Summary
Affected Products
Details
Vulnerability Scoring Details
Impact
Software Versions and Fixes
Workarounds
Obtaining Fixed Software
Exploitation and Public Announcements
Status of this Notice: FINAL
Distribution
Revision History
Cisco Security Procedures
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.
Note: The March 26, 2008 publication includes five Security Advisories. The Advisories all affect Cisco's Internetwork Operating System (IOS). Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities in all five Advisories. Please reference the following software table to find a release which fixes all published Security Advisories as of March 26th, 2008.
Individual publication links are listed below:
Only Cisco IOS software releases that have IPv6 enabled are affected by this vulnerability. In order to be vulnerable both support for IPv6 protocol and IPv4 UDP-based services must be enabled on the device. The IPv6 is not enabled by default in Cisco IOS software.
To determine the software running on a Cisco IOS product, log in to the device and issue the show version command to display the system banner. Cisco IOS software will identify itself as "Internetwork Operating System Software" or simply "IOS." On the next line of output, the image name will be displayed between parentheses, followed by "Version" and the Cisco IOS software release name. Other Cisco devices will not have the show version command, or will give different output.
The following example shows output from a device running a Cisco IOS image:
Router>show version Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(15)T2, RELEASE SOFTWARE (fc7) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 17-Jan-08 23:12 by prod_rel_team
Additional information about Cisco IOS software release naming is available at the following link: http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_white_paper09186a008018305e.shtml.
In order for an interface to be vulnerable two conditions must be satisfied:
No other IPv4 UDP-based services are known to be affected.
IPv6 protocol is enabled on an interface if either or both of the following configuration lines are present in the configuration:
Router#show running-config interface FastEthernet0/1 ipv6 address 2001:0DB8:C18:1::/64 eui-64
Router#show running-config interface FastEthernet0/1 ipv6 enabled
If any of the interfaces contain either or both of the ipv6 lines then IPv6 is enabled on that particular interface.
To determine whether device is affected or not, use the show ip sockets command to display all UDP ports device is listening to. In some newer IOS releases the command show ip sockets is obsoleted, and the alternate command show udp can be used instead. The output is identical to the show ip sockets command.
The device is vulnerable if the Local Port column (fifth from the left) in the output of show ip sockets contains any of the port numbers listed in the example below.
Router#show ip sockets Proto Remote Port Local Port In Out Stat TTY OutputIF 17 192.168.100.1 49 192.168.100.2 49 0 0 11 0 17 0.0.0.0 0 192.168.100.2 53 0 0 211 0 17 --listen-- 192.168.100.2 1698 0 0 1 0 17 192.168.100.1 1701 192.168.100.2 1701 1 0 1021 0 17 0.0.0.0 0 192.168.100.2 1967 0 0 211 0 17 0.0.0.0 0 --any-- 2427 0 0 211 0 17 0.0.0.0 0 --any-- 5060 0 0 211 0
No other Cisco products are currently known to be affected by this vulnerability.
Any device running Cisco IOS without IPv6 enabled is not vulnerable. Cisco IOS XR and Cisco PIX/ASA are not affected.
To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation of the vulnerability may result in one of the following two conditions:
This vulnerability is independent of the interface media type. A blocked interface will immediately stop receiving any subsequent packets destined to the device itself until it is unblocked. It is possible to unblock the interface using methods other than a device reload. These methods are described in the Workarounds section. All other interfaces are unaffected and will continue receiving and transmitting packets.
Blocked interface may allow transit traffic to flow for a period of time. Transit traffic may continue to flow until either the respective routing entry or Address Resolution Protocol (ARP) entry expires, whichever event occurs first. Depending on the circumstances the transit traffic can stop flowing through the blocked interface within a few seconds or continue up to four hours (which is the ARP cache default lifetime). After that no further transit traffic will flow through the blocked interface.
No other IPv4 UDP-based services are known to be affected by this vulnerability.
This vulnerability is documented in Cisco Bug ID CSCse56501, and has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2008-1153.
The show interfaces command can be used to view the input queue size to identify a blocked input interface. A device under attack, but not yet blocked will show the Input queue size increasing without a subsequent decrease. If the current size (in this case, 76) is larger than the maximum size (75), the input queue is blocked. The value of 75 is the default value and it can be changed using the interface command hold-queue X in .
Router#show interfaces FastEthernet 0/1 | include queue Input queue: 76/75/0/0 (size/max/drops/flushes); Total output drops: 0 Output queue: 0/40 (size/max)
The example above shows that the interface FastEthernet0/1 is blocked.
The show ip sockets command can be used to determine which protocol blocks the interface. If In column (sixth from the left) of the output contains any other number than zero (0) that is an indication that packets of that particular protocol are blocking, or starting to block, the interface. The following example shows DNS packets that are beginning to fill the input queue of the interface. The interface is not completely blocked because only 13 packets are in the input queue.
Router#show ip sockets Proto Remote Port Local Port In Out Stat TTY OutputIF 17 192.168.100.1 49 192.168.100.2 49 0 0 11 0 17 0.0.0.0 0 192.168.100.2 53 13 0 211 0 17 --listen-- 192.168.100.2 1698 0 0 1 0 17 192.168.100.1 1701 192.168.100.2 1701 1 0 1021 0 17 0.0.0.0 0 192.168.100.2 1967 0 0 211 0 17 0.0.0.0 0 --any-- 2427 0 0 211 0 17 0.0.0.0 0 --any-- 5060 0 0 211 0
The output of the show ip sockets command does not provide information on interfaces. It is possible that packets from multiple protocols may be blocking a single interface. The output of the command must be interpreted with the device's configuration to establish the affected port.
Additional methods that can be used to detect blocked interfaces are described in "Cisco Applied Mitigation Bulletin: User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-Stack Routers" document available at http://www.cisco.com/warp/public/707/cisco-amb-20080326-IPv4IPv6.shtml. The method utilizes Embedded Event Manager (EEM) and Applets or an EEM Script.
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html.
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss.
|
UDP delivery issue when IPv4 and IPv6 are bound to the same socket Calculate the environmental score of CSCse56501 |
||||||
|---|---|---|---|---|---|---|
|
CVSS Base Score - 7.8 |
||||||
|
Access Vector |
Access Complexity |
Authentication |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
|
Network |
Low |
None |
None |
None |
Complete |
|
|
CVSS Temporal Score - 6.4 |
||||||
|
Exploitability |
Remediation Level |
Report Confidence |
||||
|
Functional |
Official-Fix |
Confirmed |
||||
Successful exploitation of the vulnerability can result in one of the following two conditions:
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table.
|
Major Release |
Availability of Repaired Releases |
|
|---|---|---|
|
Affected 12.0-Based Releases |
First Fixed Release |
Recommended Release |
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Vulnerable; contact TAC |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Vulnerable; contact TAC |
|
|
|
Vulnerable; contact TAC |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Affected 12.1-Based Releases |
First Fixed Release |
Recommended Release |
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Releases prior to 12.1(5)YE6 are vulnerable, release 12.1(5)YE6 and later are not vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
|
|
|
Affected 12.2-Based Releases |
First Fixed Release |
Recommended Release |
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.3BC |
12.3(23)BC1 |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.3XI |
|
|
|
Vulnerable; first fixed in 12.3BC |
12.3(23)BC1 |
|
|
Vulnerable; first fixed in 12.3BC |
12.3(23)BC1 |
|
|
Vulnerable; contact TAC |
|
|
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.2SG |
12.2(25)EWA13 12.2(31)SGA5 12.2(44)SG |
|
|
Vulnerable; first fixed in 12.2SG |
12.2(25)EWA13 12.2(31)SGA5 12.2(44)SG |
|
|
12.2(25)EWA10 12.2(25)EWA11 |
12.2(25)EWA13 |
|
|
12.2(35)EX1 12.2(37)EX |
12.2(40)EX1 |
|
|
12.2(37)EY |
|
|
|
Vulnerable; first fixed in 12.2SEE |
|
|
|
Vulnerable; first fixed in 12.2SEE |
|
|
|
Vulnerable; first fixed in 12.2SEG |
12.2(25)SEG4 |
|
|
Vulnerable; first fixed in 12.2SE |
12.2(44)SE1 |
|
|
Vulnerable; contact TAC |
|
|
|
Vulnerable; contact TAC |
|
|
|
Vulnerable; contact TAC |
|
|
|
Vulnerable; contact TAC |
|
|
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.3JA |
|
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; contact TAC |
|
|
|
12.2(15)MC2h |
12.2(15)MC2k |
|
|
12.2(14)S18 12.2(18)S13 12.2(20)S14 12.2(25)S13 |
12.2(25)S15 |
|
|
12.2(28)SB7 12.2(31)SB5 12.2(33)SB; Available on 31-MAR-2008 |
12.2(31)SB11 |
|
|
Vulnerable; first fixed in 12.2SB; Available on 31-MAR-2008 |
