Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities
From: Cisco Systems Product Security Incident Response Team <psirt@cisco.com.>
To: [email protected]
Subject: Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities
Date: Wed, 14 Jan 2009 17:00:00 +0100
Message-id: <200901141700.http@psirt.cisco.com.>
Reply-To: [email protected]
Errors-To: [email protected]
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Prevent-NonDelivery-Report:
Content-Return: Prohibited
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Response: Cisco IOS Cross-Site Scripting
Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
- ---------------------------------------------------------------------
Cisco Response
==============
Two separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site
scripting (XSS) vulnerabilities have been reported to Cisco by two
independent researchers. ProCheckup has posted a Security Advisory
titled "XSS on Cisco IOS HTTP Server" posted at
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19
Cisco would like to thank Adrian Pastor and Richard J. Brain of
ProCheckUp and Nobuhiro Tsuji of NTT Data Security Corporation with
co-operation of JPCert.
This Cisco Security Response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
Additional Information
This response covers two separate cross-site scripting
vulnerabilities within the Cisco IOS Hypertext Transfer Protocol
(HTTP) server (including HTTP secure server - here after referred to
as purely HTTP Server) and applies to all Cisco products that run
Cisco IOS Software versions 11.0 through 12.4 with the HTTP server
enabled. A system that contains the IOS HTTP server or HTTP secure
server, but does not have it enabled, is not affected.
To determine if the HTTP server is running on your device, issue the
show ip http server status | include status and the show ip http
server secure status | include status commands at the prompt and look
for output similar to:
Router#show ip http server status | include status
HTTP server status: Enabled
HTTP secure server status: Enabled
If the device is not running the HTTP server, you should see output
similar to:
Router#show ip http server status | include status
HTTP server status: Disabled
HTTP secure server status: Disabled
These vulnerabilities are documented in the following Cisco bug IDs:
* Cisco bug ID CSCsi13344 - XSS in IOS HTTP Server
Special Characters are not escaped in URL strings sent to the
HTTP server.
* Cisco bug ID CSCsr72301 - XSS in IOS HTTP Server (ping parameter)
Special Characters are not escaped in URL strings sent to the
HTTP server, via the ping parameter. The ping parameter is used
both by external applications such as Router and Security Device
Manager (SDM) as well as a direct HTTP session to Cisco IOS http
server. This vulnerability affects 12.1E based trains and all
Cisco IOS releases after 12.2(13)T.
These vulnerabilities are independent of each other. For a full
solution, download a Cisco IOS version that contains the fixes for
both Cisco bug IDs. These vulnerabilities have been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2008-3821.
Workaround
+---------
If the HTTP server is not used for any legitimate purposes on the
device, it is a best practice to disable it by issuing the following
commands in configure mode:
no ip http server
no ip http secure-server
If the HTTP server is required, it is a recommended best practice to
control which hosts may access the HTTP server to only trusted
sources. To control which hosts can access the HTTP server, you can
apply an access list to the HTTP server. To apply an access list to
the HTTP server, use the following command in global configuration
mode:
ip http access-class {access-list-number | access-list-name}
The following example shows an access list that allows only trusted
hosts to access the Cisco IOS HTTP server:
ip access-list standard 20
permit 192.168.1.0 0.0.0.255
remark "Above is a trusted subnet"
remark "Add further trusted subnets or hosts below"
! (Note: all other access implicitly denied)
! (Apply the access-list to the http server)
ip http access-class 20
For additional information on configuring the Cisco IOS HTTP server,
consult Using the Cisco Web Browser User Interface.
For additional information on cross-site scripting attacks and the
methods used to exploit these vulnerabilities, please refer to the
Cisco Applied Mitigation Bulletin "Understanding Cross-Site Scripting
(XSS) Threat Vectors", which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml
Further Problem Description
+--------------------------
This vulnerability is about escaping characters in the URL that are
sent to the HTTP server. This vulnerability is different from the
vulnerability reported in Cisco bug ID CSCsc64976. The fix for this
vulnerability is to escape special characters in the URL string
echoed in the response generated by the web exec application.
Software Version and Fixes
+-------------------------
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center ("TAC") or your contracted
maintenance provider for assistance.
Each row of the Cisco IOS software table (below) describes a release
train and the platforms or products for which it is intended. If a
given release train is vulnerable, then the earliest possible
releases that contain the fix (the "First Fixed Release") and the
anticipated date of availability for each are listed in the "Rebuild"
and "Maintenance" columns. A device running a release in the given
train that is earlier than the release in a specific column (less
than the First Fixed Release) is known to be vulnerable. The release
should be upgraded at least to the indicated release or a later
version (greater than or equal to the First Fixed Release label).
For more information on the terms "Rebuild" and "Maintenance,"
consult the following URL:
http://www.cisco.com/warp/public/620/1.html
+----------------------------------------+
| Major | Availability of Repaired |
| Release | Releases |
|------------+---------------------------|
| Affected | First Fixed | Recommended |
| 12.0-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0DC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | 12.0(33)S3; | |
| 12.0S | Available | |
| | on | |
| | 03-APR-2009 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SC | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SL | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0SP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0ST | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SX | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SY | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.0SZ | first fixed | |
| | in 12.0S | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.0(3c)W5 |
| 12.0W | first fixed | (8) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0WC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.0WT | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.0XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.0(4)XI2 | |
| | are | |
| | vulnerable, | |
| 12.0XI | release | 12.4(15) |
| | 12.0(4)XI2 | T812.4(23) |
| | and later | |
| | are not | |
| | vulnerable; | |
| | first fixed | |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XK | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XN | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.0XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.1-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1AA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AX | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AY | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1AZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1CX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1DC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1E | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1EA | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| 12.1EB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(33) |
| 12.1EC | first fixed | SCA212.2 |
| | in 12.3BC | (33)SCB12.3 |
| | | (23)BC6 |
|------------+-------------+-------------|
| 12.1EO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.1EU | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.1EV | first fixed | S1212.2(33) |
| | in 12.4 | SB312.4(15) |
| | | T812.4(23) |
|------------+-------------+-------------|
| | | 12.2(31) |
| | Vulnerable; | SGA912.2 |
| 12.1EW | first fixed | (50)SG12.4 |
| | in 12.4 | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1EX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1EY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1EZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1GA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1GB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XF | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XI | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XU | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XY | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1XZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.1(5)YE6 | |
| | are | |
| | vulnerable, | |
| 12.1YE | release | 12.4(15) |
| | 12.1(5)YE6 | T812.4(23) |
| | and later | |
| | are not | |
| | vulnerable; | |
| | first fixed | |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YF | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.1YH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.1YI | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.1YJ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.2-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2B | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2BC | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(33) |
| 12.2BX | first fixed | SB312.4(15) |
| | in 12.4 | T812.4(23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BY | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2BZ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2CX | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2CY | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2CZ | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2DX | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.2EW | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(31) |
| 12.2EWA | first fixed | SGA912.2 |
| | in 12.2SG | (50)SG |
|------------+-------------+-------------|
| 12.2EX | 12.2(40)EX | 12.2(44)EX1 |
|------------+-------------+-------------|
| | 12.2(44)EY; | 12.2(46)EY; |
| 12.2EY | Available | Available |
| | on | on |
| | 30-JAN-2009 | 23-JAN-2009 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2EZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2FX | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(44) |
| 12.2FY | first fixed | EX112.2(44) |
| | in 12.2EX | SE4 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2FZ | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| 12.2IRA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2IRB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2IXA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2IXG | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2JA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2JK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2MB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2MC | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2S | first fixed | 12.2(20)S12 |
| | in 12.2SB | |
|------------+-------------+-------------|
| | 12.2(33) | |
| | SB12.2(31) | |
| 12.2SB | SB14; | 12.2(33)SB3 |
| | Available | |
| | on | |
| | 16-JAN-2009 | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SBC | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| 12.2SCA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SCB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SE | 12.2(40)SE | 12.2(44)SE4 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEA | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEB | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEC | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SED | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEE | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SEF | first fixed | 12.2(44)SE4 |
| | in 12.2SE | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(44) |
| 12.2SEG | first fixed | EX112.2(44) |
| | in 12.2EX | SE4 |
|------------+-------------+-------------|
| 12.2SG | 12.2(44)SG | 12.2(50)SG |
|------------+-------------+-------------|
| 12.2SGA | 12.2(31) | 12.2(31) |
| | SGA9 | SGA9 |
|------------+-------------+-------------|
| 12.2SL | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SM | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SQ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SR | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SRA | migrate to | 12.2(33) |
| | any release | SRC3 |
| | in 12.2SRC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SRB | migrate to | 12.2(33) |
| | any release | SRC3 |
| | in 12.2SRC | |
|------------+-------------+-------------|
| 12.2SRC | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SRD | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2STE | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2SU | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.2SV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SVE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2SW | first fixed | 12.4(15)T8 |
| | in 12.4SW | |
|------------+-------------+-------------|
| 12.2SX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2SXH | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2SXI | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2SY | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.2(20) |
| 12.2SZ | first fixed | S1212.2(33) |
| | in 12.2SB | SB3 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2T | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2TPC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XB | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XC | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XD | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(33) |
| | Vulnerable; | SCA212.2 |
| 12.2XF | first fixed | (33)SCB12.3 |
| | in 12.4 | (23)BC612.4 |
| | | (15)T812.4 |
| | | (23) |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XG | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XI | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XJ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XK | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XL | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XM | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | | 12.2(20) |
| | | S1212.2(33) |
| | | SB312.2(33) |
| 12.2XN | 12.2(33)XN1 | SRC312.2 |
| | | (33) |
| | | XNA212.2 |
| | | (33r)SRD2 |
|------------+-------------+-------------|
| 12.2XNA | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2XNB | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | 12.2(46)XO; | 12.2(46)XO; |
| 12.2XO | Available | Available |
| | on | on |
| | 02-FEB-2009 | 02-FEB-2009 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XQ | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XS | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XT | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XU | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XV | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2XW | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2YB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YE | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YF | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YG | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YH | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YJ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YK | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YM | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.2YN | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YO | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2YP | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2YQ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YR | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YS | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.2YT | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YU | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YW | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2YZ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Releases | |
| | prior to | |
| | 12.2(13)ZC | |
| | are | |
| 12.2ZC | vulnerable, | |
| | release | |
| | 12.2(13)ZC | |
| | and later | |
| | are not | |
| | vulnerable; | |
|------------+-------------+-------------|
| 12.2ZD | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZF | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZG | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.2ZH | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.2ZJ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZP | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2ZU | migrate to | |
| | any release | |
| | in 12.2SXH | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.2ZX | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| 12.2ZY | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.2ZYA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.3-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3 | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3B | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3BC | 12.3(23)BC6 | 12.3(23)BC6 |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3BW | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3EU | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.3JA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JEC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3JK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3JL | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.3JX | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3T | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3TPC | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3VA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XA | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.3XB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XC | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XD | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XE | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| 12.3XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XG | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XI | first fixed | 12.2(33)SB3 |
| | in 12.2SB | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XK | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XL | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XQ | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XR | first fixed | T812.4(23) |
| | in 12.4 | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XS | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XU | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3XW | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XX | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XY | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3XZ | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(15) |
| 12.3YA | first fixed | T812.4(23) |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YD | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YF | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YG | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YH | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YI | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YK | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YM | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YQ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YS | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YT | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YU | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3YX | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.3YZ | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.3ZA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| Affected | First Fixed | Recommended |
| 12.4-Based | Release | Release |
| Releases | | |
|------------+-------------+-------------|
| 12.4 | 12.4(16) | 12.4(23) |
|------------+-------------+-------------|
| 12.4JA | 12.4(16b)JA | 12.4(16b) |
| | | JA1 |
|------------+-------------+-------------|
| 12.4JDA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JK | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JL | 12.4(3)JL1 | 12.4(3)JL1 |
|------------+-------------+-------------|
| 12.4JMA | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4JMB | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | Vulnerable; | 12.4(16b) |
| 12.4JX | first fixed | JA1 |
| | in 12.4JA | |
|------------+-------------+-------------|
| 12.4MD | 12.4(15)MD | 12.4(15)MD2 |
|------------+-------------+-------------|
| 12.4MR | 12.4(16)MR | |
|------------+-------------+-------------|
| 12.4SW | 12.4(11)SW3 | 12.4(15)T8 |
|------------+-------------+-------------|
| 12.4T | 12.4(15)T | 12.4(15)T8 |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XA | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XB | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XC | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XD | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XE | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XF | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XG | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XJ | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XK | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XL | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XM | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XN | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XP | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| 12.4XQ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XR | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| | Vulnerable; | |
| 12.4XT | first fixed | 12.4(15)T8 |
| | in 12.4T | |
|------------+-------------+-------------|
| 12.4XV | Vulnerable; | |
| | contact TAC | |
|------------+-------------+-------------|
| | | 12.4(11) |
| | | XW10; |
| 12.4XW | 12.4(11)XW3 | Available |
| | | on |
| | | 22-JAN-2009 |
|------------+-------------+-------------|
| 12.4XY | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4XZ | Not | |
| | Vulnerable | |
|------------+-------------+-------------|
| 12.4YA | Not | |
| | Vulnerable | |
+----------------------------------------+
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-January-14 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkluC58ACgkQ86n/Gc8U/uA6vACfY36eBjbCbnJsrnJlOCE0Mr6Y
JqUAn1TVyUvBk8lGTm94F+tvmZy4n3Ke
=cGUi
-----END PGP SIGNATURE-----