Cisco Event Response: Semiannual Cisco IOS Software Advisory Bundled Publication

September 23, 2009

Cisco released its semiannual Cisco IOS Software Advisory bundled publication on September 23, 2009. The publication includes 11 Security Advisories that address 12 individual vulnerabilities in Cisco IOS Software and Cisco Unified Communications Manager. Exploits of the individual vulnerabilities could result in two different impacts, a breach in confidentiality or a denial of service.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Cisco IOS Software Advisory bundled publication:

Cisco Security Advisory	Cisco Applied Mitigation Bulletin	Cisco IntelliShield Alert	CVE ID	CVSS Base Score
cisco-sa-20090923-acl Cisco IOS Software Object-group Access Control List Bypass Vulnerability	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software Object Group Access Control List Bypass Vulnerability	CVE-2009-2862	4.3
cisco-sa-20090923-auth-proxy Cisco IOS Software Authentication Proxy Vulnerability	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software Authentication Proxy Denial of Service Vulnerability	CVE-2009-2863	7.1
cisco-sa-20090923-cm Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Denial of Service Vulnerabilities in Cisco Unified Communications Manager and Cisco IOS Software	Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability	CVE-2009-2864	7.8
cisco-sa-20090923-cme Cisco Unified Communications Manager Express Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager Express Vulnerability	Cisco IOS Software Extension Mobility Feature Remote Buffer Overflow Vulnerability	CVE-2009-2865	7.6
cisco-sa-20090923-h323 Cisco IOS Software H.323 Denial of Service Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Denial of Service Vulnerabilities in Cisco Unified Communications Manager and Cisco IOS Software	Cisco IOS Software H.323 Message Processing Denial of Service Vulnerability	CVE-2009-2866	7.8
cisco-sa-20090923-ios-fw Cisco IOS Software Zone-Based Policy Firewall Vulnerability	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Remote Denial of Service Vulnerability	CVE-2009-2867	7.8
cisco-sa-20090923-ipsec Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability	Cisco IOS Software Internet Key Exchange IPsec Remote Denial of Service Vulnerability	CVE-2009-2868	7.8
cisco-sa-20090923-ntp Cisco IOS Software Network Time Protocol Packet Vulnerability	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software Network Time Protocol Version 4 Remote Denial of Service Vulnerability	CVE-2009-2869	7.8
cisco-sa-20090923-sip Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Denial of Service Vulnerabilities in Cisco Unified Communications Manager and Cisco IOS Software	Cisco IOS Software Session Initiation Protocol Remote Denial of Service Vulnerability	CVE-2009-2870	7.8
cisco-sa-20090923-tls Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software Encryption Packet Remote Denial of Service Vulnerability	CVE-2009-2871	7.8
cisco-sa-20090923-tunnels Cisco IOS Software Tunnels Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Tunnels Vulnerability	Cisco IOS Software Bad Packet Tunnel-to-Tunnel Remote Denial of Service Vulnerability	CVE-2009-2872	7.1
		Cisco IOS Software IP Tunnels Remote Denial of Service Vulnerability	CVE-2009-2873	7.1

Return to Cisco Security Intelligence Operations