Cisco Cisco IOS Software Release 12.4(23)
376
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(12b)
•
CSCsi62559
Symptoms: OSPF packets with IP Precedence 0 are classified by SPD as priority. This is an error
because only IP Precedence 6 packets should be classified as priority packets by SPD.
because only IP Precedence 6 packets should be classified as priority packets by SPD.
Conditions: This symptom has been observed on a Cisco router running Cisco IOS Release 12.2(18)
and later.
and later.
Workaround: Use ACLs to block invalid IP Control packets from reaching the control plane.
Miscellaneous
•
CSCek38201
Symptoms: A router may reload or display an alignment traceback when you enter the show crypto
socket command.
socket command.
Conditions: This symptom is observed on a Cisco router that has an OSPFv3 IPSecv6 configuration.
Workaround: There is no workaround. To prevent the symptom from occurring, do not enter the
show crypto socket command in an OSPFv3 IPSecv6 configuration.
show crypto socket command in an OSPFv3 IPSecv6 configuration.
•
CSCsd81407
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also
shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following
protocols or features:
shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following
protocols or features:
–
Session Initiation Protocol (SIP)
–
Media Gateway Control Protocol (MGCP)
–
Signaling protocols H.323, H.254
–
Real-time Transport Protocol (RTP)
–
Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from
disabling the protocol or feature itself.
disabling the protocol or feature itself.
This advisory is posted at
•
CSCse56501
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be
subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the
device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP)
services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the
device. Packets that are routed throughout the router can not trigger this vulnerability. Successful
exploitation will prevent the interface from receiving any additional traffic. The only exception is
Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash.
Only the interface on which the vulnerability was exploited will be affected.
subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the
device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP)
services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the
device. Packets that are routed throughout the router can not trigger this vulnerability. Successful
exploitation will prevent the interface from receiving any additional traffic. The only exception is
Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash.
Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate
the effects of the vulnerability.
the effects of the vulnerability.