Cisco Cisco IOS Software Release 12.4(2)XB6
7
Release Notes for Cisco 7000 Series Routers with Cisco IOS Release 12.4(11)XJ
OL-12261-01
Caveats
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol
Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite
(VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider
Edge (PE) devices may permit information to propagate between VPNs.
Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite
(VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider
Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
This issue is triggered by a logic error when processing extended communities on the PE device.
This issue cannot be deterministically exploited by an attacker.
Cisco has released free software updates that address these vulnerabilities. Workarounds that
mitigate these vulnerabilities are available.
mitigate these vulnerabilities are available.
This advisory is posted at
•
CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number
of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation
One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some
cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials
(such as a valid username or password).
of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation
One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some
cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials
(such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–
Cisco IOS, documented as Cisco bug ID CSCsd85587
–
Cisco IOS XR, documented as Cisco bug ID CSCsg41084
–
Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
–
Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
–
Cisco Firewall Service Module (FWSM)
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There
are no workarounds available to mitigate the effects of the vulnerability.
are no workarounds available to mitigate the effects of the vulnerability.
http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
.
Note
Another related advisory is posted together with this Advisory. It also describes vulnerabilities
related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is
available at
related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is
available at
can be used to choose a software release which fixes all security vulnerabilities published as of
May 22, 2007. The related advisory is published at
May 22, 2007. The related advisory is published at
Open Caveats - Cisco IOS Release 12.4(11)XJ
There are no open caveats in this release.