Home / vulnerabilities

PDF

cisco-sa-20070808-IOS-voice.txt

Posted on 09 August 2007
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Cisco Security Advisory:
Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager

Advisory ID: cisco-sa-20070808-IOS-voice

http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Revision 1.0

For Public Release 2007 August 08 1600 UTC (GMT)

- -----------------------------------------------------------------------

Summary
=======

Multiple voice-related vulnerabilities are identified in Cisco IOS
software, one of which is also shared with Cisco Unified Communications
Manager. These vulnerabilities pertain to the following protocols or
features:

* Session Initiation Protocol (SIP)
* Media Gateway Control Protocol (MGCP)
* Signaling protocols H.323, H.254
* Real-time Transport Protocol (RTP)
* Facsimile reception

Cisco has made free software available to address these vulnerabilities
for affected customers. Fixed Cisco IOS software listed in the Software
Versions and Fixes section contains fixes for all vulnerabilities
mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of
the vulnerabilities apart from disabling the protocol or feature
itself.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml.

Note: The August 08, 2007 publication includes four Security Advisories
and one Security Response. The advisories all affect IOS, one
additionally affects Cisco Unified Communications Manager as well. Each
advisory lists the releases that correct the vulnerability described in
the advisory, and the advisories also detail the releases that correct
the vulnerabilities in all four advisories. Individual publication
links are listed below:

* Cisco IOS Information Leakage Using IPv6 Routing Header
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml
* Cisco IOS Next Hop Resolution Protocol Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml
* Cisco IOS Secure Copy Authorization Bypass Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml
* Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications
Manager
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
* Cisco Unified MeetingPlace XSS Vulnerability
http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

Affected Products
=================

These vulnerabilities only affect devices running Cisco IOS that have
voice services enabled. The only exception is the vulnerability
documented as Cisco bug ID CSCsi80102, which also exists on Cisco
Unified Communications Manager.

Vulnerable Products
+------------------

To determine the software running on a Cisco IOS product, log in to the
device and issue the "show version" command to display the system banner.
Cisco IOS software will identify itself as "Internetwork Operating
System Software" or simply "IOS." On the next line of output, the image
name will be displayed between parentheses, followed by "Version" and
the Cisco IOS release name. Other Cisco devices will not have the
"show version" command, or will give different output.

The following example shows output from a device running an IOS image:

Router>show version
Cisco IOS Software, 7200 Software (C7200-IK9S-M), Version 12.3(14)T1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Thu 31-Mar-05 08:04 by yiyan


Additional information about Cisco IOS release naming is available at
the following link:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_white_paper09186a008018305e.shtml.

SIP-related vulnerabilities
+--------------------------

Any Cisco device that runs a vulnerable version of IOS and supports SIP
processing could be vulnerable. This includes IOS versions 12.3(4)XH,
12.3(4)XQ, 12.3(7)XR, 12.3(7)XS, 12.3(8)JA, 12.3(8)T, 12.3(8)XU, 12.3
(8)XW, 12.3(8)XX, 12.3(8)XY, 12.3(8)YA, 12.3(8)YG, 12.3(8)YH, 12.3(8)
YI, 12.3(8)ZA, 12.4 Mainline and 12.4T onward. Routers that are
configured as SIP Public Switched Telephone Network (PSTN) Gateways and
SIP Session Border Controllers (SBCs) are vulnerable. The CAT6000-CMM
card is also vulnerable.

To determine if the device has SIP enabled, enter the commands
"show ip sockets" and "show tcp brief all". In some newer IOS releases
the command "show ip sockets" is removed. If that is the case use "show udp".
The output is identical to the "show ip sockets" command.

Router#show ip sockets
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 0.0.0.0 0 --any-- 5060 0 0 211 0
17 0.0.0.0 0 192.168.100.2 67 0 0 2211 0
17 0.0.0.0 0 192.168.100.2 2517 0 0 11 0


The first line with UDP Port 5060 shows that UDP SIP is enabled.

Router#show tcp brief all
TCB Local Address Foreign Address (state)
2051E680 *.5060 *.* LISTEN


The above lines with *.5060 show that TCP SIP is enabled.

The device is vulnerable even if it does not have SIP explicitly
configured. If the output of the "show ip sockets" command is showing
that the device is listening to port 5060, then the device is
vulnerable.

