Need a command to disable EOBC JAM recovery

CSCek54981

Unknown

Incorrect ICMP MTU proposal for outgoing ESP packets

CSCsc55951

Unknown

SPA-4XOC3-ATM has compatibility issue with 3rd vendor device

CSCsc64718

Unknown

persistent-store command not available on SUP32 Images

CSCsc69851

Unknown

Port Security does not show offending MAC address in syslog

CSCsd69480

Unknown

%HYPERION-4-HYP_RESET on flexwan2 chSTM1 card

CSCse00115

Unknown

mcast egress replication -- Wrong output interface index for msc

CSCse37587

Unknown

DHCP snooping in conjunction with VRF breaks DHCP

CSCse43709

Unknown

supw nmi support

CSCse63054

Unknown

Remove VLAN IDB from VRF if_list when releasing a rserved VLAN

CSCse75904

Unknown

VPNSM: periodic accounting is still sent for disconnected vpn users

CSCse87210

Unknown

Enable service cards to operate in crossbar mode with Dist Etherchannels

CSCse87618

Unknown

cRTP and Interleave doesnt work together on Virtual-Template Interface.

CSCse98692

Unknown

12.2SX code not showing int trust state in sh mls qos cmd

CSCsf03986

Unknown

spurious at fm_wccp_format_adj_entry after upgrade

CSCsf07232

Unknown

tclsh stdio operations do not output to current terminal

CSCsf08368

Unknown

Prevent NBAR configuration on non-FlexWAN interfaces

CSCsf10116

Unknown

Reflexive ACL not getting Sw Installed.

CSCsf11639

Unknown

WS-X6148-FE-SFP interface counter increments even if the link is down

CSCsf14994

Unknown

SIP1-ChOC3:Some of the MLP links wont ping, if deleted & configred again

CSCsf23326

Unknown

IOS SLB does not on 7600 with SXF4 if Client is behind MPLS cloud

CSCsg00845

Unknown

'no logging event link-status' is lost after reload

CSCsg02605

Unknown

Rapid reboot does not work

CSCsg03503

Unknown

NAt Netflow entries need to be purged on routing change

CSCsg07765

Unknown

Sierra: scp_fpoe_req: memory allocation error, subopcode=10, count=9

CSCsg17923

Unknown

IKE Notifiies (DPD, Deletes,...) not processed -- dropped

CSCsg23979

Unknown

Crashes in iprouting.iosproc produce no tracebacks

CSCsg25416

Unknown

flash information is missing from show hardware output in ION

CSCsg26450

Unknown

move enum value at the end of the list

CSCsg28959

Unknown

rwindex = 0xFFFF on the non PI causing all mcast traffic to be dropped

CSCsg36726

Unknown

Bonham parity errors may cause packet loss on a 7600-SIP-400 module.

CSCsg38092

Unknown

Pre-Pilot:EEPROM (feature_bits) needs to upate to no floating capable

CSCsg38930

Unknown

7600 SPA-IPSEC-2G - Multicast data is not forwarded through GRE Tunnel

CSCsg40401

Unknown

SUP32 unstable to communicate with all neighbors after reload.

CSCsg41552

Unknown

Module fails to come online first time after reset

CSCsg58917

Unknown

mls ip cef load-sharing and mls ip cef rate-limit missing in Sup22

CSCsg62154

Unknown

18SXF7: ltl_alloc_index_at: T/Bs are seen after multiple switchover

CSCuk57037

Unknown

IGMP: crash at at ../ipmulticast/igmp.c:3162

CSCsc50986

WAN

NTP unsynchronizes when packets out of order at STEP

CSCsd19880

WAN

ATM pvc does not come up with new style legacy command

CSCse55004

WAN

NTP clients wont associate


Resolved Caveats in Release 12.2(18)SXF6

Resolved Caveats for Product `all' and Component `cat6000-mpls'

CSCsf12082—Resolved in Release 12.2(18)SXF6

Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable.

