Cisco Cisco IOS Software Release 12.4(23) Notas de publicación
793
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(3f)
–
Signaling protocols H.323, H.254
–
Real-time Transport Protocol (RTP)
–
Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from
disabling the protocol or feature itself.
disabling the protocol or feature itself.
This advisory is posted at
•
CSCsf04754
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network
Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when
processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of
network information or may enable an attacker to perform configuration changes to vulnerable
devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is
impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the
vulnerabilities described in this document.
Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when
processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of
network information or may enable an attacker to perform configuration changes to vulnerable
devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is
impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the
vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability
Note VU#878044 to these vulnerabilities.
Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to
these vulnerabilities.
these vulnerabilities.
This advisory will be posted at
Wide-Area Networking
•
CSCek31660
Symptoms: For VPDN sessions that are established with a LAC, the RADIUS progress code in the
Stop record may be different from the RADIUS progress code in the Start record.
Stop record may be different from the RADIUS progress code in the Start record.
Condition: This symptom is observed on a Cisco platform such as a Cisco AS5400 that runs
Cisco IOS Release 12.4.(3a) but may also affect Release 12.4T.
Cisco IOS Release 12.4.(3a) but may also affect Release 12.4T.
Workaround: There is no workaround.
•
CSCek40618
Symptoms: A router may crash by address error (load or instruction fetch) exception during normal
operation.
operation.
Conditions: This symptom has been observed when the router is configured with VPDN and
Multilink PPP, using Virtual-Template interfaces.
Multilink PPP, using Virtual-Template interfaces.
Workaround: There is no workaround.
•
CSCsd19867
Symptoms: BRI interfaces does not come up when you reload a router. You must enter the shutdown
interface configuration command followed by the no shutdown interface configuration command
on the affected BRI interfaces to bring them up.
interface configuration command followed by the no shutdown interface configuration command
on the affected BRI interfaces to bring them up.