Cisco Cisco IOS Software Release 12.4(4)T
1269
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(6)T
•
CSCsb01490
Symptoms: When general Bidirectional Forwarding Detection (BFD) functionality is enabled and
when Border Gateway Protocol (BGP) is configured without BFD functionality, BFD sessions may
be started with the BGP neighbors. This is not proper behavior: BFD sessions should not be started
when BGP is configured without BFD functionality.
when Border Gateway Protocol (BGP) is configured without BFD functionality, BFD sessions may
be started with the BGP neighbors. This is not proper behavior: BFD sessions should not be started
when BGP is configured without BFD functionality.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(31)S.
Workaround: There is no workaround.
Miscellaneous
•
CSCej20505
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also
shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following
protocols or features:
shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following
protocols or features:
–
Session Initiation Protocol (SIP)
–
Media Gateway Control Protocol (MGCP)
–
Signaling protocols H.323, H.254
–
Real-time Transport Protocol (RTP)
–
Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from
disabling the protocol or feature itself.
disabling the protocol or feature itself.
This advisory is posted at
•
CSCej87060
Symptoms: GDOI operation with AES encryption is not operational. In some cases, using GDOI
with AES as the encryption transform causes the router to crash.
with AES as the encryption transform causes the router to crash.
Conditions: This symptom has been observed when AES is configured to be used in the
transform-set applied to the crypto gdoi map (via the profile keyword).
transform-set applied to the crypto gdoi map (via the profile keyword).
Workaround: Use 3DEs in the transform.
Further Problem Description: A crash only occurs with HSP encryption engines.
•
CSCsa53334
The Intrusion Prevention System (IPS) feature set of Cisco IOS contains several vulnerabilities.
These include:
These include:
–
Fragmented IP packets may be used to evade signature inspection.
–
IPS signatures utilizing the regular expression feature of the ATOMIC.TCP signature engine
may cause a router to crash resulting in a denial of service.
may cause a router to crash resulting in a denial of service.
There are mitigations and workarounds for these vulnerabilities. Cisco has made free software
available to address these vulnerabilities for affected customers.
available to address these vulnerabilities for affected customers.
This advisory is posted at: