Cisco IOS Software Releases 12.4 Special and Early Deployments

Table Of Contents

Release Notes for Cisco 2800 Series Integrated Services Routers for Cisco IOS Release 12.4(4)XC

Contents

System Requirements

Memory Requirements

Hardware Supported

Determining the Software Version

Upgrading to a New Software Release

Feature Set Tables

New and Changed Information

Updated Naming Conventions

New Software Features in Release 12.4(4)XC4

Cisco Unified CME 4.0(4) Extension Assigner

New Software Features in Release 12.4(4)XC1

New Hardware Features in Release 12.4(4)XC

New Software Features in Release 12.4(4)XC

Call Detail Records (CDR) Feature Correlation ID for Supplementary Features

Cisco Unified Communications Manager Express 4.0

Cisco Unified Survivable Remote Site Telephony 4.0

Customizable PSTN Tones and H.323 Call-Disconnect Cause Codes

H.323 VoIP Call Preservation Enhancements for WAN Link Failures

Integrated Services

SCCP Analog (FXS) Ports

SCCP PLAR with DTMF Out Pulse Digits for FXS Analog Phones

Secure Communication Between IP-STE Endpoint and Lineside STE Endpoint

Secure Communication Between IP-STE Endpoint and Trunkside STE Endpoint

Video Support for SCCP-Based Endpoints

Limitations and Restrictions

Caveats

Resolved Caveats - Cisco IOS Release 12.4(4)XC7

Open Caveats - Cisco IOS Release 12.4(4)XC7

Resolved Caveats - Cisco IOS Release 12.4(4)XC6

Open Caveats - Cisco IOS Release 12.4(4)XC6

Resolved Caveats - Cisco IOS Release 12.4(4)XC5

Open Caveats - Cisco IOS Release 12.4(4)XC5

Resolved Caveats - Cisco IOS Release 12.4(4)XC4

Open Caveats - Cisco IOS Release 12.4(4)XC4

Open Caveats -Cisco IOS Release 12.4(4)XC4

Resolved Caveats - Cisco IOS Release 12.4(4)XC3

Open Caveats - Cisco IOS Release 12.4(4)XC3

Resolved Caveats - Cisco IOS Release 12.4(4)XC2

Open Caveats - Cisco IOS Release 12.4(4)XC2

Resolved Caveats - Cisco IOS Release 12.4(4)XC1

Open Caveats - Cisco IOS Release 12.4(4)XC1

Resolved Caveats - Release 12.4(4)XC

Open Caveats - Release 12.4(4)XC

Caveat Updates and Special Notices

Additional References

Release-Specific Documents

Platform-Specific Documents

Cisco IOS Software Documentation Set

Documentation Modules

Notices

Release Notes for Cisco 2800 Series Integrated Services Routers for Cisco IOS Release 12.4(4)XC

---

First Released: June 9, 2008

Last Revised: September 24, 2008

Cisco IOS Release 12.4(4)XC7

OL-9578-02 Seventh Release

These release notes describe new features and significant software components for the Cisco 2800 series routers that support the Cisco IOS Release 12.4(4)XC releases. These release notes are updated as needed to describe new memory requirements, new features, new hardware support, software platform deferrals, microcode or modem code changes, related document changes, and any other important changes. Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.4T  and About Cisco IOS Release Notes.

For a list of the software caveats that apply to the Release 12.4(4)XC releases, see the "Caveats" section. See also Caveats for Cisco IOS Release 12.4(20)T. The online caveats document is updated for every maintenance release.

Contents

•System Requirements

•New and Changed Information

•Limitations and Restrictions

•Caveats

•Additional References

•Notices

System Requirements

This section describes the system requirements for Release 12.4(4)XC and includes the following sections:

•Memory Requirements

•Hardware Supported

•Determining the Software Version

•Upgrading to a New Software Release

•Feature Set Tables

Memory Requirements

Table 1 describes the memory requirements for the Cisco IOS feature sets supported by Cisco IOS Release 12.4(4)XC on the Cisco 2800 series routers.

Table 1 Required Memory for the Cisco 2800 Series Routers with Cisco IOS Release 12.4(4)XC 

Platform	Image Name	Feature Set	Image	Flash Memory	DRAM
2811 2821 2851	Cisco 2800 ADVANCED ENTERPRISE SERVICES Cisco 2800 AISK9-AESK9 FEAT SET FACTORY UPG FOR BUNDLES Cisco 2800 ASK9-AESK9 FEAT SET FACTORY UPG FOR BUNDLES	ADVANCED ENTERPRISE SERVICES AISK9-AESK9 FEAT SET FACTORY UPG FOR BUNDLES ASK9-AESK9 FEAT SET FACTORY UPG FOR BUNDLES	c2800nm-adventerprisek9-mz	64	256
	Cisco 2800 INT VOICE/VIDEO, IPIPGW, TDMIP GW AES	INT VOICE/VIDEO, IPIPGW, TDMIP GW AES	c2800nm-adventerprisek9_ivs-mz	64	256
	Cisco 2800 ADVANCED ENTERPRISE SERVICES WITH SNA SWITCHING	ADVANCED ENTERPRISE SERVICES WITH SNA SWITCHING	c2800nm-adventerprisek9_sna-mz	64	256
	Cisco 2800 ADVANCED IP SERVICES Cisco 2800 SPSK9-AISK9 FEAT SET FACTORY UPG FOR BUNDLES Cisco 2800 ASK9-AISK9 FEAT SET FACTORY UPG FOR BUNDLES	ADVANCED IP SERVICES SPSK9-AISK9 FEAT SET FACTORY UPG FOR BUNDLES ASK9-AISK9 FEAT SET FACTORY UPG FOR BUNDLES	c2800nm-advipservicesk9-mz	64	256
	Cisco 2800 ADVANCED SECURITY	ADVANCED SECURITY	c2800nm-advsecurityk9-mz	64	256
	Cisco 2800 ENTERPRISE BASE W/O CRYPTO	ENTERPRISE BASE W/O CRYPTO	c2800nm-entbase-mz	64	256
	Cisco 2800 ENTERPRISE BASE	ENTERPRISE BASE	c2800nm-entbasek9-mz	64	256
	Cisco 2800 ENTERPRISE SERVICES W/O CRYPTO	ENTERPRISE SERVICES W/O CRYPTO	c2800nm-entservices-mz	64	256
	Cisco 2800 ENTERPRISE SERVICES Cisco 2800 SPSK9-ESK9 FEAT SET FACTORY UPG FOR BUNDLES	ENTERPRISE SERVICES SPSK9-ESK9 FEAT SET FACTORY UPG FOR BUNDLES	c2800nm-entservicesk9-mz	64	256
	Cisco 2800 IP BASE W/O CRYPTO	IP BASE W/O CRYPTO	c2800nm-ipbase-mz	64	256
	Cisco 2800 IP BASE	IP BASE	c2800nm-ipbasek9-mz	64	256
	Cisco 2800 IP VOICE W/O CRYPTO	IP VOICE W/O CRYPTO	c2800nm-ipvoice-mz	64	256
	Cisco 2800 INT VOICE/VIDEO, IPIP GW, TDMIP GW	INT VOICE/VIDEO, IPIP GW, TDMIP GW	c2800nm-ipvoice_ivs-mz	64	256
	Cisco 2800 IP VOICE	IP VOICE	c2800nm-ipvoicek9-mz	64	256
	Cisco 2800 SP SERVICES	SP SERVICES	c2800nm-spservicesk9-mz	64	256
2801	Cisco 2801 IOS AISK9-AESK9 FEAT SET FACTORY UPG FOR BUNDLES Cisco 2801 IOS ASK9-AESK9 FEAT SET FACTORY UPG FOR BUNDLES	IOS AISK9-AESK9 FEAT SET FACTORY UPG FOR BUNDLES IOS ASK9-AESK9 FEAT SET FACTORY UPG FOR BUNDLES	c2801-adventerprisek9-mz	64	192
	Cisco 2801 IOS INT VOICE/VIDEO, IPIPGW, TDMIP GW AES	IOS INT VOICE/VIDEO, IPIPGW, TDMIP GW AES	c2801-adventerprisek9_ivs-mz	64	256
	Cisco 2801 IOS ASK9-AISK9 FEAT SET FACTORY UPG FOR BUNDLES Cisco 2801 IOS SPSK9-AISK9 FEAT SET FACTORY UPG FOR BUNDLES	IOS SPSK9-AISK9 FEAT SET FACTORY UPG FOR BUNDLES IOS ASK9-AISK9 FEAT SET FACTORY UPG FOR BUNDLES	c2801-advipservicesk9-mz	64	92
	Cisco 2801 IOS ENTERPRISE BASE W/O CRYPTO	IOS ENTERPRISE BASE W/O CRYPTO	c2801-entbase-mz	64	128
	Cisco 2801 IOS ENTERPRISE BASE	IOS ENTERPRISE BASE	c2801-entbasek9-mz	64	128
	Cisco 2801 IOS ENTERPRISE SERVICES W/O CRYPTO	IOS ENTERPRISE SERVICES W/O CRYPTO	c2801-entservices-mz	64	192
	Cisco 2801 IOS ENTERPRISE SERVICES Cisco 2801 IOS SPSK9-ESK9 FEAT SET FACTORY UPG FOR BUNDLES	Cisco 2801 IOS ENTERPRISE SERVICES IOS SPSK9-ESK9 FEAT SET FACTORY UPG FOR BUNDLES	c2801-entservicesk9-mz	64	192
	Cisco 2801 IOS IP BASE W/O CRYPTO	IOS IP BASE W/O CRYPTO	c2801-ipbase-mz	64	128
	Cisco 2801 IOS IP BASE	IOS IP BASE	c2801-ipbasek9-mz	64	128
	Cisco 2801 IOS IP VOICE W/O CRYPTO	IOS IP VOICE W/O CRYPTO	c2801-ipvoice-mz	64	192
	Cisco 2801 IOS INT VOICE/VIDEO, IPIP GW, TDMIP GW	IOS INT VOICE/VIDEO, IPIP GW, TDMIP GW	c2801-ipvoice_ivs-mz	64	256
	Cisco 2801 IOS IP VOICE	IOS IP VOICE	c2801-ipvoicek9-mz	64	192
	Cisco 2801 IOS SP SERVICES Cisco 2801 IOS SPSK9-AESK9 FEAT SET FACTORY UPG FOR BUNDLES	IOS SP SERVICES IOS SPSK9-AESK9 FEAT SET FACTORY UPG FOR BUNDLES	c2801-spservicesk9-mz	64	192

Hardware Supported

Cisco IOS Release 12.4(4)XC supports the following Cisco 2800 series routers:

•Cisco 2801

•Cisco 2811

•Cisco 2821

•Cisco 2851

For descriptions of existing hardware features and supported modules, see the hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco 2800 series routers, which are available at:

http://www.cisco.com/en/US/products/ps5854/tsd_products_support_series_home.html 

Determining the Software Version

To determine the version of Cisco IOS software currently running on your Cisco 2800 series router, see About Cisco IOS Release Notes located at: http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4xy15/ReleaseNote.html.

Upgrading to a New Software Release

For general information about upgrading to a new software release, see About Cisco IOS Release Notes located at:

http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4xy15/ReleaseNote.html.

Feature Set Tables

For information about feature set tables, see About Cisco IOS Release Notes located at: http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4xy15/ReleaseNote.html.

New and Changed Information

This section contains the following information:

•Updated Naming Conventions

•New Software Features in Release 12.4(4)XC4

•New Software Features in Release 12.4(4)XC1

•New Hardware Features in Release 12.4(4)XC

•New Software Features in Release 12.4(4)XC

Updated Naming Conventions

The following product names have been changed in Cisco IOS Release 12.4(4)XC:

•Cisco Unified Communications Manager Express (Cisco CME) is now Cisco Unified Communications Manager Express. This change is effective in Cisco Unified CME version 4.0 and later releases.

•Cisco Survivable Remote Site Telephony (Cisco SRST) is now Cisco Unified SRST. This change is effective with Cisco Unified SRST version 4.0 and later releases.

New Software Features in Release 12.4(4)XC4

Cisco Unified CME 4.0(4) Extension Assigner

The Cisco Unified Communications Manager Express (CME) feature enables installation technicians to assign extension numbers to Cisco Unified CME phones without accessing the server. For more information, see the following URL: http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide/cmexasgn.html

New Software Features in Release 12.4(4)XC1

New features are available for Cisco Unified Communications Manager Express (Cisco Unified CME), including the following:

•FXO trunk enhancements—Supports shared lines, transfer recall for transferred and forwarded calls, status monitoring of FXO ports, and line button optimization for call transfer.

•Automatic line selection enhancement—Enables automatic line selection for incoming calls on the line associated with a specified button.

•Night service ring enhancement—Overrides silent ringing during active night service periods.

For more information, see the "Cisco Unified Communications Manager Express 4.0" section.

New Hardware Features in Release 12.4(4)XC

There are no new hardware features in Cisco IOS Release 12.4(4)XC.

