Cisco Cisco IOS Software Release 12.2(35)SE
3
Release Notes for the Catalyst 3750, 3560, and 2970 Switches Cisco IOS Release 12.2(20)SE4
OL-5547-05
Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(20)SE4
Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(20)SE4
These caveats were resolved in this release for the indicated switches:
•
CSCed65285
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the
Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access
Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS
devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust
resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service
(DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not
affected by these vulnerabilities.
Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access
Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS
devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust
resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service
(DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not
affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers.
There are workarounds available to mitigate the effects of the vulnerability (see the “Workarounds”
section of the full advisory for details.)
There are workarounds available to mitigate the effects of the vulnerability (see the “Workarounds”
section of the full advisory for details.)
This advisory will be posted at
•
CSCed65778
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the
Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access
Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS
devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust
resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service
(DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not
affected by these vulnerabilities.
Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access
Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS
devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust
resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service
(DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not
affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers.
There are workarounds available to mitigate the effects of the vulnerability (see the “Workarounds”
section of the full advisory for details.)
There are workarounds available to mitigate the effects of the vulnerability (see the “Workarounds”
section of the full advisory for details.)
This advisory will be posted at
•
CSCeg55298 (Catalyst 3750)
When two or more Cisco Catalyst 3750 switch stacks are connected to each other through nonrouted
(Layer 2) ports, and a client sends an IGMP leave message, this no longer causes a storm of IGMP
leave messages to be sent between the two switch stacks.
(Layer 2) ports, and a client sends an IGMP leave message, this no longer causes a storm of IGMP
leave messages to be sent between the two switch stacks.
•
CSCeg63064 (Catalyst 2970)
Catalyst 2970 switches now correctly forward IPv6 packets that have hop-by-hop options set.
Related Documentation
These documents provide complete information about the Catalyst 3750, 3560, and 2970 switches and
are available at Cisco.com:
are available at Cisco.com:
•