12.2(31)SB11 |
|
|
Not Vulnerable |
|
|
|
12.2(35)SE4 12.2(37)SE |
12.2(44)SE1 |
|
|
Vulnerable; first fixed in 12.2SEE |
|
|
|
Vulnerable; first fixed in 12.2SEE |
|
|
|
Vulnerable; first fixed in 12.2SEE |
|
|
|
Vulnerable; first fixed in 12.2SEE |
|
|
|
12.2(25)SEE4 |
|
|
|
12.2(25)SEF3 |
12.2(44)SE1 |
|
|
12.2(25)SEG3 |
12.2(25)SEG4 |
|
|
12.2(25)SG3 12.2(31)SG3 12.2(37)SG |
12.2(44)SG |
|
|
12.2(31)SGA2 12.2(31)SGA3 12.2(31)SGA6; Available on 07-APR-2008 |
12.2(31)SGA5 |
|
|
Not Vulnerable |
|
|
|
Vulnerable; contact TAC |
|
|
|
Vulnerable; migrate to any release in 12.2SVA |
12.2(29)SVD |
|
|
12.2(33)SRA4 |
12.2(33)SRA7 |
|
|
12.2(33)SRB1 |
12.2(33)SRB3; Available on 14-APR-08 |
|
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.2(29b)SV |
12.2(29b)SV |
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Vulnerable; contact TAC |
|
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
12.2(18)SXF10a 12.2(18)SXF12a 12.2(18)SXF9 |
12.2(18)SXF13 |
|
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.2S |
12.2(25)S15 12.2(31)SB11 12.2(33)SRC |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
12.2(8)TPC10b |
|
|
|
Vulnerable; first fixed in 12.2SB; Available on 31-MAR-2008 |
12.2(31)SB11 |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3BC |
12.3(23)BC1 |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
12.2(33)XN1 |
12.3(26) |
|
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
12.2(4)YA13; Available on 31-MAR-2008 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.2S |
12.2(25)S15 12.2(31)SB11 12.2(33)SRC |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Not Vulnerable |
|
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.2S |
12.2(25)S15 12.2(31)SB11 12.2(33)SRC |
|
|
Vulnerable; first fixed in 12.2SXF |
12.2(18)SXF13 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; contact TAC |
|
|
|
Vulnerable; first fixed in 12.3 |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.3YG |
12.4(15)T4 12.4(18a) |
|
|
12.2(13)ZH9 |
12.2(13)ZH11 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(15)T4 12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; migrate to any release in 12.2SXH |
12.2(33)SXH2 |
|
|
Not Vulnerable |
|
|
|
Affected 12.3-Based Releases |
First Fixed Release |
Recommended Release |
|
12.3(17c) 12.3(18a) 12.3(19a) 12.3(23) |
12.3(26) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.3(17b)BC8 12.3(21a)BC2 12.3(23)BC |
12.3(23)BC1 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Not Vulnerable |
|
|
|
12.3(11)JA4 12.3(7)JA5 |
|
|
|
12.3(8)JEA2 |
12.3(8)JEA4 |
|
|
12.3(8)JEB1 |
12.3(8)JEB2 |
|
|
Not Vulnerable |
|
|
|
12.3(2)JK3 12.3(8)JK |
12.3(8)JK1 |
|
|
12.3(2)JL2 |
12.3(2)JL4 |
|
|
12.3(7)JX9 |
12.3(7)JX10 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.3(4)TPC11b |
|
|
|
Vulnerable; contact TAC |
|
|
|
12.3(2)XA6 |
12.3(2)XA7; Available on 31-MAR-08 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.3(2)XC5 |
12.4(15)T4 12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.3(2)XE6; Available on 31-MAR-2008 |
12.4(15)T4 12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.3YG |
12.4(15)T4 12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.3(7)XI10 |
|
|
|
Vulnerable; first fixed in 12.3YX |
12.3(14)YX11 12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
12.3(7)XR7 |
12.3(7)XR8; Available on 31-MAR-08 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.3YX |
12.3(14)YX11 12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4 |
12.4(18a) |
|
|
Vulnerable; first fixed in 12.4 |
12.4(15)T4 12.4(18a) |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.3YX |
12.3(14)YX11 12.4(15)T4 |
|
|
12.3(8)YG6 |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
12.3(11)YK3 |
12.4(15)T4 |
|
|
12.3(14)YM10 |
12.3(14)YM12 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
12.3(11)YS3; Available on 31-MAR-2008 |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4T |
12.4(15)T4 |
|
|
Vulnerable; first fixed in 12.4XB |
|
|
|
12.3(14)YX8 |
12.3(14)YX11 |
|
|
12.3(11)YZ2 |
|
|
|
Affected 12.4-Based Releases |
First Fixed Release |
Recommended Release |
|
12.4(10c) 12.4(12) 12.4(3h) 12.4(5c) 12.4(7e) 12.4(8d) |
12.4(18a) |
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|
|
Not Vulnerable |
|
|