Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication

March 24, 2010

Cisco released its semiannual Cisco IOS Software Advisory bundled publication on March 24, 2010. The publication includes seven security advisories that address 11 individual vulnerabilities in Cisco IOS Software. Exploits of the individual vulnerabilities could result in remote code execution or a denial of service. In addition to the information provided in each Cisco Security Advisory, Cisco has also published the Summary of Cisco IOS Software Bundled Advisories, March 24, 2010, which identifies the software releases that correct all 11 vulnerabilities.

 

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Cisco IOS Software Security Advisory bundled publication:

Cisco Security Advisory Cisco Applied Mitigation Bulletin Cisco IntelliShield Alert CVE ID
Search CVEs
CVSS
Base Score
CVSS Q&A

cisco-sa-20100324-ldp

Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability

Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software MPLS Packet Vulnerability Cisco IOS Software MPLS Packet Processing Denial of Service Vulnerability CVE-2010-0576 7.8

cisco-sa-20100324-tcp

Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability

Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability Cisco IOS Software TCP Packet Processing Denial of Service Vulnerability CVE-2010-0577 7.1

cisco-sa-20100324-ipsec

Cisco IOS Software IPsec Vulnerability

Refer to the Workarounds section of the associated PSIRT advisory Cisco IOS Software IPsec Denial of Service Vulnerability CVE-2010-0578 7.8

cisco-sa-20100324-sip

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager Express and Cisco IOS Software H.323 and SIP DoS Cisco IOS Software SIP Message Handling Denial of Service Vulnerability CVE-2010-0579 10.0
Cisco IOS Software SIP Message Processing Arbitrary Code Execution Vulnerability CVE-2010-0580 7.8
Cisco IOS Software SIP Packet Parsing Arbitrary Code Execution Vulnerability CVE-2010-0581 10.0

cisco-sa-20100324-h323

Cisco IOS Software H.323 Denial of Service Vulnerabilities
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager Express and Cisco IOS Software H.323 and SIP DoS Cisco IOS Software H.323 Packet Processing Blocked Interface Denial of Service Vulnerability CVE-2010-0582 7.8
Cisco IOS Software H.323 Protocol Packet Handling Memory Leak Denial of Service Vulnerability CVE-2010-0583 7.8

cisco-sa-20100324-sccp

Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability
Refer to the Workarounds section of the associated PSIRT advisory Cisco IOS Software NAT SCCP Denial of Service Vulnerability CVE-2010-0584 7.8

cisco-sa-20100324-cucme

Cisco Unified Communications Manager Express Denial of Service Vulnerabilities

Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager Express and Cisco IOS Software H.323 and SIP DoS Cisco IOS Software Unified Communications Manager Express SCCP Packet Processing Denial of Service Vulnerability CVE-2010-0585 7.8
Cisco IOS Software Unified Communications Manager Express SCCP Request Handling Denial of Service Vulnerability CVE-2010-0586 7.8

Return to Cisco Security Intelligence Operations