Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication

September 26, 2012

Cisco released its semiannual Cisco IOS Software Security Advisory Bundled Publication on September 26, 2012. In direct response to customer feedback, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year. This publication includes eight Security Advisories that all address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Exploitation of the individual vulnerabilities could result in denial of service conditions, interface queue wedges, or Border Gateway Protocol session resets.

Use the Cisco IOS Software Checker to quickly determine whether a given Cisco IOS Software release is exposed to Cisco product vulnerabilities.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Cisco IOS Software Security Advisory bundled publication:

Cisco Security Advisory	Cisco Applied Mitigation Bulletin	Cisco IntelliShield Alert	CVE ID	CVSS Base Score	OVAL
cisco-sa-20120926-sip Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability	Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager and Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability	Cisco IOS Software and Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability	CVE-2012-3949	7.8	cisco-sa-20120926-sip-CVE-2012-3949
cisco-sa-20120926-cucm Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability			CVE-2012-3949	7.8	OVAL definitions are currently provided only for vulnerabilities in Cisco IOS Software.
cisco-sa-20120926-ios-ips Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability	CVE-2012-3950	7.8	cisco-sa-20120926-ios-ips-CVE-2012-3950
cisco-sa-20120926-bgp Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS Software Malformed Border Gateway Protocol Attribute Denial of Service Vulnerability	CVE-2012-4617	7.1	cisco-sa-20120926-bgp-CVE-2012-4617
cisco-sa-20120926-nat Cisco IOS Software Network Address Translation Vulnerabilities	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS Software NAT SIP ALG Denial of Service Vulnerability	CVE-2012-4618	7.8	cisco-sa-20120926-nat-CVE-2012-4618
		Cisco IOS Software IP NAT Denial of Service Vulnerability	CVE-2012-4619	7.8	cisco-sa-20120926-nat-CVE-2012-4619
cisco-sa-20120926-c10k-tunnels Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS Software Tunneled Traffic Queue Wedge Denial of Service Vulnerability	CVE-2012-4620	7.8	cisco-sa-20120926-c10k-tunnels-CVE-2012-4620
cisco-sa-20120926-dhcp Cisco IOS Software DHCP Denial of Service Vulnerability	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS Software DHCP Denial of Service Vulnerability	CVE-2012-4621	7.8	cisco-sa-20120926-dhcp-CVE-2012-4621
cisco-sa-20120926-dhcpv6 Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability	CVE-2012-4623	7.1	cisco-sa-20120926-dhcpv6-CVE-2012-4623
cisco-sa-20120926-ecc Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS XE Software Uncorrected ECC Failure Denial of Service Vulnerability	CVE-2012-4622	7.8	cisco-sa-20120926-ecc-CVE-2012-4622

Return to Cisco Security Intelligence Operations