Cisco Cisco Aironet 1400 Wireless Bridge 發佈版本通知
8
Release Notes for Cisco Aironet 1410 Bridges for Cisco IOS Release 12.3(2)JA6
OL-10203-01
Caveats
Resolved Caveats in Cisco IOS Release 12.3(2)JA6
•
CSCsc64976
A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically
generated output, such as the output from a show buffers command, is passed to the browser
requesting the page. This HTML code could be interpreted by the client browser and potentially
execute malicious commands against the device or other possible cross-site scripting attacks.
Successful exploitation of this vulnerability requires that a user browse a page containing dynamic
content in which HTML commands have been injected.
generated output, such as the output from a show buffers command, is passed to the browser
requesting the page. This HTML code could be interpreted by the client browser and potentially
execute malicious commands against the device or other possible cross-site scripting attacks.
Successful exploitation of this vulnerability requires that a user browse a page containing dynamic
content in which HTML commands have been injected.
Cisco will be making free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability.This advisory is posted
a the following URL:
There are workarounds available to mitigate the effects of the vulnerability.This advisory is posted
a the following URL:
•
CSCee45312
RADIUS authentication on a device that is running certain versions of Cisco IOS and configured
with a fallback method to none can be bypassed.
with a fallback method to none can be bypassed.
Systems that are configured for other authentication methods or that are not configured with a
fallback method to none are not affected.
fallback method to none are not affected.
Only the systems that are running certain versions of Cisco IOS are affected. Not all configurations
using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and
an additional method are not affected.
using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and
an additional method are not affected.
Cisco has made free software available to address this vulnerability. There are workarounds
available to mitigate the effects of the vulnerability.
available to mitigate the effects of the vulnerability.
More details can be found in the security advisory which posted at the following URL:
Resolved Caveats in Cisco IOS Release 12.3(2)JA5
The following caveat is resolved in Cisco IOS Release 12.3(2)JA5:
•
CSCei61732
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow
vulnerability. Cisco has included additional integrity checks in its software, as further described
below, that are intended to reduce the likelihood of arbitrary code execution.
vulnerability. Cisco has included additional integrity checks in its software, as further described
below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected
customers.
customers.
This advisory is posted at
•
CSCei76358—Through normal software maintenance processes, Cisco is removing depreciated
functionality. These changes have no impact on system operation or feature availability.
functionality. These changes have no impact on system operation or feature availability.