Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication

September 26, 2012

Cisco released its semiannual Cisco IOS Software Security Advisory Bundled Publication on September 26, 2012. In direct response to customer feedback, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year. This publication includes eight Security Advisories that all address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Exploitation of the individual vulnerabilities could result in denial of service conditions, interface queue wedges, or Border Gateway Protocol session resets.

Use the Cisco IOS Software Checker to quickly determine whether a given Cisco IOS Software release is exposed to Cisco product vulnerabilities.

 

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Cisco IOS Software Security Advisory bundled publication:

Cisco Security Advisory
Cisco Applied Mitigation Bulletin
Cisco IntelliShield Alert CVE ID
Search CVEs
CVSS
Base Score
CVSS Q&A
OVAL
OVAL Q&A

cisco-sa-20120926-sip

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Cisco IOS Software and Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability CVE-2012-3949 7.8 cisco-sa-20120926-sip-CVE-2012-3949

cisco-sa-20120926-cucm

Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability

OVAL definitions are currently provided only for vulnerabilities in Cisco IOS Software.

cisco-sa-20120926-ios-ips

Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability

Refer to the Workarounds section of the associated Cisco Security Advisory
Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability CVE-2012-3950 7.8 cisco-sa-20120926-ios-ips-CVE-2012-3950

cisco-sa-20120926-bgp

Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability

Refer to the Workarounds section of the associated Cisco Security Advisory
Cisco IOS Software Malformed Border Gateway Protocol Attribute Denial of Service Vulnerability CVE-2012-4617 7.1 cisco-sa-20120926-bgp-CVE-2012-4617

cisco-sa-20120926-nat

Cisco IOS Software Network Address Translation Vulnerabilities

Refer to the Workarounds section of the associated Cisco Security Advisory
Cisco IOS Software NAT SIP ALG Denial of Service Vulnerability CVE-2012-4618 7.8 cisco-sa-20120926-nat-CVE-2012-4618
Cisco IOS Software IP NAT Denial of Service Vulnerability CVE-2012-4619 7.8 cisco-sa-20120926-nat-CVE-2012-4619

cisco-sa-20120926-c10k-tunnels

Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability

Refer to the Workarounds section of the associated Cisco Security Advisory
Cisco IOS Software Tunneled Traffic Queue Wedge Denial of Service Vulnerability CVE-2012-4620 7.8 cisco-sa-20120926-c10k-tunnels-CVE-2012-4620

cisco-sa-20120926-dhcp

Cisco IOS Software DHCP Denial of Service Vulnerability

Refer to the Workarounds section of the associated Cisco Security Advisory
Cisco IOS Software DHCP Denial of Service Vulnerability CVE-2012-4621 7.8 cisco-sa-20120926-dhcp-CVE-2012-4621

cisco-sa-20120926-dhcpv6

Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability

Refer to the Workarounds section of the associated Cisco Security Advisory
Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability CVE-2012-4623 7.1 cisco-sa-20120926-dhcpv6-CVE-2012-4623

cisco-sa-20120926-ecc

Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability

Refer to the Workarounds section of the associated Cisco Security Advisory
Cisco IOS XE Software Uncorrected ECC Failure Denial of Service Vulnerability CVE-2012-4622 7.8 cisco-sa-20120926-ecc-CVE-2012-4622

Return to Cisco Security Intelligence Operations