New Software Features in Release 12.4(4)XC

The following sections describe the new software features supported by the Cisco 2800 series routers for Cisco IOS Release 12.4(4)XC:

•Call Detail Records (CDR) Feature Correlation ID for Supplementary Features

•Cisco Unified Communications Manager Express 4.0

•Cisco Unified Survivable Remote Site Telephony 4.0

•Customizable PSTN Tones and H.323 Call-Disconnect Cause Codes

•H.323 VoIP Call Preservation Enhancements for WAN Link Failures

•Integrated Services

•SCCP Analog (FXS) Ports

•SCCP PLAR with DTMF Out Pulse Digits for FXS Analog Phones

•Secure Communication Between IP-STE Endpoint and Lineside STE Endpoint

•Secure Communication Between IP-STE Endpoint and Trunkside STE Endpoint

•Video Support for SCCP-Based Endpoints

Call Detail Records (CDR) Feature Correlation ID for Supplementary Features

This feature captures additional information in CDRs for voice calls that are transferred or forwarded on phones controlled by Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST). It includes a unique correlation ID that identifies a given call feature across all legs in a call. CDR information can be output in RADIUS VSAs or system log (syslog) messages. For more information about this feature, go to the following URL:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_fcid.html

Cisco Unified Communications Manager Express 4.0

Cisco Unified Communications Manager Express 4.0 (Cisco Unified CME 4.0) delivers a number of next-generation telephony features that expand system capabilities and provide key productivity enhancements.

With this release, the product name has been changed to Cisco Unified Communications Manager Express to underscore its position as a member of the Cisco Unified Communications family of products.

New features and expanded capabilities are introduced in the following areas:

•Basic Automatic Call Distribution (B-ACD) and Auto-Attendant (AA) Service

•Direct Inward Dial Digit Translation Service, which provides a number transformation service for DID calls

•Call forwarding, call park, call transfer, and conferencing

•Ephone hunt groups, including dynamic membership and agent status control

•Ephone templates and ephone-dn templates to apply features quickly to phones and lines

•Phone support for remote teleworkers, Cisco IP Communicator, and the newest Cisco Unified IP phones:

–Cisco Unified IP Phone 7911G

–Cisco Unified IP Phone 7941G

–Cisco Unified IP Phone 7941G-GE

–Cisco Unified IP Phone 7961G

–Cisco Unified IP Phone 7961G-GE

•IP phone authentication for secure Skinny Client Control Protocol (SCCP) signaling between Cisco Unified CME and IP phones

•Fax passthrough mode using Cisco VG 224 voice gateways, Analog Telephone Adaptors (ATA), and SCCP

•Video support

•QSIG integration with TDM PBXs

•Feature access codes and feature control

•Redundant Cisco Unified CME router

For details about new features, see the "Feature History" chapter of the Cisco Unified Communications Manager Express System Administrator Guide at:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide/cmeroad.html

For links to all Cisco Unified Communications Manager Express documents, see:
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/tsd_products_support_series_home.html

Cisco Unified Survivable Remote Site Telephony 4.0

Cisco Unified Survivable Remote Site Telephony (SRST) 4.0 adds these features to the Cisco 2800 series routers in Cisco IOS Release 12.4(4)XC:

•Support for the following Cisco Unified IP Phone models:

–Cisco Unified IP Phone 7911G

–Cisco Unified IP Phone 7941G

–Cisco Unified IP Phone 7941G-GE

–Cisco Unified IP Phone 7961G

–Cisco Unified IP Phone 7961G-GE

•Cisco IP Communicator support

•Fax pass-though for ATA and Cisco VG 224 and Cisco VG 248 using SCCP mode.

•H.323 VoIP call preservation enhancements for WAN link failures

•Video support

For more information about these features, go to http://www.cisco.com/en/US/products/sw/voicesw/ps2169/products_configuration_guide_chapter09186a00806672f6.html#wp1048642.

Customizable PSTN Tones and H.323 Call-Disconnect Cause Codes

The Customizable PSTN Tones and H.323 Call-Disconnect Cause Codes featurette enables you to customize PSTN tones and H.323 call-disconnect cause codes for certain disconnect scenarios. Specifically, you can customize the following:

•PSTN tones that are applicable to foreign-exchange-station (FXS), PRI, and BRI calls and IP phones

•Q.850 call-disconnect cause codes for H.323 gateways

In addition, you can specify the mechanism for detecting media inactivity (silence) on a voice call: Real-Time Transport Protocol (RTP), RTP Control Protocol (RTCP), or both.

H.323 VoIP Call Preservation Enhancements for WAN Link Failures

Changes made to the Cisco IOS H.323 voice gateway and Cisco Unified Communications ManagerExpress in support of this feature make it possible to preserve calls when the WAN link flaps, resulting in a temporary TCP connection loss between the Cisco Unified Communications Manager Express and an IP phone or Cisco IOS H.323 voice gateway located in a remote site or branch office location.

