Cisco Cisco IOS Software Release 12.4(2)XB6
7
Release Notes for Cisco 3200 Series Routers with Cisco IOS Release 12.4(11)XJ
OL-12257-02
Caveats
–
Media Gateway Control Protocol (MGCP)
–
Signaling protocols H.323, H.254
–
Real-time Transport Protocol (RTP)
–
Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from
disabling the protocol or feature itself.
disabling the protocol or feature itself.
This advisory is posted at
Open Caveats - Cisco IOS Release 12.4(11)XJ3
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ3
There are no resolved caveats in this release.
Open Caveats - Cisco IOS Release 12.4(11)XJ2
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ2
CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number
of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation
One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some
cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials
(such as a valid username or password).
of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation
One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some
cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials
(such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–
Cisco IOS, documented as Cisco bug ID CSCsd85587
–
Cisco IOS XR, documented as Cisco bug ID CSCsg41084
–
Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
–
Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348