Cisco Cisco IOS Software Release 12.4(2)XB6

Cisco Firewall Service Module (FWSM)

This vulnerability is also being tracked by CERT/CC as VU#754281.

Cisco has made free software available to address this vulnerability for affected customers. There 
are no workarounds available to mitigate the effects of the vulnerability.

http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml

.

Another related advisory is posted together with this Advisory. It also describes vulnerabilities 
related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is 
available at 

can be used to choose a software release which fixes all security vulnerabilities published as of 
May 22, 2007. The related advisory is published at 

There are no open caveats in this release. 

CSCse89321: DTMF path not getting confirmed in sip media forking call

There is no end-to-end DTMF path confirmation.

There is no workaround. 

CSCsf26561: User portion of Diversion header is incorrect when calling through AA

 Tests on customer setup have revealed that PSTN to AA --> tx to SCCP phone--> CFWD to 

CUE/PSTN has an issue. The 302 Moved Temporarily from CME to BroadSoft has a Diversion header 
whose user portion is the private extension #, not the expanded DID # due to which the subsequent call 
fails.

Remove the dialplan-pattern.

CSCsf32028: Host portion of Refer-To: header must be an Address of Record

SIP trunking environments (for example, Cbeyond) need the URIs to carry Address of Record 

[AOR] in many SIP headers. 

There is no workaround.