Integrated Services

This feature allows data PRI services (dial-in, dial-on-demand routing [DDR], and DDR backup) to occur on top of voice-enabled PRI interfaces, and adds multilevel precedence and preemption (MLPP) capability for DDR calls over the active voice call when no idle channel is available during the DDR call setup.

•An ISDN interface can now be configured accept multiple call types to allow integrated data and voice services.

•Multilevel precedence and preemption (MLPP) is the placement of priority calls through the network. Precedence designates the priority level that is associated with a call. Preemption designates the process of terminating lower-priority calls so that a call of higher precedence can be extended.

For more information about the Integrated Services feature, see the Integrating Data and Voice Services for ISDN PRI Interfaces on Multiservice Access Routers document at:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/intserv.html

SCCP Analog (FXS) Ports

This feature provides Cisco IOS software support to enable Skinny Client Control Protocol (SCCP) supplementary features on analog FXS ports on a Cisco voice gateway under the control of Cisco Unified Communications Manager or a Cisco Unified Communications Manager Express (Cisco Unified CME) system. This feature is now supported on Cisco 280x and Cisco 380x platforms in Cisco IOS Release 12.4(4)XC. For more information, see:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/ht1vg224.html

SCCP PLAR with DTMF Out Pulse Digits for FXS Analog Phones

This feature provides private line automatic ring-down (PLAR) support for Skinny Client Control Protocol (SCCP) analog ports on a Cisco ISR voice gateway under the control of Cisco Unified Communications Manager or a Cisco Unified Communications Manager Express (Cisco Unified CME) system.

Secure Communication Between IP-STE Endpoint and Lineside STE Endpoint

This feature allows Secure Telephone Equipment (STE) and Secure Telephone Units (STUs) to encrypt voice and data streams with government proprietary algorithms (Type-1 encryption). To provide support for the legacy STEs & STUs and newer IP-STE, Cisco gateways support voice and data in secure and non-secure modes within the IP network and can pass calls to/from government TDM voice networks. This features allows analog STUs (Secure Telephony Units) and analog/BRI STEs (Secure Terminal equipment) to communicate in secure mode using v.150.1 modem relay. This feature provides the support for modem relay on gateways to the line side.

Secure Communication Between IP-STE Endpoint and Trunkside STE Endpoint

This feature enables encrypted and decrypted calls from an IP-STE controlled by Cisco Unified Communications Manager through a voice gateway to an STE in the Defense Switch Network (DSN). This project implements a subset of the v.150.1 modem relay standard.

Video Support for SCCP-Based Endpoints

The Video Support for SCCP-Based Endpoints feature adds video support for Cisco Unified Communications Manager Express to maintain close feature parity with Cisco Unified Communications Manager. This feature allows you to pass a video stream with a voice call between video-capable SCCP endpoints and between SCCP and H.323 endpoints. Through the Cisco Unified CME router, the video-capable endpoints can communicate with each other locally to a remote H.323 endpoint through a gateway or through an H.323 network.

For information about video support in Cisco Unified Communications Manager Express, see the "Video Support for SCCP-Based Endpoints" chapter in the Cisco Communications Manager Express System Administrator Guide at:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide/cmevideo.html

Limitations and Restrictions

There are no known limitations or restrictions.

Caveats

For general information on caveats and the bug toolkit, see About Cisco IOS Release Notes located at: http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4xy15/ReleaseNote.html.

This section contains the following caveat information:

•Resolved Caveats - Cisco IOS Release 12.4(4)XC7

•Open Caveats - Cisco IOS Release 12.4(4)XC7

•Resolved Caveats - Cisco IOS Release 12.4(4)XC7

•Open Caveats - Cisco IOS Release 12.4(4)XC6

•Resolved Caveats - Cisco IOS Release 12.4(4)XC5

•Open Caveats - Cisco IOS Release 12.4(4)XC5co

•Resolved Caveats - Cisco IOS Release 12.4(4)XC4

•Open Caveats - Cisco IOS Release 12.4(4)XC4 -

•Resolved Caveats - Cisco IOS Release 12.4(4)XC3

•Open Caveats - Cisco IOS Release 12.4(4)XC3-

•Resolved Caveats - Cisco IOS Release 12.4(4)XC2

•Open Caveats - Cisco IOS Release 12.4(4)XC2

•Resolved Caveats - Cisco IOS Release 12.4(4)XC1

•Open Caveats - Cisco IOS Release 12.4(4)XC1

•Resolved Caveats - Release 12.4(4)XC

•Open Caveats - Release 12.4(4)XC

•Caveat Updates and Special Notices

Resolved Caveats - Cisco IOS Release 12.4(4)XC7

CSCec12299

Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.

