Cisco Cisco Gigabit Ethernet Switch Module (CGESM) for HP Release Notes
16
Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.2(44)SE and Later
464831-006
Resolved Caveats
Resolved Caveats
This section describes the caveats that have been resolved in these releases:
•
•
•
•
•
•
Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(44)SE6
•
CSCsm27071
A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service
attack when any of several features of Cisco IOS software are enabled. A sequence of specially
crafted TCP/IP packets could cause any of the following results:
attack when any of several features of Cisco IOS software are enabled. A sequence of specially
crafted TCP/IP packets could cause any of the following results:
–
The configured feature may stop accepting new connections or sessions.
–
The memory of the device may be consumed.
–
The device may experience prolonged high CPU utilization.
–
The device may reload. Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available in the “workarounds” section of the
advisory. The advisory is posted at
advisory. The advisory is posted at
•
CSCsv38166
The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a
vulnerability that could allow authenticated users with an attached command-line interface (CLI)
view to transfer files to and from a Cisco IOS device that is configured to be an SCP server,
regardless of what users are authorized to do, per the CLI view configuration. This vulnerability
could allow valid users to retrieve or write to any file on the device's file system, including the
device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user
does not allow it. This configuration file may include passwords or other sensitive information.
vulnerability that could allow authenticated users with an attached command-line interface (CLI)
view to transfer files to and from a Cisco IOS device that is configured to be an SCP server,
regardless of what users are authorized to do, per the CLI view configuration. This vulnerability
could allow valid users to retrieve or write to any file on the device's file system, including the
device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user
does not allow it. This configuration file may include passwords or other sensitive information.
The Cisco IOS SCP server is an optional service that is disabled by default. CLI views are a
fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by
default. Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are
configured to use it but do not use role-based CLI access, are not affected by this vulnerability.
fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by
default. Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are
configured to use it but do not use role-based CLI access, are not affected by this vulnerability.
This vulnerability does not apply to the Cisco IOS SCP client feature.
Cisco has released free software updates that address this vulnerability.
There are no workarounds available for this vulnerability apart from disabling either the SCP server
or the CLI view feature if these services are not required by administrators.
or the CLI view feature if these services are not required by administrators.
This advisory is posted at the following link:
.