Cisco Cisco Aironet 1130 AG Access Point
20
Release Notes for Cisco Aironet Access Points for Cisco IOS Release 12.3(8)JEA
OL-11186-01
Caveats
•
CSCek26492
Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed
in Cisco Security Advisory: Crafted IP Option Vulnerability:
in Cisco Security Advisory: Crafted IP Option Vulnerability:
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS
are not at risk of crash if CSCec71950 has been resolved in the software.
are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no
workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory:
Crafted IP Option Vulnerability for workaround information:
workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory:
Crafted IP Option Vulnerability for workaround information:
•
CSCek37177
The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS
software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service
condition.
software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service
condition.
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the
Cisco IOS device will not trigger this vulnerability.
Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID
CSCek37177
.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
•
CSCsa53334
The Intrusion Prevention System (IPS) feature set of Cisco IOS contains several vulnerabilities.
These include:
These include:
–
Fragmented IP packets may be used to evade signature inspection.
–
IPS signatures utilizing the regular expression feature of the ATOMIC.TCP signature engine
may cause a router to crash resulting in a denial of service.
may cause a router to crash resulting in a denial of service.
There are mitigations and workarounds for these vulnerabilities. Cisco has made free software
available to address these vulnerabilities for affected customers.
available to address these vulnerabilities for affected customers.
This advisory is posted at:
.
•
CSCsb78724—Guest mode SSID privacy bit is now reflected in beacons in multi-SSID setup
•
CSCsc79121—Traceback and radio are no longer down after upgrading access point software
•
CSCsd01506—ifInUcastPkts and ifHCInUcastPkts values are now correct
•
CSCsd14669—802.11d Country Information Element has correct power levels
•
CSCsd19899—Access point does factory default for ip domain-name and name-server commands
•
CSCsd27901—RARP packets are now forwarded on non native VLANs