Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Cisco IOS Input Validation Flaw in HTTP Server Permits Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1021598 |
|
SecurityTracker URL: http://securitytracker.com/id/1021598
|
|
CVE Reference:
CVE-2008-3821
(Links to External Site)
|
Date: Jan 14 2009
|
Impact:
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 11.0 through 12.4
|
Description:
Two vulnerabilities were reported in the Cisco IOS HTTP server. A remote user can conduct cross-site scripting attacks.
The server does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Cisco IOS HTTP Server software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Special characters are not properly escaped. Special characters in the ping parameter are also not properly escaped.
Systems with the IOS HTTP server or HTTP secure server enabled are affected.
Cisco has assigned Cisco bug IDs CSCsi13344 and CSCsr72301 to these vulnerabilities.
Adrian Pastor and Richard J. Brain of ProCheckUp and Nobuhiro Tsuji of NTT Data Security Corporation with co-operation of JPCert reported these vulnerabilities.
|
Impact:
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Cisco IOS HTTP Server software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
|
Solution:
The vendor has issued a fix.
A patch matrix is available in the vendor's advisory.
The vendor's advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 14 Jan 2009 17:00:00 +0100
Subject: Cisco Security Response: Cisco IOS Cross-Site Scripting
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Response: Cisco IOS Cross-Site Scripting
Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
- ---------------------------------------------------------------------
Cisco Response
==============
Two separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site
scripting (XSS) vulnerabilities have been reported to Cisco by two
independent researchers. ProCheckup has posted a Security Advisory
titled "XSS on Cisco IOS HTTP Server" posted at
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19
Cisco would like to thank Adrian Pastor and Richard J. Brain of
ProCheckUp and Nobuhiro Tsuji of NTT Data Security Corporation with
co-operation of JPCert.
This Cisco Security Response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
Additional Information
======================
This response covers two separate cross-site scripting
vulnerabilities within the Cisco IOS Hypertext Transfer Protocol
(HTTP) server (including HTTP secure server - here after referred to
as purely HTTP Server) and applies to all Cisco products that run
Cisco IOS Software versions 11.0 through 12.4 with the HTTP server
enabled. A system that contains the IOS HTTP server or HTTP secure
server, but does not have it enabled, is not affected.
To determine if the HTTP server is running on your device, issue the
show ip http server status | include status and the show ip http
server secure status | include status commands at the prompt and look
for output similar to:
Router#show ip http server status | include status
HTTP server status: Enabled
HTTP secure server status: Enabled
If the device is not running the HTTP server, you should see output
similar to:
Router#show ip http server status | include status
HTTP server status: Disabled
HTTP secure server status: Disabled
These vulnerabilities are documented in the following Cisco bug IDs:
* Cisco bug ID CSCsi13344 - XSS in IOS HTTP Server
Special Characters are not escaped in URL strings sent to the
HTTP server.
* Cisco bug ID CSCsr72301 - XSS in IOS HTTP Server (ping parameter)
Special Characters are not escaped in URL strings sent to the
HTTP server, via the ping parameter. The ping parameter is used
both by external applications such as Router and Security Device
Manager (SDM) as well as a direct HTTP session to Cisco IOS http
server. This vulnerability affects 12.1E based trains and all
Cisco IOS releases after 12.2(13)T.
These vulnerabilities are independent of each other. For a full
solution, download a Cisco IOS version that contains the fixes for
both Cisco bug IDs. These vulnerabilities have been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2008-3821.
Workaround
+---------
If the HTTP server is not used for any legitimate purposes on the
device, it is a best practice to disable it by issuing the following
commands in configure mode:
no ip http server
no ip http secure-server
If the HTTP server is required, it is a recommended best practice to
control which hosts may access the HTTP server to only trusted
sources. To control which hosts can access the HTTP server, you can
apply an access list to the HTTP server. To apply an access list to
the HTTP server, use the following command in global configuration
mode:
ip http access-class {access-list-number | access-list-name}
The following example shows an access list that allows only trusted
hosts to access the Cisco IOS HTTP server:
ip access-list standard 20
permit 192.168.1.0 0.0.0.255
remark "Above is a trusted subnet"
remark "Add further trusted subnets or hosts below"
! (Note: all other access implicitly denied)
! (Apply the access-list to the http server)
ip http access-class 20
For additional information on configuring the Cisco IOS HTTP server,
consult Using the Cisco Web Browser User Interface.
