Cisco Cisco Aironet 1200 Access Point 릴리즈 노트
17
Release Notes for Cisco Aironet Access Points for Cisco IOS Release 12.3(8)JEB
OL-11737-01
Caveats
Resolved Caveats
These caveats are resolved in Cisco IOS Release 12.3(8)JEB:
•
CSCsb12598
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In
order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL
protocol exchange with the vulnerable device.
order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL
protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–
Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–
Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There
are workarounds available to mitigate the effects of these vulnerabilities.
are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at
Note
Another related advisory has been posted with this advisory. This additional advisory also
describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is
available at the following link:
describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is
available at the following link:
.
•
CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number
of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation
One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some
cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials
(such as a valid username or password).
of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation
One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some
cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials
(such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–
Cisco IOS, documented as Cisco bug ID CSCsd85587
–
Cisco IOS XR, documented as Cisco bug ID CSCsg41084
–
Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
–
Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
–
Cisco Firewall Service Module (FWSM)
This vulnerability is also being tracked by CERT/CC as VU#754281.