Skip to main content

Cisco IOS Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 25 Mar 2010 5689 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Cisco IOS software, which could be exploited by attackers to cause denial of service or execute arbitrary code.

1. Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability

2. Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability

3. Cisco IOS Software IPsec Vulnerability

4. Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

5. Cisco IOS Software H.323 Denial of Service Vulnerabilities

6. Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability

7. Cisco Unified Communications Manager Express Denial of Service Vulnerabilities


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Cisco IOS 12.x
  • Cisco IOS R12.x
  • Cisco IOS-XE 2.x
  • Cisco IOS XR 3.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to the fixed version:
    http://www.cisco.com/warp/public/707/cisco-sa-20100324-bundle.shtml

    Users with contracts should obtain upgraded software through regular update channels. Most users can obtain upgrades via the Software Center on Cisco's Worldwide Web site at http://www.cisco.com/.

    Users without contracts should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows:

    +1 800 553 2447 (toll-free call within North America)
    +1 408 526 7209 (toll call from elsewhere in the world)
    E-mail: [email protected]


Vulnerability Identifier


Source


Related Link