Workarounds are available to help mitigate this vulnerability.

This issue is triggered by a logic error when processing extended communities on the PE device.

This issue cannot be deterministically exploited by an attacker.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml.

CSCsd81407

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsi80749

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsg70474

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsi60004

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

•CSCse56501

A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.

CSCsg96319 reverse ssh eliminated telnet authentication on VTY

Symptom    When a reverse SSH session is established with valid authentication credentials, anyone can obtain unprivileged Telnet access to a system without being authenticated. This situation affects only reverse SSH sessions when a connection is made with the

ssh -l userid :number ip-address command.

Conditions   This symptom is observed only when the Reverse SSH Enhancement is configured. This enhancement is documented at the following URL:

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804831b6.html

Workaround   Configure reverse SSH by entering the ip ssh port portnum rotary group command. This configuration is explained at the following URL:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_q_and_a_item09186a0080267e0f.shtml#newq1

CSCsg40567 Memory leak found with malformed tls/ssl packets in http core process

Symptom    Malformed SSL packets may cause a router to leak multiple memory blocks.

Conditions   This symptom is observed on a Cisco router that has the ip http secure server command enabled.

Workaround   Disable the ip http secure server command.

CSCsg03449 Etherswitch module VLAN Trunking Protocol Vulnerabilities

Symptom   

•VTP Version field DoS

•Integer Wrap in VTP revision

•Buffer Overflow in VTP VLAN name

Conditions   The packets must be received on a trunk enabled port.

Further Information: On the 13th September 2006, Phenoelit Group posted an advisory containing three vulnerabilities:

–VTP Version field DoS

–Integer Wrap in VTP revision

–Buffer Overflow in VTP VLAN name

These vulnerabilities are addressed by Cisco IDs:

•CSCsd52629/CSCsd34759 -- VTP version field DoS

•CSCse40078/CSCse47765 -- Integer Wrap in VTP revision

•CSCsd34855/CSCei54611 -- Buffer Overflow in VTP VLAN name

•CSCsg03449 -- Etherswitch module VLAN Trunking Protocol Vulnerabilities. Cisco's statement and further information are available on the Cisco public website at: http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml

CSCsj44099 Router crashes if DSPFARM profile description is 128 characters long. 

Symptom    A cisco c3800 router can experience a memory corruption resulting in a crash if the description field under the "dspfarm profile" configuration matches the maximum of 128 characters.

Conditions   During configuration of the dspfarm profile through the CLI, a description that is 128 characters will cause a memory copy problem. If the user tries to display the results of the configuration using "show dspfarm profile", the router will crash trying to display the output.

Workaround   To prevent this problem configure the dspfarm profile description with 127 characters or less.

CSCse05736 A router running RCP can be reloaded with a specific packet

Symptom    A router that is running RCP can be reloaded by a specific packet.

Conditions   This symptom is seen under the following conditions

–The router must have RCP enabled.

–The packet must come from the source address of the designated system configured to send RCP packets to the router.

–The packet must have a specific data content.

Workaround   Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY Acts.

CSCec12299 Corruption of ext communities when receiving over ipv4 EBGP session

Symptom    EIGRP-specific Extended Community 0x8800 is corrupted and shown as 0x0:0:0.

Conditions   This symptom is observed when EIGRP-specific Extended Community 0x8800 is received via an IPv4 EBGP session on a CE router. This occurs typically in the following inter-autonomous system scenario:

ASBR/PE-1 <----> VRF-to-VRF <----> ASBR/PE-2

Workaround   Use a configuration such as the following to remove extended communities from the CE router:

router bgp 1

 address-family ipv4 vrf one

 neighbor 1.0.0.1 remote-as 100

 neighbor 1.0.0.1 activate

 neighbor 1.0.0.1 route-map FILTER in

 exit-address-family

!

ip extcommunity-list 100 permit _RT.*_

!         

!         

route-map FILTER permit 10

 set extcomm-list 100 delete

! 

CSCse24889 Malformed SSH version 2 packets may cause processor memory depletion

Symptom    Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.

Conditions   This symptom is observed on a Cisco platform that is configured for SSH version 2 after it has received malformed SSHv2 packets.

Workaround   As an interim solution until the affected platform can be upgraded to a Cisco IOS software image that contains the fix for caveat CSCse24889, configure SSH version 1 from the global configuration mode, as in the following example:

config t

ip ssh version 1

end

Alternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:

Workaround   

10.1.1.0/24 is a trusted network that

is permitted access to the router, all

other access is denied

access-list 99 permit 10.1.1.0 0.0.0.255

access-list 99 deny any

line vty 0 4

access-class 99 in

end

Further Problem Description: For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080716ec2.html. For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document: /en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

CSCsc40493 Lengthy PADR frame could crash PPPoE BRAS

Symptom    A PPPoE aggregation server (BRAS) may reset when receiving a malformed PPPoE message.

