Cisco Cisco IOS Software Release 12.4(23)
784
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(3g)
Prior to software upgrade, a workaround is to ensure that the method none is not in the default login
methods list.
methods list.
•
CSCsc64976
A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically
generated output, such as the output from a show buffers command, will be passed to the browser
requesting the page. This HTML code could be interpreted by the client browser and potentially
execute malicious commands against the device or other possible cross-site scripting attacks.
Successful exploitation of this vulnerability requires that a user browse a page containing dynamic
content in which HTML commands have been injected.
generated output, such as the output from a show buffers command, will be passed to the browser
requesting the page. This HTML code could be interpreted by the client browser and potentially
execute malicious commands against the device or other possible cross-site scripting attacks.
Successful exploitation of this vulnerability requires that a user browse a page containing dynamic
content in which HTML commands have been injected.
Cisco will be making free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability.
There are workarounds available to mitigate the effects of the vulnerability.
http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml.
Miscellaneous
•
CSCee72997
Cisco IOS devices that are configured for Internet Key Exchange (IKE) protocol and certificate
based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1 security associations (SA) and
prevent the establishment of new IPsec sessions. Cisco has released free software updates that
address this vulnerability. This advisory is posted at
based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1 security associations (SA) and
prevent the establishment of new IPsec sessions. Cisco has released free software updates that
address this vulnerability. This advisory is posted at
•
CSCin96617
Symptoms: A router that has SSG enabled may refuse new incoming connections (either Telnet,
PPP, or any type of AAA connection).
PPP, or any type of AAA connection).
Conditions: This symptom is observed when a very large amount of memory is held by SSG as a
result of multiple IPCP negotiations for a PPP session.
result of multiple IPCP negotiations for a PPP session.
Workaround: There is no workaround.
•
CSCin99565
Symptoms: A router that is configured for SSG may reload unexpectedly.
Conditions: This symptom is observed when both the Transparent Auto-Logon (TAL) and
Port-Bundle Host-Key (PBHK) SSG features are enabled and when it takes a long time before the
AAA server responds.
Port-Bundle Host-Key (PBHK) SSG features are enabled and when it takes a long time before the
AAA server responds.
Workaround: There is no workaround.
•
CSCsb54726
Symptoms: A call is incorrectly disconnected when the hold button of an IP phone is pressed.
Conditions: This symptom is observed in a scenario in which an IP phone is connected to a
Cisco CallManager that is connected to an IPIPGW that, in turn, is connected to another
Cisco CallManager.
Cisco CallManager that is connected to an IPIPGW that, in turn, is connected to another
Cisco CallManager.
Workaround: There is no workaround.
•
CSCsb65867
Symptoms: Intermittent voice quality including one-way audio towards the PSTN side of a VoIP
call.
call.