Cisco Cisco IOS Software Release 12.4(4)T
1270
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(6)T
•
CSCsb86406
Symptoms: A router crashes, Security Device Manager (SDM) and/or IPSMC are unable to view
signatures that have been loaded by the Customer Information Control System (CICS), and CICS is
unable to view events from Cisco IOS IPS.
signatures that have been loaded by the Customer Information Control System (CICS), and CICS is
unable to view events from Cisco IOS IPS.
Conditions: These symptoms are observed after signatures are loaded via the CICS. The symptom
occurs because of a version conflict between Cisco IOS IPS and CICS.
occurs because of a version conflict between Cisco IOS IPS and CICS.
Workaround: Disable the router as a CICS and Cisco IOS IPS device.
Further Problem Description: The debug ip ips idconf command can help to resolve issues between
CICS and Cisco IOS IPS.
CICS and Cisco IOS IPS.
•
CSCsc17504
Symptoms: A router that is configured for Content Based Access Control (CBAC) and Intrusion
Prevention Systems (IPS) may unexpectedly reload.
Prevention Systems (IPS) may unexpectedly reload.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim
Release 12.4(3.9)T1 or a later release with a Cisco IOS firewall during session inspection under
certain timing conditions.
Release 12.4(3.9)T1 or a later release with a Cisco IOS firewall during session inspection under
certain timing conditions.
Workaround: There is no workaround.
•
CSCsc59881
Symptoms: Call forward busy to Unity gets the subscriber standard greeting instead of the busy
greeting.
greeting.
Condition: This symptom has been observed when Unity integrates with CME 3.4.
Workaround: There is no workaround.
•
CSCsd13920
Symptoms: CEF switching is broken for voice traffic on some interfaces, which breaks the
transcoding feature. The caller then experiences no voice path.
transcoding feature. The caller then experiences no voice path.
Conditions: This symptom has been observed on some network modules and interfaces.
Workaround: Disable the ip cef command.
•
CSCsd28570
Symptoms: A vulnerability exists within the Cisco IOS Authentication, Authorization, and
Accounting (AAA) command authorization feature, where command authorization checks are not
performed on commands executed from the Tool Command Language (TCL) exec shell. This may
allow authenticated users to bypass command authorization checks in some configurations resulting
in unauthorized privilege escalation.
Accounting (AAA) command authorization feature, where command authorization checks are not
performed on commands executed from the Tool Command Language (TCL) exec shell. This may
allow authenticated users to bypass command authorization checks in some configurations resulting
in unauthorized privilege escalation.
Conditions: Devices that are not running AAA command authorization feature, or do not support
TCL functionality are not affected by this vulnerability.
TCL functionality are not affected by this vulnerability.
This vulnerability is present in all versions of Cisco IOS that support the tclsh command.
Workaround: This advisory with appropriate workarounds is posted at
Further Problem Description: This particular vulnerability only affected Cisco IOS versions
12.3(4)T trains and onwards. (12.3 Mainline is not affected)
12.3(4)T trains and onwards. (12.3 Mainline is not affected)
Please refer to the Advisories "Software Versions and Fixes" table for the first fixed release of
Cisco IOS software.
Cisco IOS software.