Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication

September 28, 2011

Cisco released its semi-annual Cisco IOS Software Security Advisory Bundled Publication on September 28, 2011. In direct response to customer feedback, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year. This publication includes 10 Security Advisories that address vulnerabilities in Cisco IOS Software and Cisco Unified Communications Manager. Exploitation of the individual vulnerabilities could result in remote code execution or a denial of service.

Use the Cisco IOS Software Checker to quickly determine if a given Cisco IOS Software release is exposed to Cisco product vulnerabilities.

Cisco Security
Intelligence Operations

Event Intelligence

The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Cisco IOS Software Security Advisory bundled publication:

Cisco Security Advisory	Cisco Applied Mitigation Bulletin	Cisco IntelliShield Alert	CVE ID	CVSS Base Score
cisco-sa-20110928-c10k Cisco 10000 Series Denial of Service Vulnerability	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco 10000 Series Router ICMP Packet Processing Denial of Service Vulnerability	CVE-2011-3270	7.8
cisco-sa-20110928-smart-install Cisco IOS Software Smart Install Remote Code Execution Vulnerability	Identifying and Mitigating Exploitation of the Cisco IOS Software Smart Install Remote Code Execution Vulnerability	Cisco IOS Software Smart Install Arbitrary Code Execution Vulnerability	CVE-2011-3271	10.0
cisco-sa-20110928-dlsw Cisco IOS Software Data-Link Switching Vulnerability	Identifying and Mitigating Exploitation of the Cisco IOS Software Data-Link Switching Vulnerability	Cisco IOS Software Data-Link Switching IP Packet Processing Denial of Service Vulnerability	CVE-2011-0945	7.8
cisco-sa-20110928-nat Cisco IOS Software Network Address Translation Vulnerabilities	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS Software NetMeeting Directory LDAP Network Address Translation Processing Denial of Service Vulnerability	CVE-2011-0946	7.8
		Cisco IOS Software Session Initiation Protocol Network Address Translation Denial of Service Vulnerability	CVE-2011-3276	7.8
		Cisco IOS Software H.323 Packet Network Address Translation Denial of Service Vulnerability	CVE-2011-3277	7.8
		Cisco IOS Software Session Initiation Protocol UDP Packet Network Address Translation Denial of Service Vulnerability	CVE-2011-3278	7.8
		Cisco IOS Software MPLS Packet Network Address Translation Denial of Service Vulnerability	CVE-2011-3279	7.8
		Cisco IOS Software Session Initiation Protocol UDP Packet Network Address Translation Denial of Service Vulnerability	CVE-2011-3280	7.8
cisco-sa-20110928-ipsla Cisco IOS Software IP Service Level Agreement Vulnerability	Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco IOS Software IP Service Level Agreement	Cisco IOS Software IP Service Level Agreement Memory Corruption Vulnerability	CVE-2011-3272	7.8
cisco-sa-20110928-zbfw Cisco IOS Software IPS and Zone Based Firewall Vulnerabilities	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS Software Packet Inspection Memory Leak Denial of Service Vulnerability	CVE-2011-3273	7.8
		Cisco IOS Software HTTP Packet Processing Denial of Service Vulnerability	CVE-2011-3281	7.8
cisco-sa-20110928-ipv6mpls Cisco IOS Software IP Version 6 over Multiprotocol Label Switching Vulnerabilities	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS Software Crafted IPv6 over MPLS Denial of Service Vulnerability	CVE-2011-3274	6.1
		Cisco IOS Software ICMPv6 Packet Multiprotocol Label Switching Denial of Service Vulnerability	CVE-2011-3282	7.8
cisco-sa-20110928-sip Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities	Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products	Cisco IOS Software Session Initiation Protocol Packet Processing Denial of Service Vulnerability	CVE-2011-0939	7.8
		Cisco IOS Software and Cisco Unified Communications Manager Session Initiation Protocol Packet Handling Denial of Service Vulnerability	CVE-2011-2072	7.8
		Cisco IOS Software Session Initiation Protocol Memory Leak Denial of Service Vulnerability	CVE-2011-3275	7.8
cisco-sa-20110928-ipv6 Cisco IOS Software IPv6 Denial of Service Vulnerability	Refer to the Workarounds section of the associated Cisco Security Advisory	Cisco IOS Software IPv6 Packet Processing Denial of Service Vulnerability	CVE-2011-0944	7.8
cisco-sa-20110928-cucm Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability	Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products	Cisco IOS Software and Cisco Unified Communications Manager Session Initiation Protocol Packet Handling Denial of Service Vulnerability	CVE-2011-2072	7.8

Return to Cisco Security Intelligence Operations

Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication

September 28, 2011

Event Intelligence

Information For

Industries

Marketplace

Contacts

News & Alerts

Technology Trends

Support

Communities

Video Portal

About Cisco

Careers

Programs