Cisco Cisco IOS Software Release 12.4(23) Notas de publicación
621
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(7a)
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(18) and
that has the ip nat outside source command enabled. The symptom could also occur in Release 12.4
or Release 12.4T.
that has the ip nat outside source command enabled. The symptom could also occur in Release 12.4
or Release 12.4T.
Workaround: There is no workaround.
•
CSCsc94867
Symptoms: A traceback is generated in the log after NAT entries are created on a PE router that is
configured for NAT and that has a static NVI.
configured for NAT and that has a static NVI.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim
Release 12.4(5.12) or interim Release 12.4(5.13)T2.
Release 12.4(5.12) or interim Release 12.4(5.13)T2.
Workaround: There is no workaround.
•
CSCsc98828
Symptoms: PIM becomes disabled on an output interface, preventing packets from being sent, and
causing the SR flag to be set after 60 seconds on the router that functions as the first hop.
causing the SR flag to be set after 60 seconds on the router that functions as the first hop.
Conditions: This symptom is observed on a Cisco router that is configured for IPv6 PIM.
Workaround: There is no workaround.
•
CSCsd27388
Symptoms: A ping from a source to a destination fails because of an encapsulation failure.
Conditions: This symptom is observed on a Cisco 7200 series that is configured for NAT and that
has the ip nat inside source static command enabled on a VRF.
has the ip nat inside source static command enabled on a VRF.
Workaround: There is no workaround.
Miscellaneous
•
CSCee72997
Cisco IOS devices that are configured for Internet Key Exchange (IKE) protocol and certificate
based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1 security associations (SA) and
prevent the establishment of new IPsec sessions. Cisco has released free software updates that
address this vulnerability. This advisory is posted at
based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1 security associations (SA) and
prevent the establishment of new IPsec sessions. Cisco has released free software updates that
address this vulnerability. This advisory is posted at
•
CSCeh60551
Symptoms: Certain malformed client certificates may cause an AP running 12.3.2.JA2 or 12.3.4.JA
to crash when EAP-TLS is used.
to crash when EAP-TLS is used.
Workaround: Issue a new client certificate.
•
CSCek26158
Symptoms: A memory leak may occur on a router that is configured for Embedded Event Manager
(EEM).
(EEM).
Conditions: This symptom is observed when EEM Tcl policies are registered to run on the router.
Workaround: There is no workaround.
•
CSCek26492
Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in
Cisco Security Advisory: Crafted IP Option Vulnerability:
Cisco Security Advisory: Crafted IP Option Vulnerability: