Cisco Cisco IOS Software Release 12.4(2)XB6

Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are 
the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious 
of these three severity levels.

Caveats in Cisco IOS Release 12.4(6)T are also in Release 12.4(6)XE. For information on caveats in 
Cisco IOS Release 12.4T, see the 

 document. This document lists 

severity 1 and 2 caveats; the documents are located on 

.

If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any 
severity. To reach the Bug Toolkit, log in to 

 and click Products and Services > Cisco IOS 

Software > Cisco IOS Software Releases 12.4 > Troubleshooting > Bug Toolkit. Another option 
is to go to 

. (If the defect that you 

have requested cannot be displayed, this may be due to one or more of the following reasons: the 
defect number does not exist, the defect does not have a customer-visible description yet, or the 
defect has been marked Cisco Confidential.) 

This section contains the following caveat information:

CSCec12299

Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label 
Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) 
and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) 
devices may permit information to propagate between VPNs.

Workarounds are available to help mitigate this vulnerability. 

This issue is triggered by a logic error when processing extended communities on the PE device. This 
issue cannot be deterministically exploited by an attacker. 

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate 
these vulnerabilities are available.

This advisory is posted at 

.