Cisco Event Response: Semi-Annual Cisco IOS Software Advisory Bundled Publication

March 25, 2009

Cisco released its semi-annual Cisco IOS Software Advisory bundled publication on March 25, 2009. The publication includes eight Security Advisories that address 10 individual vulnerabilities. These advisories address vulnerabilities in Cisco IOS Software. Exploits of the individual vulnerabilities could result in two different impacts, a breach in confidentiality or a denial of service.

Cisco Security Intelligence Engineering and Cisco Security IntelliShield Alert Manager

The following table identifies Cisco Security Intelligence Engineering content and Cisco Security IntelliShield Alert Manager alerts that are associated with this Cisco publication:

Cisco Security Advisory	Cisco Applied Mitigation Bulletin	Cisco IntelliShield Alert	CVE ID	CVSS Base Score
cisco-sa-20090325-ctcp Cisco IOS cTCP Denial of Service Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS cTCP Denial of Service Vulnerability	Cisco IOS Software Cisco Tunneling Control Protocol Packet Processing Denial of Service Vulnerability	CVE-2009-0635	7.8
cisco-sa-20090325-ip Cisco IOS Software Multiple Features IP Sockets Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Crafted TCP Sequence and IP Sockets Vulnerabilities	Cisco IOS Software IP Sockets Denial of Service Vulnerability	CVE-2009-0630	7.8
cisco-sa-20090325-mobileip Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software Mobile IP MIPv6 Packet Processing Denial of Service Vulnerability	CVE-2009-0633	7.8
		Cisco IOS Software Mobile IP ICMP Packet Processing Denial of Service Vulnerability	CVE-2009-0634	7.1
cisco-sa-20090325-scp Cisco IOS Software Secure Copy Privilege Escalation Vulnerability	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software Secure Copy Privilege Escalation Vulnerability	CVE-2009-0637	9.0
cisco-sa-20090325-sip Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Session Initiation Protocol and Crafted UDP Vulnerabilities	Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability	CVE-2009-0636	7.8
cisco-sa-20090325-tcp Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Crafted TCP Sequence and IP Sockets Vulnerabilities	Cisco IOS Software Malformed TCP Sequence Processing Denial of Service Vulnerability	CVE-2009-0629	7.8
cisco-sa-20090325-udp Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Session Initiation Protocol and Crafted UDP Vulnerabilities	Cisco IOS Software UDP Packet Processing Denial of Service Vulnerability	CVE-2009-0631	7.8
cisco-sa-20090325-webvpn Cisco IOS Software WebVPN and SSLVPN Vulnerabilities	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software WebVPN HTTPS Processing Denial of Service Vulnerability	CVE-2009-0626	7.8
		Cisco IOS Software SSLVPN Session Memory Leak Denial of Service Vulnerability	CVE-2009-0628	7.8

Return to Cisco Security Center