Cisco Cisco IOS Software Release 12.4(23)
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
491
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(8d)
•
CSCsh39318
Symptoms: A router may crash when the configured route limit is exceeded. When this situation
occurs, the following error message is generated:
occurs, the following error message is generated:
%MROUTE-4-ROUTELIMIT (x1): [int] routes exceeded multicast route-limit of [dec] - VRF
[chars]
Conditions: This symptom is observed on a Cisco 10000 series that is configured for Multicast VPN
but is platform-independent.
but is platform-independent.
Workaround: There is no workaround.
•
CSCsh58082
Cisco devices running an affected version of Internetwork Operating System (IOS) which supports
Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the
device when receiving a specific series of packets destined to port 5060. This issue is compounded
by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for
SIP.
Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the
device when receiving a specific series of packets destined to port 5060. This issue is compounded
by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for
SIP.
There are no known instances of intentional exploitation of this issue. However, Cisco has observed
data streams that appear to be unintentionally triggering the vulnerability.
data streams that appear to be unintentionally triggering the vulnerability.
Workarounds exist to mitigate the effects of this problem on devices which do not require SIP.
This advisory is posted at
.
•
CSCsh75827
Symptoms: When a router that has the ssg intercept dhcp command enabled receives a DHCP
packet from a host that has already logged out from a Subscriber Edge Services Manager (SESM),
the router may unexpectedly reload because of a bus error.
packet from a host that has already logged out from a Subscriber Edge Services Manager (SESM),
the router may unexpectedly reload because of a bus error.
Conditions: This symptom is observed on a Cisco router that functions as an SSG with PBHK
enabled, when a host has received an IP address that is associated with a service (via the "J"
Service-Info attribute), has logged out from the SESM, and then renews its IP address.
enabled, when a host has received an IP address that is associated with a service (via the "J"
Service-Info attribute), has logged out from the SESM, and then renews its IP address.
Workaround: There is no workaround.
•
CSCsh94526
Symptoms: When an acct-stop message is received for a non-RADIUS proxy user (that is, a normal
IP user), a router that is configured for SSG crashes.
IP user), a router that is configured for SSG crashes.
Conditions: This symptom is observed when SSG is configured for RADIUS proxy mode and when
the ssg wlan reconnect command is enabled.
the ssg wlan reconnect command is enabled.
Workaround: There is no workaround.
•
CSCsh97579
Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service
(DoS) attack if configured for IP tunnels and Cisco Express Forwarding.
(DoS) attack if configured for IP tunnels and Cisco Express Forwarding.
Cisco has released free software updates that address this vulnerability.
This advisory is posted at
.
•
CSCsi01470
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is
subject to exploitation that can allow a malicious user to create extra multicast states on the core
routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual
Private Networks (VPN) by sending specially crafted messages.
subject to exploitation that can allow a malicious user to create extra multicast states on the core
routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual
Private Networks (VPN) by sending specially crafted messages.