Cisco Cisco IOS Software Release 12.4(2)XB6 릴리즈 노트
8
Release Notes for Cisco IAD2801 Series Integrated Access Devices with Cisco IOS Release 12.4(11)XJ
OL-12461-03
Caveats
•
CSCdv59309
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point
Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of
the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of
the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The
second vulnerability may consume all interface descriptor blocks on the affected device because
those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly
exploited, the memory and/or interface resources of the attacked device may be depleted.
second vulnerability may consume all interface descriptor blocks on the affected device because
those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly
exploited, the memory and/or interface resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities for affected customers.
There are no workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at
•
CSCsj58566
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point
Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of
the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of
the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The
second vulnerability may consume all interface descriptor blocks on the affected device because
those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly
exploited, the memory and/or interface resources of the attacked device may be depleted.
second vulnerability may consume all interface descriptor blocks on the affected device because
those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly
exploited, the memory and/or interface resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities for affected customers.
There are no workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at
CSCsg70474
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also
shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following
protocols or features:
shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following
protocols or features:
–
Session Initiation Protocol (SIP)
–
Media Gateway Control Protocol (MGCP)
–
Signaling protocols H.323, H.254
–
Real-time Transport Protocol (RTP)
–
Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from
disabling the protocol or feature itself.
disabling the protocol or feature itself.
This advisory is posted at