Conditions   A malformed PPPoE message must be received on an aggregation interface.

Workaround   There is no workaround.

CSCsh53643 mbar/isync compiler automation (No RNE available)

CSCsh77241 Reverting the compiler back to c2.95.3-p11b (No RNE available)

•CSCsi01470

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.

Open Caveats - Cisco IOS Release 12.4(4)XC7

There are no open caveats in this release.

Resolved Caveats - Cisco IOS Release 12.4(4)XC6

CSCsf30058

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsb40304

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

–Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.

---

Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.

---

A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

CSCsd85587

A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

The vulnerable cryptographic library is used in the following Cisco products:

–Cisco IOS, documented as Cisco bug ID CSCsd85587

–Cisco IOS XR, documented as Cisco bug ID CSCsg41084

–Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999

–Cisco Unified Communications Manager, documented as Cisco bug ID CSCsg44348

–Cisco Firewall Service Module (FWSM)

This vulnerability is also being tracked by CERT/CC as VU#754281.

Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.

---

Note Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.

---

CSCsd92405

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

–Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.

---

Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.

---

A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml

CSCek48162: TDM cross connects before last call disconnect and assertions

Symptom    : Under heavy stress few tdm assertion failures are seen

Conditions   :This is seen with SS7 with more than 50 calls per second.

Workaround: There is no workaround

CSCek51075: Assertion failures at tdm_local_endpoints_connect CSCek61570 Trunk dn 
stuck in seize/seize state and does not recover. 

Symptom    : Few assertions may be seen during bootup and for the first set of calls. This does not have any effect on the system.

Conditions   : This may happen in a situation when the calls are cleared as the system goes for a rommon.

Workaround   : There is no workaround

CSCsb25337:Unnecessary tcp ports opened in default router config Cisco devices 
running IOS that support voice and are not configured for Session Initiated 
Protocol (SIP), are vulnerable to a crash. However, these devices are isolated to 
traffic destined to User Datagram Protocol (UDP) 5060. Devices which are properly 
configured for SIP processing are not vulnerable to this issue.

Workaround   : See the advisory posted at: http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml

CSCsc72722: CBAC-firewall resets TCP idle timer upon receiving invalid TCP packets

Symptom    : TCP connections that are opened through a Cisco IOS Firewall (CBAC) may not timeout.

Conditions   : With Cisco IOS Firewall (CBAC) enabled, the TCP idle timer for a session may be reset even by TCP packets that fail TCP inspection and are subsequently dropped. This could lead to the TCP session not timing out.

Workaround   : There is no workaround.

CSCsd91454: One way voice traffic due to incorrect IPHC(UDP) Di0: CS 1 IPCRC 

Symptom    : Voice traffic is dropped in one direction due to IPHC IPCRC error.

Conditions   :The problem is found some time after the voice call has been established. When the problem is occurring, the logs show IPHC error messages.

Workaround   : Use process switching

CSCsd92405: Router crashes on receipt of repeated SSL connection with malformed 
finished message

Symptom    : A router crashes when receiving multiple malformed TLS and/or SSL3 finished messages. A valid user name and password are not required for the crash to occur.

Conditions   : This symptom is observed when a router has HTTP secure server enabled and has an open, unprotected HTTP port.

Workaround   : There is no workaround, however, user can minimize the chances of the symptom occurring by permitting only legitimate hosts to access HTTP on the router.

CSCse58397: ISDN BRI Dialer Interface is always in up state 

Symptom    : ISDN B channels are in UP state

Conditions   :After reload and after shut/no shut

Workaround   : There is no workaround

CSCsf28515: Crashes at mars_default_port_dsp_connect

Symptom    : Router crashes at mars_default_port_dsp_connect after call passes through the digital voice-port.

Workaround   : There is no workaround

CSCsf28711: 5850 reloads unexpectedly on making a single call CSCsf28840 crash due 
to configured peer type control vector

Symptom    : Active eRSC reloads with traceback when first (PRI/SS7)call is made.

Conditions   : This issue is seen when 5850tb is working with 12.4(10.5)PI5 image. Gateway come up with this image, when first (PRI/SS7) call is made the active eRSC reloads unexpectedly with traceback. This reload is seen for both H323 and SIP calls. Similar issue is seen in 5400 when MGCP-SIP call is made.

