Cisco Cisco IOS Software Release 12.4(2)XB6
Release Notes for Cisco IOS Release 12.4(24)GC5
Caveats
9
Release Notes for Cisco IOS Release 12.4(24)GC5
OL-24057-05
•
CSCti35326
The Cisco IOS Software Network Address Translation (NAT) feature contains a denial of service
(DoS) vulnerability in the translation of Session Initiation Protocol (SIP) packets. The vulnerability
is caused when packets in transit on the vulnerable device require translation on the SIP payload.
(DoS) vulnerability in the translation of Session Initiation Protocol (SIP) packets. The vulnerability
is caused when packets in transit on the vulnerable device require translation on the SIP payload.
Cisco has released free software updates that address this vulnerability. A workaround that mitigates
the vulnerability is available. This advisory is available at the following link:
the vulnerability is available. This advisory is available at the following link:
•
CSCtj09179
Cisco IOS Software memory usage may grow over time. Session Initiation Protocol (SIP) trunks are
configured and in use and the device running Cisco IOS Software receives a crafted SIP message
during an existing subscription.
configured and in use and the device running Cisco IOS Software receives a crafted SIP message
during an existing subscription.
Workaround: If SIP operation is not needed then disabling SIP functionality will prevent this issue.
•
CSCtj33003
A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software
and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause an
affected device to reload. Affected devices must be configured to process SIP messages and for
pass-through of Session Description Protocol (SDP) for this vulnerability to be exploitable.
and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause an
affected device to reload. Affected devices must be configured to process SIP messages and for
pass-through of Session Description Protocol (SDP) for this vulnerability to be exploitable.
Cisco has released free software updates that address this vulnerability. There are no workarounds
for devices that must run SIP; however, mitigations are available to limit exposure to the
vulnerability.
for devices that must run SIP; however, mitigations are available to limit exposure to the
vulnerability.
This advisory is available at the following link:
•
CSCtg47129
The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network
address translation (NAT) feature contains a vulnerability when translating IP packets that could
allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
address translation (NAT) feature contains a vulnerability when translating IP packets that could
allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate
this vulnerability are not available.
this vulnerability are not available.
This advisory is available at the following link:
Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes
seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each
Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the
vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases
that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication.
seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each
Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the
vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases
that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication.
Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security
Advisory Bundled Publication” at the following link:
Advisory Bundled Publication” at the following link:
•
CSCtj48387
After a few days of operation, a Cisco ASR router running as an LNS box, crashes with DHCP
related errors. This symptom occurs when DHCP enabled and sessions get DHCP information from
a RADIUS server.
related errors. This symptom occurs when DHCP enabled and sessions get DHCP information from
a RADIUS server.
Workaround: There is no workaround.