Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication

September 22, 2010

Cisco released its semiannual Cisco IOS Software Advisory bundled publication on September 22, 2010. The publication includes six security advisories that address 10 individual vulnerabilities in Cisco IOS Software and Cisco Unified Communications Manager. Exploits of the individual vulnerabilities could result in a denial of service. In addition to the information provided in each Cisco Security Advisory, Cisco has also published the Summary of Cisco IOS Software Bundled Advisories, September 22, 2010, which identifies the software releases that correct all 10 vulnerabilities.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Cisco IOS Software Security Advisory bundled publication:

Cisco Security Advisory	Cisco Applied Mitigation Bulletin	Cisco IntelliShield Alert	CVE ID	CVSS Base Score
cisco-sa-20100922-h323 Cisco IOS Software H.323 Denial of Service Vulnerabilities	Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products	Cisco IOS Software H.323 Packet Processing Denial of Service Vulnerability	CVE-2010-2828	7.8
		Cisco IOS Software H.323 Packet Processing Denial of Service Vulnerability	CVE-2010-2829	7.8
cisco-sa-20100922-igmp Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability	Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability	Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability	CVE-2010-2830	7.1
cisco-sa-20100922-nat Cisco IOS Software Network Address Translation Vulnerabilities	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software NAT for Session Initiation Protocol Packet Processing Denial of Service Vulnerability	CVE-2010-2831	7.8
		Cisco IOS Software NAT for H.323 Packet Processing Denial of Service Vulnerability	CVE-2010-2832	7.8
		Cisco IOS Software NAT for H.225.0 Packet Processing Denial of Service Vulnerability	CVE-2010-2833	7.8
cisco-sa-20100922-sip Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities	Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products	Cisco IOS Software and Unified Communications Manager Session Initiation Protocol Packet Processing Denial of Service Vulnerability	CVE-2010-2834	7.8
		Cisco IOS Software and Unified Communications Manager Session Initiation Protocol Packet Processing Denial of Service Vulnerability	CVE-2010-2835	7.8
		Cisco Unified Communications Manager Session Initiation Protocol INVITE Remote Denial of Service Vulnerability	CVE-2009-2051	7.8
cisco-sa-20100922-sslvpn Cisco IOS SSL VPN Vulnerability	Refer to the Workarounds section of the associated PSIRT advisory	Cisco IOS Software SSL Virtual Private Network Denial of Service Vulnerability	CVE-2010-2836	7.8
cisco-sa-20100922-cucmsip Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities	Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products	Cisco IOS Software and Unified Communications Manager Session Initiation Protocol Packet Processing Denial of Service Vulnerability	CVE-2010-2834	7.8
		Cisco IOS Software and Unified Communications Manager Session Initiation Protocol Packet Processing Denial of Service Vulnerability	CVE-2010-2835	7.8

Return to Cisco Security Intelligence Operations