Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication

March 24, 2010

Cisco released its semiannual Cisco IOS Software Advisory bundled publication on March 24, 2010. The publication includes seven security advisories that address 11 individual vulnerabilities in Cisco IOS Software. Exploits of the individual vulnerabilities could result in remote code execution or a denial of service. In addition to the information provided in each Cisco Security Advisory, Cisco has also published the Summary of Cisco IOS Software Bundled Advisories, March 24, 2010, which identifies the software releases that correct all 11 vulnerabilities.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Cisco IOS Software Security Advisory bundled publication:

Cisco Security Advisory	Cisco Applied Mitigation Bulletin	Cisco IntelliShield Alert	CVE ID	CVSS Base Score
cisco-sa-20100324-ldp Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software MPLS Packet Vulnerability	Cisco IOS Software MPLS Packet Processing Denial of Service Vulnerability	CVE-2010-0576	7.8
cisco-sa-20100324-tcp Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability	Cisco IOS Software TCP Packet Processing Denial of Service Vulnerability	CVE-2010-0577	7.1
cisco-sa-20100324-ipsec Cisco IOS Software IPsec Vulnerability	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software IPsec Denial of Service Vulnerability	CVE-2010-0578	7.8
cisco-sa-20100324-sip Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager Express and Cisco IOS Software H.323 and SIP DoS	Cisco IOS Software SIP Message Handling Denial of Service Vulnerability	CVE-2010-0579	10.0
		Cisco IOS Software SIP Message Processing Arbitrary Code Execution Vulnerability	CVE-2010-0580	7.8
		Cisco IOS Software SIP Packet Parsing Arbitrary Code Execution Vulnerability	CVE-2010-0581	10.0
cisco-sa-20100324-h323 Cisco IOS Software H.323 Denial of Service Vulnerabilities	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager Express and Cisco IOS Software H.323 and SIP DoS	Cisco IOS Software H.323 Packet Processing Blocked Interface Denial of Service Vulnerability	CVE-2010-0582	7.8
		Cisco IOS Software H.323 Protocol Packet Handling Memory Leak Denial of Service Vulnerability	CVE-2010-0583	7.8
cisco-sa-20100324-sccp Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software NAT SCCP Denial of Service Vulnerability	CVE-2010-0584	7.8
cisco-sa-20100324-cucme Cisco Unified Communications Manager Express Denial of Service Vulnerabilities	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager Express and Cisco IOS Software H.323 and SIP DoS	Cisco IOS Software Unified Communications Manager Express SCCP Packet Processing Denial of Service Vulnerability	CVE-2010-0585	7.8
		Cisco IOS Software Unified Communications Manager Express SCCP Request Handling Denial of Service Vulnerability	CVE-2010-0586	7.8

Return to Cisco Security Intelligence Operations