Cisco Cisco IOS Software Release 15.0(1)XA
17
Release Notes for Cisco 2800 Series Integrated Services Routers with Cisco IOS Release 15.0(1)XA
OL-20857-06
Caveats
CSCtf17624 NAT SIP: Crash at ipnat_clear_sd
The Cisco IOS Software Network Address Translation functionality contains three denial of service
(DoS) vulnerabilities. The first vulnerability is in the translation of Session Initiation Protocol (SIP)
packets, the second vulnerability in the translation of H.323 packets, and the third vulnerability is
in the translation of H.225.0 call signaling for H.323 packets.
(DoS) vulnerabilities. The first vulnerability is in the translation of Session Initiation Protocol (SIP)
packets, the second vulnerability in the translation of H.323 packets, and the third vulnerability is
in the translation of H.225.0 call signaling for H.323 packets.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at
.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes
six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software,
and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each
advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory.
The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that
have been published on September 22, 2010 or earlier:
six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software,
and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each
advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory.
The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that
have been published on September 22, 2010 or earlier:
Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security
Advisory Bundled Publication at the following link:
CSCte14603 IGMPv3 DoS Vulnerability
A vulnerability in the Internet Group Management Protocol (IGMP) version 3 implementation of
Cisco IOS Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause
a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a
sustained denial of service (DoS) condition. Cisco has released free software updates that address
this vulnerability.
Cisco IOS Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause
a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a
sustained denial of service (DoS) condition. Cisco has released free software updates that address
this vulnerability.
This advisory is posted at
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes
six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software,
and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each
advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory.
The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that
have been published on September 22, 2010, or earlier:
six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software,
and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each
advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory.
The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that
have been published on September 22, 2010, or earlier:
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security
Advisory Bundled Publication" at the following link:
Open Caveats - Release 15.0(1)XA4
There are no open caveats in this release.