Cisco Cisco Aironet 1200 Access Point
17
Release Notes for Cisco Aironet Access Points for Cisco IOS Release 12.3(8)JA2
OL-10768-01
Caveats
Resolved Caveats
These caveats are resolved in Cisco IOS Release 12.3(8)JA2:
•
CSCek26492
Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in
Cisco Security Advisory: Crafted IP Option Vulnerability:
Cisco Security Advisory: Crafted IP Option Vulnerability:
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS
are not at risk of crash if CSCec71950 has been resolved in the software.
are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no
workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory:
Crafted IP Option Vulnerability for workaround information:
workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory:
Crafted IP Option Vulnerability for workaround information:
•
CSCek37177
The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS
software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service
condition.
software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service
condition.
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the
Cisco IOS device will not trigger this vulnerability.
Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID
CSCek37177
.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
•
CSCed32369—Disabling SNMPv3 now removes the snmp server-host command from the
configuration.
configuration.
•
CSCei18359—Access points no longer run low on memory when performing posture validation
over an extended period of time.
over an extended period of time.
•
CSCin99605—Access points no longer reboot when you configure a TACACS server.
•
CSCsc02981—Access points no longer fail when mac-authen filter-cache is enabled.
•
CSCsc79121—Radio interfaces are now operational after an upgrade.
•
CSCsc83665—Access points no longer reboot unexpectedly when the configuration contains the
dot11 network-map command.
dot11 network-map command.
•
CSCsc88624—Devices in non-root bridge mode no longer modify VTP packets from SNAP format
to DIX format.
to DIX format.
•
CSCsc97727—Access points no longer reboot unexpectedly when you use the CLI to add or remove
a TACACS server.
a TACACS server.
•
CSCsd00738—Access points no longer reboot unexpectedly when you log into the CLI as an
administrator.
administrator.
•
CSCsd40250—Access points no longer leak memory when AES is configured.