Workaround   :There is no workaround

CSCsg16908: IOS FTP Server Deprecation

CSCsg46546: Erroneous alerting during pickup with CSCek58324. Call focus is wrong 
after picking up a trunk dn

Symptom    : After an attempt to pick up an onhold trunk dn, the call display on the ephone which puts this DN to onhold is messed up. The call can not be picked up successfully by other phone and it becomes the focus one on the phone. The connected trunk dn can not be displayed and other incoming call can not be put on hold.

Conditions   : There are two incoming trunk DN calls. The 1st one is answered and then the 2nd one. The 1st one is put onhold automatically when the 2nd one is answered. After the other phone attempts to pick up the 1st call, the pickup fails and the 1st call becomes the focus one on the phone. The softkey is displayed incorrectly.

Workaround   : Press the line button to resume the call onhold instead of picking it up from pickup button or fac dialing. However, this workaround can not be applied to a phone which does not have the trunk DN configured.

CSCsg47834: NACK is observed for Open Voice Channel command 

Symptom    : NACK message may be received from 5510 DSP in response to Open Voice Channel command sent by the IOS.

Conditions   : This problem may be observed when a same 5510 DSP is used as a Trans coding and Voice Termination resource.

Workaround   : 1) Disable Trans coding (or)

2) Make sure that the Trans coding and Voice Termination are on different DSP(s). This can be performed by configuring the maximum number of trans coding sessions to a value such that it would require a multiple of 240 DSP credits. Example 1:

In the following configuration each trans coding session (complexity=high) will require 40 
DSP credits. In order to use a multiple of 240 credits, we need to set the maximum trans 
coding sessions to 6 (6 * 40 = 240) or any multiple of 6.

dspfarm profile 1 trans code

 codec g711ulaw

 codec g729r8

 associate application SCCP

Router(conf-t)#dspfarm profile 1 transcode

Router(config-dspfarm-profile)#maximum sessions 6

Example 2:

In the following configuration each transcoding session (complexity=medium) will 
require 30 DSP credits. In order to use a multiple of 240 credits, we need to set the 
maximum trans coding sessions to 8 (8 * 30 = 240) or any multiple of 8.

dspfarm profile 2 trans code

 codec g711ulaw

 codec g711alaw

 codec g729ar8

 codec g729abr8

 associate application SCCP

Router(conf-t)#dspfarm profile 2 transcode

Router(config-dspfarm-profile)#maximum sessions 8

Use "show voice dsp group all" command to verify DSP resource allocation.

Note: Each 5510 DSP has 240 Credits. This work-around cannot be implemented if the router has only one PVDM2-16 which has only one DSP.

CSCsg59037: 851/871 cannot upgrade rommon from IOS

Symptom    : Cisco 851 and 871 routers have no way to remotely upgrade the ROMMON firmware image.

Conditions   : Cisco IOS versions for the Cisco 851 and 871 routers did not provide a mechanism to remotely upgrade the ROMMON firmware image.

Workaround   : Cisco IOS Release 12.4(11)T1 for the Cisco 851 and 871 router introduces the command upgrade rom-monitor file which allows the ROMMON firmware image to be remotely upgraded. See this link for more information:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tcf_r/cf_13ht.htm#wp1032550

CSCsg66096: Privacy ON: call onhold can be intercepted by directed pickup 
operation

CSCsg66846: TNP phones opening new call when selecting shared transferring line 

CSCsg68199: Trunk DN offhook is not propagated to a phone already in dial out mode

Symptom    : Two IP Phones A and B are registered with Cisco Unified Communications Manager Express; these phones share two trunk DNs 1 & 2. If Phone-A goes offhook on DN-1 and Phone-B immediately goes offhook on DN-2. This condition should show the DN-2 button on Phone-A as busy which is not happening.

Conditions   :This happens only when trunk DNs are used and the they go offhook in quick succession on different phones and are in dialing mode.

Workaround   : There is no workaround

CSCsg68711: Incoming call in background does not ring after transfer commit

Symptom    : Phone does not ring for the second incoming call after committing transfer at alert for the first call.

Conditions   : While transferring a trunk DN call, a call comes in. After committing the transfer at alert, the incoming call still does not ring on the phone.

Workaround   : There is no workaround.

CSCsg70221: DTMF through the hairpin of a trunk DN does not work 

Symptom    : DTMF tones are being suppressed to prevent duplicate DTMF tones from being extended to an SCCP controlled VG224 port. This problem is a direct result of a fix implemented for correct CSCsf98754. The lack of DTMF prevents IVR devices from working correctly.

<