Cisco Cisco IOS Software Release 12.4(20)YA

CSCsx25880

A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software 
that could allow an unauthenticated attacker to cause a denial of service (DoS) condition on an 
affected device when the Cisco Unified Border Element feature is enabled. Cisco has released free 
software updates that address this vulnerability. For devices that must run SIP there are no 
workarounds; however, mitigations are available to limit exposure of the vulnerability. This advisory 
is posted at

CSCsq24002

Cisco IOS Software contains a vulnerability that could allow an attacker to cause a Cisco IOS device 
to reload by remotely sending a crafted encryption packet. Cisco has released free software updates 
that address this vulnerability. This advisory is posted at 

.

CSCsq31776

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service 
(DoS) attack if configured for IP tunnels and Cisco Express Forwarding. Cisco has released free 
software updates that address this vulnerability. This advisory is posted at 

.

CSCsx70889

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service 
(DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at

.

CSCsh97579

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service 
(DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at 

.

Use this release note with the documents and websites in this release note and the documents listed in 
the following sections: