The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
•Open Caveats in Release 12.2(17d)SXB11a
•Resolved Caveats in Release 12.2(17d)SXB11a
•Resolved Caveats in Release 12.2(17d)SXB11
•Resolved Caveats in Release 12.2(17d)SXB10
•Resolved Caveats in Release 12.2(17d)SXB9
•Resolved Caveats in Release 12.2(17d)SXB8
•Resolved Caveats in Release 12.2(17d)SXB7
•Resolved Caveats in Release 12.2(17d)SXB6
•Resolved Caveats in Release 12.2(17d)SXB5
•Resolved Caveats in Release 12.2(17d)SXB4
•Resolved Caveats in Release 12.2(17d)SXB3
•Resolved Caveats in Release 12.2(17d)SXB2
•Resolved Caveats in Release 12.2(17d)SXB1
•Resolved Caveats in Release 12.2(17d)SXB
Note Release 12.2(17d)SXB1 and later releases do not support XENPAK-10GB-ER units with Part No. 800-24557-01, as described in this external field notice (CSCee47030):
http://www.cisco.com/en/US/ts/fn/200/fn29736.html
|
|
|
---|---|---|
Routing |
FIB-3-FIBDISABLE Fatal error, no window message, LC to RP IPC non-op |
Resolved Routing Caveats
•CSCec71950—Resolved in 12.2(17d)SXB11a
Cisco routers and switches running Cisco IOS or Cisco IOS XR software may be vulnerable to a remotely exploitable crafted IP option Denial of Service (DoS) attack. Exploitation of the vulnerability may potentially allow for arbitrary code execution. The vulnerability may be exploited after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet's IP header. No other IP protocols are affected by this issue.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability.
This vulnerability was discovered during internal testing.
This advisory is available at:
http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html
Other Resolved Caveats in Release 12.2(17d)SXB11a
Resolved AAA Caveats
•CSCed09685—Resolved in 12.2(17d)SXB11
Symptoms: When command accounting is enabled, Cisco IOS routers will send the full text of each command to the ACS server. Though this information is sent to the server encrypted, the server will decrypt the packet and log these commands to the logfile in plain text. Thus sensitive information like passwords will be visible in the server's log files.
Conditions: This problem happens only with command accounting enabled.
Workaround: Disable command accounting.
Other Resolved Caveats in Release 12.2(17d)SXB11
Resolved LAN Caveats
•CSCsa67294—Resolved in 12.2(17d)SXB8
Symptom: A Cisco Catalyst Switch may reload upon receipt of a malformed VTP packet.
Conditions: The malformed VTP packet must meet the following requirements:
–Must be received on a port configured for ISL or 802.1q trunking AND
–Must correctly match the VTP domain name
This does not affect switch ports configured for the voice vlan.
Affected platforms:
–Cisco 2900XL Series
–Cisco 2900XL LRE Series
–Cisco 2940 Series
–Cisco 2950 Series
–Cisco 2950-LRE Series
–Cisco 2955 Series
–Cisco 3500XL Series
–Cisco IGESM
No other Cisco devices are known to be vulnerable to this issue.
Workarounds: Customers may want to connect ports configured for trunking to known, trusted devices.
Other Resolved Caveats in Release 12.2(17d)SXB8
Resolved Routing Caveats
•CSCef68324—Resolved in 12.2(17d)SXB7
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at:
http://www.cisco.com/en/US/products/csa/cisco-sa-20050729-ipv6.html
•CSCef61610—Resolved in 12.2(17d)SXB7
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Dont' Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
•CSCef60659—Resolved in 12.2(17d)SXB7
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Dont' Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.
•CSCef67682—Resolved in 12.2(17d)SXB7
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognises as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-IOS-IPv6.html contain fixes for this issue.
Resolved Unknown Caveats
•CSCef44225—Resolved in 12.2(17d)SXB7
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Dont' Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
Other Resolved Caveats in Release 12.2(17d)SXB7
Resolved Routing Caveats
•CSCee67450—Resolved in 12.2(17d)SXB5
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command bgp log-neighbor-changes configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
Cisco has made free software available to address this problem.
This issue is tracked by CERT/CC VU#689326.
This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050126-bgp.html
Resolved Unknown Caveats
•CSCef90002—Resolved in 12.2(17d)SXB5
Cisco Catalyst 6500 series systems that are running certain versions of Cisco Internetwork Operating System (IOS) are vulnerable to an attack from a Multi Protocol Label Switching (MPLS) packet. Only the systems that are running in Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the Multilayer Switch Feature Card (MSFC)) or running with Cisco IOS Software Modularity are affected.
MPLS packets can only be sent from the local network segment.
A Cisco Security Advisory for this vulnerability is posted at
http://www.cisco.com/en/US/products/csa/cisco-sa-20070228-mpls.html
•CSCin82407—Resolved in 12.2(17d)SXB5
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-xauth.html
Other Resolved Caveats in Release 12.2(17d)SXB5
Resolved IPServices Caveats
•CSCed78149—Resolved in 12.2(17d)SXB4
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Dont' Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
Other Resolved Caveats in Release 12.2(17d)SXB4
Resolved Routing Caveats
•CSCed40933—Resolved in 12.2(17d)SXB1
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory which is posted at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050126-ipv6.