OSPF and MPLS VPNs are not enabled by default.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080326-queue

Resolved Caveats for Product `all' and Component `snmp'

CSCsf04754—Resolved in Release 12.2(18)SXF6

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.

This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080610-snmpv3.html

Other Resolved Caveats in Release 12.2(18)SXF6

Identifier
Technology
Description

CSCsd71301

AAA

Depending on Attriubut order send from aaa server priv level assigned.

CSCsd95752

AAA

6500 TACACS message sent to wrong server .

CSCse45735

AAA

%AAAA-3-NOREG: authentication method 5 has no registry! T/B

CSCdw26914

ATM

show atm vc truncating outputs

CSCei39688

ATM

ATM subinterface fails to pass traffic due to CEF initialization failure

CSCse64269

ATM

show ip int br shows member link state down for PA-A3-8T1/8E1IMA

CSCse29465

Content

CASA traceback routing agent in process causing CPUHOG

CSCse45427

Content

debug ip casa packet displays incorrect values

CSCse76405

Content

CASA wildcard updates dropped

CSCdy11174

Infrastructure

ciscoFlashCopyTable/ciscoFlashMiscOpTable obj unreadable @ creation

CSCeb56615

Infrastructure

ATA_Status time out waiting for 1

CSCee23195

Infrastructure

Spurious memory access in show ipc queue .

CSCef49904

Infrastructure

No option in snmp to source the interface for Informs

CSCek51851

Infrastructure

Standby does not come up during switchover with slavenvram in access

CSCin97208

Infrastructure

Standby does not come up during switchover with slavenvram in access

CSCsc14034

Infrastructure

Master RSP crashes on bootup w/ snmp mib notification-log default

CSCee32814

IPServices

Source port selection is predictable, should be harder to guess

CSCeg51303

IPServices

VRRP responds with int MAC instead of VMAC afetr shut/no shut

CSCsd23056

IPServices

reverse telnet (tty daemon) broken by TCL feature

CSCsd33013

IPServices

FHRPs fail to clear ARP entry after Duplicate IP event

CSCsd69052

IPServices

Netbios/NAT optimization

CSCse23548

IPServices

modular ios (ION) : logging source-interface command ignored

CSCsf16715

IPServices

TCP will leak TCBs if app closes in notification callback context

CSCsf33034

IPServices

T/B tcb_isvalid+7C during bootup and when EOMPLS vc is configured.

CSCek46996

LAN

Cwan FA-PA port need to be in promiscous mode if IP address not conf

CSCsc95736

Management

cns config partial command causes cpu up 25%

CSCef32748

MPLS

tfib_ipfib_post_table_change needs to check for recursive routes

CSCek31478

Multicast

ip multicast boundry cmd does not take effect after modify ACL

CSCek42421

Multicast

One prune not processed on receiving batched join/prune message

CSCsd49955

Multicast

RPF info created by (S,G) RPT-bit prune does not change by (S,G) join

CSCse09435

Multicast

PGM router assist on GRE causes small pool buffer leak

CSCse20714

Multicast

MSDP doesnt send triggered SA for non-directly connected PIM-DM source

CSCee93983

platform-76xx

osm : egress CE router is missing in traceroute in MPLS/VPN

CSCeh32595

platform-76xx

Ping fails across atm interface after configuring routing protocols

CSCsd25766

platform-76xx

OSM-1OC48-POS: APS Protect-Inactive port is receiving and fwding packets

CSCsd80632

platform-76xx

12.2(18)SXE2 ifHCInOctetssub interface traffic is not close to the main

CSCsd88401

platform-76xx

input packet drop w/ gt48520 mac_rx_error at port2 on OSM-2+4GE-WAN+

CSCse26606

platform-76xx

packet drop occur when issuing shut/no shut on other sub-if /w OSPF

CSCeg26728

QoS

BGP fails to establish a peer with policy bw 199K

CSCek44025

QoS

Hierarchy is not collapsed when FRF.12 is configured

CSCsc00993

QoS

Lower tx-ring-limit for ATM VCs with higher SCR when QoS is enabled

CSCse02510

QoS

Crash with ALIGN-1-FATAL at hqf_process_wfq_command

CSCse54611

QoS

WS-X6582-2PA bus error crash on hqf_cwpa_pak_enqueue_local

CSCee71850

Routing

Router crashes while unconfiguring IPX GRE

CSCee77180

Routing

Static routes with space in name not recognized after reload

CSCei26931

Routing

fragment option is not in access-list command

CSCej42121

Routing

clear adj hangs router

CSCin85894

Routing

Reflexive acl when used as ext. acl gives T/bks & crashes with std.

CSCsc37212

Routing

ISIS: Redistributed routes might not be advertised if interface flaps

CSCse52184

Routing

unrelated MPLS TE tunnel flapping cause unnecessary fib/lfib updates

CSCse61025

Routing

ip http auth aaa is not needed for Authproxy to work

CSCsb62045

Security

scp connection fails with error: unexpected filename:

CSCse29545

Security

Crypto pki trustpoint loses ip-address command upon reload

CSCec42435

Unknown

crypto map local-addr command may disappear on E1and T1 interfaces

CSCeh52424

Unknown

OC3 ATM/SPA: Input CRC errors caused SIP200_SPIRX-3-SPI4_LINKERROR

CSCej08637

Unknown

Inline power sensors needed on standby to support entity mib SSO.

CSCek22782

Unknown

CSM: Configuration sync check does not work in all cases

CSCek28561

Unknown

SIP1/ChOC3: T1/E1 BERT unusable after first run

CSCek36288

Unknown

EoMPLS VC down with SIP1 as core facing interface

CSCek50720

Unknown

Improve error handling for DLL centering algorithm

CSCsa77785

Unknown

Router crashes when L2 redirection is configured with HTTP traffic

CSCsa95306

Unknown

SNMPWALK does not get all CSG user group information

CSCsa96972

Unknown

Dbus header err int be triggered when recovery procedure on DFC3

CSCsb41923

Unknown

isakmp key ending in backslash will be lost after device reboot

CSCsb80468

Unknown

Hvpls: MAC Addresses May Not Be Flushed When VC Goes Down

CSCsb82048

Unknown

%ALIGN-3-CORRECT: Alignment correction made at 0x402B4BA4

CSCsc20064

Unknown

Ping fails on changing removing and reconfiguring controller for ChSTM1.

CSCsc25952

Unknown

Need to print out error message for unsupported marking on OSM

CSCsc56766

Unknown

Slow convergence of DEC for mac-address moving from one FE to another FE

CSCsc59025

Unknown

UDLD config on 2nd uplinki of act/sby sup change after switchover

CSCsc75397

Unknown

sup32 enables fix for CSCeb49514 with cross-module etherchannel

CSCsc81300

Unknown

uRPF check ACL programming spikes RP CPU

CSCsd46882

Unknown

OSM-CT3 Port in Unchannelized mode stays UP/UP when looped towards line

CSCsd47475

Unknown

cat6k unable to resolve arp request when using flexwan, pa-fe-tx and vpn

CSCsd53513

Unknown

%ALIGN-3-SPURIOUS_SO: Spurious memory access seen with tracebacks

CSCsd64103

Unknown

'mls qos trust dscp' not working for traffic coming from FWSM

CSCsd80745

Unknown

bus error or alignment err at crypto_isakmp_profile_contain_xauth_info.

CSCsd94439

Unknown

I/O mem corruption on SP with mld snooping report-suppression enabled

CSCsd95575

Unknown

RP-Crash @ draco2_pa_eobc_intr

CSCsd96121

Unknown

Mac's don't get purged when the port is blocking during topology change

CSCse09460

Unknown

Agg ram is not programmed properly after switch over

CSCse15906

Unknown

CAT6500/7600 Sup2 show int counters output drops double the qos drops

CSCse16512

Unknown

Egress Queuing on WS-6148-21AF broken

CSCse19732

Unknown

Not able to apply policy on a port -which is earlier part of l3 port-cha

CSCse29001

Unknown

ISIS did not update when encap frame-relay on POS SPA of SIP-400

CSCse29419

Unknown

Need SNMP support for traffic counters given by 'show vlan counters'

CSCse33257

Unknown

Intf Flap causes memory Hog in mls-msc on DFC installed Sup720 system

CSCse33395

Unknown

HSRP track interface in down state in ITASCA though active on SUP

CSCse33488

Unknown

DS1: Back to back connectivity not successful between T1/E1 SPA-PA

CSCse35278

Unknown

VPNSM drops transit NAT-T packets

CSCse47430

Unknown

Need boundry check in heartbeat_create_recv_info

CSCse47811

Unknown

Guard output does not reach GRE tunnels on SUP-720

CSCse50503

Unknown

Hybrid fix for CSCed74512

CSCse50607

Unknown

SPA-8XCHT1E1 IPC failure causes latency and MLPPP lockups

CSCse51577

Unknown

Sup2/MSFC2: Memory leak at Dead/FM VMR chunk when pasting in NAT config

CSCse54768

Unknown

CASA traffic not CEF switched

CSCse59777

Unknown

WLSM: CPUHOG on L3mm process

CSCse61121

Unknown

Memory leak in FIB Control Task

CSCse61252

Unknown

ION : reset reason displayed incorrectly in show version

CSCse62117

Unknown

cbQosCMDropByte reset after clear counters

CSCse63856

Unknown

Sup720 Doesn't Terminate GRE Properly - Packet Recieved on Wrong Int.

CSCse67650

Unknown

SIP600 WRED fails to forward ARP packets

CSCse69713

Unknown

Redirect traffic punted to software when all CEs in the group are lost

CSCse69748

Unknown

CLI for IMAP retcode in CSG refunding is broken

CSCse73539

Unknown

c7600 - crash of active sup720 after inserting a second one

CSCse85399

Unknown

traffic does not go over crypto tunnel after a no shut.

CSCse86602

Unknown

Cat6500 IOS does not set correct portAdminSpeed

CSCse87417

Unknown

FlexLink : ARP frames w/ known opcodes cause interop issues.

CSCse88171

Unknown

PA-MC-8TE1+: cRTP compression failure

CSCse98354

Unknown

SIP-200: SYNC FAILED not initialized. Interfaces up/down.

CSCsf00089

Unknown

Packets not HW switched after test crash invoked

CSCsf03566

Unknown

Memory corruption crash trying to free unassigned block

CSCsf04301

Unknown

Multicast on ATM SPA with P2MP sub-interfaces does not work

CSCsf13325

Unknown

Commit of CSCse95804 broke v122_18_sxf_throttle s3223-adventerprisek9_wa

CSCsf15527

Unknown

ION: Reset Reason Does Not Change on Normal Reload

CSCsf31504

Unknown

TestFabricFlowControlStatus: Monitor interval is to be reduced to 100ms

CSCef01547

WAN

7200 tx-ring resets to default after OIR

CSCek27504

WAN

NTP crash during show runn after deletion of NTP ref-peer

CSCse95146

WAN

Sup720 with cross module etherchannel duplicates all packets


Resolved Caveats in Release 12.2(18)SXF5

Resolved Infrastructure Caveats

CSCsc64976—Resolved in 12.2(18)SXF5

A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.

Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20051201-http.html

Resolved LAN Caveats

CSCsd34759—Resolved in 12.2(18)SXF5

Symptom: The VTP feature in certain versions of Cisco IOS software may be vulnerable to a crafted packet sent from the local network segment which may lead to denial of service condition.

Conditions: The packets must be received on a trunk enabled port.

