Cisco Cisco IOS Software Release 15.0(1)XA

This will be the last rebuild of the Cisco IOS XA release. No further DDTS will be committed to this 
branch. The migration path for this release is 15.1T or a later release.

CSCth03022 Crafted SIP packets may cause device to reload. 

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS 
Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a 
reload of an affected device or trigger memory leaks that may result in system instabilities. Affected 
devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds 
for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.

This advisory is posted at 

.

CSCti33534 "no ipv6 address autoconfig" may cause crash after router advert flood. 

After launching a flood of random IPv6 router advertisements when an interface is configured 

with ''ipv6 address autoconf'', removing the IPv6 configuration on the interface with ''no ipv6 address 
autoconf'' may cause a reload. Other system instabilities are also possible during and after the flood of 
random IPv6 router advertisements.

Cisco IOS is configured with ''ipv6 address autoconf''.

Not using IPv6 auto-configuration may be used as a workaround.

Cisco IOS checks for the hop limit field in incoming Neighbour Discovery messages and packets 
received with a hop limit not equal to 255 are discarded. This means that the flood of ND messages has 
to come from a host that is directly connected to the Cisco IOS device.