Resolved Security Caveats
•CSCed65285—Resolved in 12.2(17d)SXB1
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on IOS devices, may contain two vulnerabilities that can potentially cause IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-ssh.html
•CSCed93836—Resolved in 12.2(17d)SXB1
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html.
Other Resolved Caveats in Release 12.2(17d)SXB1
Resolved IPServices Caveats
•CSCed27956—Resolved in 12.2(17d)SXB
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html. ION is also impacted.
•CSCed38527—Resolved in 12.2(17d)SXB
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html
Resolved MPLS Caveats
•CSCeb56909—Resolved in 12.2(17d)SXB
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050126-les.html
Resolved Unknown Caveats
•CSCed30113—Resolved in 12.2(17d)SXB
A malformed Internet Key Exchange (IKE) packet may cause the Cisco Catalyst 6500 Series Switch or the Cisco 7600 Series Internet Router to crash and reload.
This vulnerability is documented as Cisco bug ID CSCed30113. There are workarounds available to mitigate the effects of this vulnerability. Cisco is providing fixed software at no charge.
This advisory will be posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040408-vpnsm
Other Resolved Caveats in Release 12.2(17d)SXB
•Open Caveats in Release 12.2(17b)SXA and Rebuilds
•Resolved Caveats in Release 12.2(17b)SXA2
•Resolved Caveats in Release 12.2(17b)SXA
Resolved Security Caveats
•CSCed93836—Resolved in 12.2(17b)SXA2
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html.
Other Resolved Caveats in Release 12.2(17b)SXA2
|
|
|
---|---|---|
Security |
IOS fw allowing forged packets for a session initiated from inside |
|
Security |
Router crash due to corrupted data in list with IOS-firewall |
Resolved MPLS Caveats
•CSCeb16876—Resolved in 12.2(17b)SXA
Symptoms: A Cisco router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may subsequently reload unexpectedly.
Conditions: This symptom is observed when the router fragments a Multiprotocol Label Switching (MPLS) packet.
Workaround: There is no workaround.
Resolved Routing Caveats
•CSCeb88239—Resolved in 12.2(17b)SXA
Symptoms: A router that runs RIPng may crash after receiving a malformed RIPng packet, causing a Denial of Service (DoS) on the device.
Conditions: This symptom is observed when the ipv6 debug rip command is enabled on the router. Malformed packets can normally be sent locally. However, when the ipv6 debug rip command is enabled, the crash can also be triggered remotely. Note that RIP for IPv4 is not affected by this vulnerability.
Workaround: There is no workaround.
Resolved Security Caveats
•CSCec46274—Resolved in 12.2(17b)SXA
New vulnerabilities in the OpenSSL implementation for SSL have been announced.
An affected network device running an SSL server based on the OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack when presented with a malformed certificate by a client. The network device is vulnerable to this vulnerability even if it is configured to not authenticate certificates from the client. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory will be posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20030930-ssl.
Resolved Unknown Caveats
•CSCed30113—Resolved in 12.2(17b)SXA
A malformed Internet Key Exchange (IKE) packet may cause the Cisco Catalyst 6500 Series Switch or the Cisco 7600 Series Internet Router to crash and reload.
This vulnerability is documented as Cisco bug ID CSCed30113. There are workarounds available to mitigate the effects of this vulnerability. Cisco is providing fixed software at no charge.
This advisory will be posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040408-vpnsm
Other Resolved Caveats in Release 12.2(17b)SXA
•Open Caveats in Release 12.2(17a)SX and Rebuilds
•Resolved Caveats in Release 12.2(17a)SX4
•Resolved Caveats in Release 12.2(17a)SX3
•Resolved Caveats in Release 12.2(17a)SX2
•Resolved Caveats in Release 12.2(17a)SX1
•Resolved Caveats in Release 12.2(17a)SX
|
|
|
---|---|---|
Unknown |
Ethertype config accepted but not applied on 6502-10GE cards |
|
Unknown |
Const2:Router crash when ipv6 ACL removed after remove isataptunnel |
Resolved Security Caveats
•CSCed93836—Resolved in 12.2(17a)SX4
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html.
Other Resolved Caveats in Release 12.2(17a)SX4
|
|
|
---|---|---|
Security |
IOS fw allowing forged packets for a session initiated from inside |
|
Security |
Router crash due to corrupted data in list with IOS-firewall |
|
|
|
---|---|---|
Unknown |
g1/1 of WS-X6748-GE-TX not link up after changing speed 10M or 100M |
|
Unknown |
Breakpoint exception due to RPC mismatch timeout |
Resolved IPServices Caveats
•CSCed27956—Resolved in 12.2(17a)SX2
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html. ION is also impacted.
•CSCed38527—Resolved in 12.2(17a)SX2
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html
Other Resolved Caveats in Release 12.2(17a)SX2
|
|
|
---|---|---|
Unknown |
System controller resets causes high cpu with 2 flow dest configured |
|
Unknown |
Breakpoint Exception after 6724-SFP module problems |
Resolved Infrastructure Caveats
•CSCdz29724—Resolved in 12.2(17a)SX
Symptoms: IOS Exec sessions return an error message of "login invalid"
Condition: If the username does not exist in the local username database when using local authentication.
Workaround: This bug fix will modify the behavior to wait for the password to be entered before returning the same error message as would be used if the password is incorrect.
Resolved IPServices Caveats
•CSCea34745—Resolved in 12.2(17a)SX
Symptom: A Cisco device running IOS and enabled for Hot Standby Router Protocol (HSRP) may reset with a SYS-2-WATCHDOG error from a specifically crafted malformed HSRP packet. The HSRP protocol is not enabled by default.
Conditions: The specifically crafted malformed HSRP packet would require local attachment to a segment that supports the HSRP group. This issue does not affect IOS releases 12.3 and later This issue affects in 12.2, 12.2T and 12.2S versions of IOS. This issue affects 12.1E releases prior to 12.1(23)E.
Workaround: There is no workaround.
Resolved Multicast Caveats
•CSCea58105—Resolved in 12.2(17a)SX
Symptoms: The interface of a Cisco router that functions as a Protocol Independent Multicast (PIM) Rendezvous Point may stop receiving traffic. The output of the show interfaces privileged EXEC command may show input queue drops.
Conditions: This symptom is observed after the interface has received PIM register packets with the Router Alert option.
Workaround: Reload the port adapter or line card with the affected interface.
Resolved PPP Caveats
•CSCdz22366—Resolved in 12.2(17a)SX
In a Virtual Private Dial-up Network (VPDN) environment, if the LAC is not configured for authentication and the user does not provide any authentication information, the authentication on the LNS may be bypassed. This problem will not occur if the LAC is configured properly to authenticate the users.
In the case of client initiated tunnels (http://www.cisco.com/warp/public/471/l2tp-win2k-cit.html), where there is no seperate LAC, all authentication may be bypassed.
Only the IOS devices that are acting as LNS are affected. The IOS devices that are not acting as LNS are not affected.
An attacker may exploit this vulnerability to gain unauthorized access to network resources if authentication is not configured on the LAC.
The workaround is to configure "lcp renegotiation always" command in virtual private dialup network (VPDN) group configuration mode.
Resolved Security Caveats
•CSCdy68457—Resolved in 12.2(17a)SX
Symptoms: Spurious memory accesses may occur on a Cisco router, and the router may reload.
Conditions: This symptom is observed on a Cisco router that is configured for authentication proxy.
Workaround: Disable the authentication proxy feature.
•CSCdz12098—Resolved in 12.2(17a)SX
Symptom: When auth-proxy is enabled in an environment where DOS attacks from CodeRed or Nimda are present, it may be possible to exhaust resources if more than 40 DOS machines are attacking the router where auth-proxy is enabled.
Conditions: See above
Workaround: Disable auth-proxy or monitor auth-proxy cache to see attacking machines and clear viruses off machines.
•CSCea93882—Resolved in 12.2(17a)SX
Symptoms: If Cisco Express Forwarding (CEF) is disabled, a router may reload with the following error message upon the receipt of a malformed generic routing encapsulation (GRE) packet:
%ALIGN-1-FATAL: Illegal access to a low address addr=0xA30, pc=0x40992D3C, ra=0x405E64B8, sp=0x43562838
Conditions: This symptom is observed on a Cisco router that has CEF disabled. The symptom even occurs without a tunnel configuration on the router.
Workaround: Enable CEF on the router by entering the ip cef global configuration command.
Resolved Voice Caveats
•CSCdz44138—Resolved in 12.2(17a)SX
Symptoms: After a Session Initiation Protocol (SIP) message is received, a memory leak may occur in the CCSIP_SPI_CONTROL process on a Cisco MC3810 and the following errors are reported:
–Method Not Allowed
–Invalid CallId -
–Internal Server Error
Conditions: This symptom is observed on a Cisco MC3810 that is running Cisco IOS Release 12.2(12).
Workaround: There is no workaround.
Other Resolved Caveats in Release 12.2(17a)SX
•Open Caveats in Release 12.2(14)SX and Rebuilds
•Resolved Caveats in Release 12.2(14)SX1
•Resolved Caveats in Release 12.2(14)SX
Resolved PPP Caveats
•CSCdz22366—Resolved in 12.2(14)SX
In a Virtual Private Dial-up Network (VPDN) environment, if the LAC is not configured for authentication and the user does not provide any authentication information, the authentication on the LNS may be bypassed. This problem will not occur if the LAC is configured properly to authenticate the users.
In the case of client initiated tunnels (http://www.cisco.com/en/US/tech/tk801/tk703/technologies_configuration_example09186a00800946f5.shtml), where there is no seperate LAC, all authentication may be bypassed.
Only the IOS devices that are acting as LNS are affected. The IOS devices that are not acting as LNS are not affected.
An attacker may exploit this vulnerability to gain unauthorized access to network resources if authentication is not configured on the LAC.
The workaround is to configure "lcp renegotiation always" command in virtual private dialup network (VPDN) group configuration mode.
Other Resolved Caveats in Release 12.2(14)SX