Cisco Cisco IOS Software Release 12.2
145
Caveats for Cisco IOS Release 12.2
OL-3513-16 Rev. G0
Resolved Caveats—Cisco IOS Release 12.2(21a)
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may
cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at
•
CSCin68517
Symptoms: A Cisco router that is running Cisco Gateway GPRS Support Node (GGSN) software
may show high CPU usage if deletion of a lot of PDP contexts is initiated from the GGSN side.
may show high CPU usage if deletion of a lot of PDP contexts is initiated from the GGSN side.
Conditions: Such deletion of a lot of PDPs from GGSN can be initiated from GGSN when the clear
command is issued for all PDPs or all PDPs of a path/apn etc., or, if the update request is received
on a path with a different restart count at a point when the path has lot of PDP contexts belonging
to it.
command is issued for all PDPs or all PDPs of a path/apn etc., or, if the update request is received
on a path with a different restart count at a point when the path has lot of PDP contexts belonging
to it.
Workaround: There is no workaround.
•
CSCed93836
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at
and it describes this
vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS
software is available at
software is available at
Resolved Caveats—Cisco IOS Release 12.2(21a)
Cisco IOS Release 12.2(21a) is a rebuild release for Cisco IOS Release 12.2(21). The caveats in this
section are resolved in Cisco IOS Release 12.2(21a) but may be open in previous Cisco IOS releases.
section are resolved in Cisco IOS Release 12.2(21a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
Symptoms: A description of what is observed when the caveat occurs.
•
Conditions: The conditions under which the caveat has been known to occur.
•
Workaround: Solutions, if available, to counteract the caveat.