Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication

September 22, 2010

Cisco released its semiannual Cisco IOS Software Advisory bundled publication on September 22, 2010. The publication includes six security advisories that address 10 individual vulnerabilities in Cisco IOS Software and Cisco Unified Communications Manager. Exploits of the individual vulnerabilities could result in a denial of service. In addition to the information provided in each Cisco Security Advisory, Cisco has also published the Summary of Cisco IOS Software Bundled Advisories, September 22, 2010, which identifies the software releases that correct all 10 vulnerabilities.

 

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Cisco IOS Software Security Advisory bundled publication:

Cisco Security Advisory Cisco Applied Mitigation Bulletin Cisco IntelliShield Alert CVE ID
Search CVEs
CVSS
Base Score
CVSS Q&A

cisco-sa-20100922-h323

Cisco IOS Software H.323 Denial of Service Vulnerabilities

Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products Cisco IOS Software H.323 Packet Processing Denial of Service Vulnerability CVE-2010-2828 7.8
Cisco IOS Software H.323 Packet Processing Denial of Service Vulnerability CVE-2010-2829 7.8

cisco-sa-20100922-igmp

Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability

Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability CVE-2010-2830 7.1

cisco-sa-20100922-nat

Cisco IOS Software Network Address Translation Vulnerabilities

Refer to the Workarounds section of the associated PSIRT advisory Cisco IOS Software NAT for Session Initiation Protocol Packet Processing Denial of Service Vulnerability CVE-2010-2831 7.8
Cisco IOS Software NAT for H.323 Packet Processing Denial of Service Vulnerability CVE-2010-2832 7.8
Cisco IOS Software NAT for H.225.0 Packet Processing Denial of Service Vulnerability CVE-2010-2833 7.8

cisco-sa-20100922-sip

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products Cisco IOS Software and Unified Communications Manager Session Initiation Protocol Packet Processing Denial of Service Vulnerability CVE-2010-2834 7.8
Cisco IOS Software and Unified Communications Manager Session Initiation Protocol Packet Processing Denial of Service Vulnerability CVE-2010-2835 7.8
Cisco Unified Communications Manager Session Initiation Protocol INVITE Remote Denial of Service Vulnerability

CVE-2009-2051 7.8

cisco-sa-20100922-sslvpn

Cisco IOS SSL VPN Vulnerability
Refer to the Workarounds section of the associated PSIRT advisory Cisco IOS Software SSL Virtual Private Network Denial of Service Vulnerability CVE-2010-2836 7.8

cisco-sa-20100922-cucmsip

Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products Cisco IOS Software and Unified Communications Manager Session Initiation Protocol Packet Processing Denial of Service Vulnerability CVE-2010-2834 7.8
Cisco IOS Software and Unified Communications Manager Session Initiation Protocol Packet Processing Denial of Service Vulnerability CVE-2010-2835 7.8

Return to Cisco Security Intelligence Operations