For additional information on cross-site scripting attacks and the
methods used to exploit these vulnerabilities, please refer to the
Cisco Applied Mitigation Bulletin "Understanding Cross-Site Scripting
(XSS) Threat Vectors", which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml
Further Problem Description
+--------------------------
This vulnerability is about escaping characters in the URL that are
sent to the HTTP server. This vulnerability is different from the
vulnerability reported in Cisco bug ID CSCsc64976. The fix for this
vulnerability is to escape special characters in the URL string
echoed in the response generated by the web exec application.
Software Version and Fixes
+-------------------------
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center ("TAC") or your contracted
maintenance provider for assistance.
Each row of the Cisco IOS software table (below) describes a release
train and the platforms or products for which it is intended. If a
given release train is vulnerable, then the earliest possible
releases that contain the fix (the "First Fixed Release") and the
anticipated date of availability for each are listed in the "Rebuild"
and "Maintenance" columns. A device running a release in the given
train that is earlier than the release in a specific column (less
than the First Fixed Release) is known to be vulnerable. The release
should be upgraded at least to the indicated release or a later
version (greater than or equal to the First Fixed Release label).
For more information on the terms "Rebuild" and "Maintenance,"
consult the following URL:
http://www.cisco.com/warp/public/620/1.html
+----------------------------------------+
| Major | Availability of Repaired |
| Release | Releases |
|------------+---------------------------|
| Affected | First Fixed | Recommended |
| 12.0-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | 12.0(33)S3; | |
| 12.0S | Available | |
| | on | |
| | 03-APR-2009 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SC | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SL | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0SP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0ST | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SX | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SY | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SZ | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.0(3c)W5 |
| 12.0W | first fixed | (8) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0WC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.0WT | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.0XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.0(4)XI2 | |
| | are | |
| | vulnerable, | |
| 12.0XI | release | 12.4(15) |
| | 12.0(4)XI2 | T812.4(23) |
| | and later | |
| | are not | |
| | vulnerable; | |
| | first fixed | |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XK | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XN | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.1-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1AA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AX | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AY | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1CX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1E | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1EA | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| 12.1EB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(33) |
| 12.1EC | first fixed | SCA212.2 |
| | in 12.3BC | (33)SCB12.3 |
| | | (23)BC6 |
|------------+-------------+-------------|
| 12.1EO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.1EU | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.1EV | first fixed | S1212.2(33) |
| | in 12.4 | SB312.4(15) |
| | | T812.4(23) |
|------------+-------------+-------------|
| | | 12.2(31) |
| | Vulnerable; | SGA912.2 |
| 12.1EW | first fixed | (50)SG12.4 |
| | in 12.4 | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1EX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1EY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1EZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1GA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1GB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XF | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XI | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XU | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XY | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.1(5)YE6 | |
| | are | |
| | vulnerable, | |
| 12.1YE | release | 12.4(15) |
| | 12.1(5)YE6 | T812.4(23) |
| | and later | |
| | are not | |
| | vulnerable; | |
| | first fixed | |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YF | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1YI | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1YJ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.2-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2B | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2BC | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(33) |
| 12.2BX | first fixed | SB312.4(15) |
| | in 12.4 | T812.4(23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BY | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2CX | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2CY | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2CZ | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.2EW | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.2EWA | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| 12.2EX | 12.2(40)EX | 12.2(44)EX1 |
|------------+-------------+-------------|
| | 12.2(44)EY; | 12.2(46)EY; |
| 12.2EY | Available | Available |
| | on | on |
| | 30-JAN-2009 | 23-JAN-2009 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2EZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2FX | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(44) |
| 12.2FY | first fixed | EX112.2(44) |
| | in 12.2EX | SE4 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2FZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| 12.2IRA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2IRB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2IXA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXG | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2JA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2JK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2MB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2MC | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2S | first fixed | 12.2(20)S12 |
| | in 12.2SB | |
|------------+-------------+-------------|
| | 12.2(33) | |
| | SB12.2(31) | |
| 12.2SB | SB14; | 12.2(33)SB3 |
| | Available | |
| | on | |
| | 16-JAN-2009 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SBC | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| 12.2SCA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SCB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SE | 12.2(40)SE | 12.2(44)SE4 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEA | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEB | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEC | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SED | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEE | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEF | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(44) |
| 12.2SEG | first fixed | EX112.2(44) |
| | in 12.2EX | SE4 |
|------------+-------------+-------------|
| 12.2SG | 12.2(44)SG | 12.2(50)SG |
|------------+-------------+-------------|
| 12.2SGA | 12.2(31) | 12.2(31) |
| | SGA9 | SGA9 |
|------------+-------------+-------------|
| 12.2SL | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SM | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SQ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SR | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SRA | migrate to | 12.2(33) |
| | any release | SRC3 |
| | in 12.2SRC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SRB | migrate to | 12.2(33) |
| | any release | SRC3 |
| | in 12.2SRC | |
|------------+-------------+-------------|
| 12.2SRC | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SRD | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2STE | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2SU | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.2SV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SW | first fixed | 12.4(15)T8 |
| | in 12.4SW | |
|------------+-------------+-------------|
| 12.2SX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXH | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SXI | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2SY | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2SZ | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2TPC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2XF | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XI | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XK | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(20) |
| | | S1212.2(33) |
| | | SB312.2(33) |
| 12.2XN | 12.2(33)XN1 | SRC312.2 |
| | | (33) |
| | | XNA212.2 |
| | | (33r)SRD2 |
|------------+-------------+-------------|
| 12.2XNA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2XNB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | 12.2(46)XO; | 12.2(46)XO; |
| 12.2XO | Available | Available |
| | on | on |
| | 02-FEB-2009 | 02-FEB-2009 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XU | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2YB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YG | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YH | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YJ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YK | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YM | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.2YN | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2YQ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YR | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YS | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2YT | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YU | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YW | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YZ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.2(13)ZC | |
| | are | |
| 12.2ZC | vulnerable, | |
| | release | |
| | 12.2(13)ZC | |
| | and later | |
| | are not | |
| | vulnerable; | |
|------------+-------------+-------------|
| 12.2ZD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZF | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZG | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2ZJ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZP | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2ZU | migrate to | |
| | any release | |
| | in 12.2SXH | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2ZX | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| 12.2ZY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZYA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.3-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3B | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3BC | 12.3(23)BC6 | 12.3(23)BC6 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3BW | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3EU | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.3JA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3JK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3JL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3T | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3TPC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3VA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.3XB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XC | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XD | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.3XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XG | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XI | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XL | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XQ | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XS | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XU | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XW | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XX | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XY | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XZ | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3YA | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YD | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YF | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YG | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YH | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YI | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YK | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YM | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YQ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YS | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YT | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YU | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YX | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3YZ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3ZA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.4-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| 12.4 | 12.4(16) | 12.4(23) |
|------------+-------------+-------------|
| 12.4JA | 12.4(16b)JA | 12.4(16b) |
| | | JA1 |
|------------+-------------+-------------|
| 12.4JDA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JK | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JL | 12.4(3)JL1 | 12.4(3)JL1 |
|------------+-------------+-------------|
| 12.4JMA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JMB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(16b) |
| 12.4JX | first fixed | JA1 |
| | in 12.4JA | |
|------------+-------------+-------------|
| 12.4MD | 12.4(15)MD | 12.4(15)MD2 |
|------------+-------------+-------------|
| 12.4MR | 12.4(16)MR | |
|------------+-------------+-------------|
| 12.4SW | 12.4(11)SW3 | 12.4(15)T8 |
|------------+-------------+-------------|
| 12.4T | 12.4(15)T | 12.4(15)T8 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XB | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XC | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XD | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XE | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XG | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XK | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XL | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XM | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XN | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XP | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4XQ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XR | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XT | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | | 12.4(11) |
| | | XW10; |
| 12.4XW | 12.4(11)XW3 | Available |
| | | on |
| | | 22-JAN-2009 |
|------------+-------------+-------------|
| 12.4XY | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XZ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4YA | Not | |
| | Vulnerable | |
+----------------------------------------+
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkluC58ACgkQ86n/Gc8U/uA6vACfY36eBjbCbnJsrnJlOCE0Mr6Y
JqUAn1TVyUvBk8lGTm94F+tvmZy4n3Ke
=cGUi
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
|
|
Go to the Top of This SecurityTracker Archive Page
|