Further Information

On the 13th September 2006, Phenoelit Group posted an advisory containing three vulnerabilities:

VTP Version field DoS

Integer Wrap in VTP revision

Buffer Overflow in VTP VLAN name

These vulnerabilities are addressed by Cisco IDs:

CSCsd52629/CSCsd34759 -- VTP version field DoS

CSCse40078/CSCse47765 -- Integer Wrap in VTP revision

CSCsd34855/CSCei54611 -- Buffer Overflow in VTP VLAN name

Cisco's statement and further information are available on the Cisco  public website at

http://www.cisco.com/en/US/products/csr/cisco-sr-20060913-vtp.html

Resolved Routing Caveats

CSCsd40334—Resolved in 12.2(18)SXF5

Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.

Cisco has made free software available to address this vulnerability for affected customers.

There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.

This advisory is posted at

http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-IOS-IPv6.html

Resolved Unknown Caveats

CSCsd68605—Resolved in 12.2(18)SXF5

Symptoms: If a spoke cannot complete IKE phase I because of a bad certificate, the failed IKE sessions may not be deleted on an IPSec/IKE responder. Such failed sessions may accumulate, eventually causing router instability. These failed sessions can be seen in the output of the show crypto isakmp sa | i MM command:

172.18.95.21    10.253.34.80   MM_KEY_EXCH        898    0 ACTIVE 
172.18.95.21    10.253.34.80   MM_KEY_EXCH        896    0 ACTIVE 
172.18.95.21    10.253.34.80   MM_KEY_EXCH        895    0 ACTIVE 
172.18.95.21    10.253.34.80   MM_KEY_EXCH        894    0 ACTIVE 
172.18.95.21    10.253.34.80   MM_KEY_EXCH        893    0 ACTIVE 
... 
 

Conditions: These symptoms are observed when RSA signatures are used as the authentication method.

CSCsd75273—Resolved in 12.2(18)SXF5

Cisco Catalyst 6500, 6500 series and Cisco 7600 series that have a Network Analysis Module installed are vulnerable to an attack, which could allow an attacker to gain complete control of the system. Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Internetwork Operating System (IOS) or Catalyst Operating System (CatOS).

Cisco has made free software available to address this vulnerability for affected customers.

A Cisco Security Advisory for this vulnerability is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070228-nam.html

CSCsd37415—Resolved in 12.2(18)SXF5

Cisco Catalyst 6500 series systems that are running certain versions of Cisco Internetwork Operating System (IOS) are vulnerable to an attack from a Multi Protocol Label Switching (MPLS) packet. Only the systems that are running in Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the Multilayer Switch Feature Card (MSFC)) or running with Cisco IOS Software Modularity are affected.

MPLS packets can only be sent from the local network segment.

A Cisco Security Advisory for this vulnerability is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070228-mpls.html

CSCse52951—Resolved in 12.2(18)SXF5

Cisco Catalyst 6500, 6500 series and Cisco 7600 series that have a Network Analysis Module installed are vulnerable to an attack, which could allow an attacker to gain complete control of the system. Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Internetwork Operating System (IOS) or Catalyst Operating System (CatOS).

Cisco has made free software available to address this vulnerability for affected customers.

A Cisco Security Advisory for this vulnerability is posted at

http://www.cisco.com/en/US/products/csa/cisco-sa-20070228-nam.html

Resolved Voice Caveats

CSCsc60249—Resolved in 12.2(18)SXF5

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at

http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html.

Other Resolved Caveats in Release 12.2(18)SXF5

Identifier
Technology
Description

CSCsb11698

AAA

Input Queue Wedge with TACACs

CSCei71142

ATM

autovc handling stopped

CSCse35684

ATM

OSPF adjacency does not recover from OIR active supervisor

CSCsc94191

Content

WCCP does not GRE Redirect TCP FIN packet that would fragment

CSCed21186

Infrastructure

Incorrect GE output IFMIB counters when CAR is configured

CSCee24395

Infrastructure

SYS-3-BADMAGIC after GetNextObjectInstance clogHistoryEntry_get

CSCei85359

Infrastructure

%SCHED-3-SEMLOCKED: IP RTR Probe MaxName attempted to lock a semapho

CSCek24385

Infrastructure

ION config checkpoint for process restart must handle SNMP, HTTP

CSCin62031

Infrastructure

Crash when SNMPset rttMonCtrlAdminStatus to 1 (IP SLA Probe activation)

CSCsa61284

Infrastructure

snmpset rttMonCtrlOperState to 7 (restart) cause rttMonCtrlAdminStatus 2

CSCsb08386

Infrastructure

PRP crash by show ip bgp regexp

CSCsb16702

Infrastructure

Configuring using http forced sw-crash on standby supervisor

CSCsb34180

Infrastructure

Rockies 3 SNMP: PS in entPhysicalChildIndex not in incremental order

CSCsc06891

Infrastructure

no traps are sent when CF is inserted or removed.

CSCsc85922

Infrastructure

IOS changes its implementation of what is an unknown community tring

CSCsc97279

Infrastructure

Takes long time (more than 2 minutes) on wr mem

CSCsd32923

Infrastructure

Bus Error in Exec attempting command completion in a full command buffer

CSCsd77751

Infrastructure

IOS - SUP720 - sends empty/blank syslog messages

CSCec10091

IPServices

DHCP relay agent forwards requests with src. 0.0.0.0

CSCed93425

IPServices

DHCP Database fails to write to local flash.

CSCeh35083

IPServices

NAT-PPTP change Call ID wrongly

CSCsd80754

IPServices

HSRP Active-Router not respond to ARP request about VIP

CSCec87736

LAN

SNMP counters on FE subif not updated for dcef

CSCsc69537

LAN

GigE sub-interfaces not registered with SNMP after LC reload

CSCsd34855

LAN

VTP update with a VLAN name >100 characters causes buffer overflow .

CSCsd94687

LAN

sh vlans counters and SNMP counters are incosistent for subif

CSCsd55300

LegacyProtocols

DLSw ER LLC session fails to connect with SUP720 or SUP32

CSCse17611

LegacyProtocols

DLSw Circuits Connect outside of DLSW ER to switch with passive mapping

CSCef78565

Management

cdp not advertising ifName

CSCek35484

MPLS

FRR: MP tears down protected lsp if local protection des flag rese

CSCsc94359

MPLS

BGP table and CEF forwarding table have mismatched labels

CSCsd41981

MPLS

TFIB on SUP720 PFC is broken when an OSM (GE-WAN) card was disabled

CSCsd57678

MPLS

Label inconsistency between BGP and forwarding tables for remote routes

CSCei77227

Multicast

PE router crashes @ igmp_delete_group while unconfiguring vrf

CSCej20707

Multicast

igp and pim neighbor goes down during mcast stress testing

CSCej78303

Multicast

RP crash @ pim_tt_grange_first after CMD: no ipv6 unicast-routing

CSCsb76434

Multicast

PIM: auto-rp group stuck in registering when sparse-mode

CSCsb85290

Multicast

IPv6 BSR: BSM forwarding breaks with ipv6 vrf implementation

CSCsc69155

Multicast

ciscoIpMRouteIfInMcastOctets counts decrease

CSCsc96746

Multicast

PIM-sm chooses wrong RPF interface in equal cost multipath network

CSCsc98828

Multicast

PIMV6: SR flag set on RP acting as first hop

CSCsd64138

Multicast

ip multicast rpf not configurable in 12.2(18)SXF3

CSCsd68993

Multicast

Fluctuation in IPv6 mcast trffic fwdng happns with large numbr of strms

CSCse05960

Multicast

PIM leaking memory used for xdr messages

CSCse64256

Multicast

FHR crashes on starting Embedded RP stream

CSCsb64975

platform-76xx

Rate counters are erratic for a bi-dir traffic more than 2 Gig

CSCse05336

platform-76xx

Packet drop on OSM-2+4GE-WAN+ if sub-if is created or deleted

CSCsc33562

PPP

SNMP ifInOctets shows negative value for MLP interface