MGCP-related vulnerabilities
+---------------------------

To determine whether MGCP is configured on an IOS device, look for
either of the following lines in in the Cisco IOS configuration:

Router#show running config
....
voice-port 1/1/1
!
mgcp
!
dial-peer voice 1 pots
service mgcpapp
port 1/1/1


or

Router#show running config
....
controller T1 1/1
framing sf
linecode ami
pri-group timeslots 1-24 service mgcp


or

Router#show running config
....
controller T1 1/1
framing sf
linecode ami
ds0-group 0 timeslots 1-24 type none service mgcp


The exact port numbers may vary in the configuration.

H.323 signaling-related vulnerabilities
+--------------------------------------

To determine whether H.323 is configured on an IOS device, look for
either of the following lines in the Cisco IOS configuration.

For Cisco bug ID CSCsi60004 this configuration is vulnerable:

Router#show running config | include proxy
proxy h323


For Cisco bug ID CSCsg70474 this configuration is vulnerable:

Router#show running config | include inspect
ip inspect name H323_protocol h323
ip inspect H323_protocol in


Real-time Transport Protocol-related vulnerabilities
+---------------------------------------------------

No particular configuration is required to enable RTP because this
protocol is invoked when audio or video information is transmitted.
H.323, MGCP, SIP, or H.320 protocols must be processing packets for a
router to process RTP packets.

Note: These vulnerabilities only affect sessions terminating or
originating on a device itself, not transit traffic; for example,
traffic that passes through a device, but is destined elsewhere is not
affected.

Facsimile reception vulnerability
+--------------------------------

The IOS device will listen to incoming facsimile transmission by
default if the Digital Signal Processor (DSP) is present. To determine
the presence of DSP on a device, execute the following command:

Note: This vulnerability only affects sessions terminating or
originating on a device itself, not transit traffic; for example,
traffic that passes through a device, but is destined elsewhere is not
affected.

Router#show voice dsp
DSP DSP DSPWARE CURR BOOT PAK TX/RX
TYPE NUM CH CODEC VERSION STATE STATE RST AI VOICEPORT TS ABORT PACK COUNT
==== === == ======== ======= ===== ======= === == ========= == ===== ===========
C542 001 01 None 7.4.1 IDLE idle 0 0 1/1/0 NA 0 598/607
C542 002 01 None 7.4.1 IDLE idle 0 0 1/1/1 NA 0 591/588


The above example shows that DSP is present on the device.

Products Confirmed Not Vulnerable
+--------------------------------

No other Cisco products are currently known to be affected by these
vulnerabilities. The following devices are known not to be affected:

* Cisco Unified Communications Manager (with the exception of
CSCsi80102)
* Cisco IP Phone

Details
=======

Details for vulnerabilities are grouped by category and impact.

SIP-related vulnerabilities
+--------------------------

SIP is a protocol that is used to establish, modify, and terminate
multimedia sessions. Most commonly, SIP is used for Internet telephony.
SIP call signaling can use UDP (User Datagram Protocol) or TCP
(Transport Control Protocol) as an underlying transport protocol. In
all cases vulnerabilities can be triggered by processing a malformed
SIP packet.

A malformed SIP packet may cause a vulnerable device to crash and may
allow arbitrary code to be executed. These vulnerabilities are
documented as the following Cisco Bug IDs:

* CSCsi80749 Crash while processing malformed SIP packet
* CSCsi80102 CUCM - Crash while processing malformed SIP packet

A malformed SIP packet may cause a memory leak and device crash. These
vulnerabilities are documented as the following Cisco Bug IDs:

* CSCsf11855 Crash while processing malformed SIP packet
* CSCeb21064 Crash while processing malformed SIP packet
* CSCse40276 Router crashed by malformed SIP message
* CSCse68355 Router crashed by malformed SIP packet
* CSCsf30058 Memory leak when processing malformed SIP message
* CSCsb24007 Memory corruption and unexpected reload on receiving a
SIP packet
* CSCsc60249 Crash while processing malformed SIP packet

MGCP-related vulnerabilities
+---------------------------

MGCP is a protocol for controlling media gateways from external call
control elements such as Media Gateway Controllers or Call Agents. A
media gateway is typically a network element that provides conversion
between the audio signals carried on telephone circuits and data
packets carried over the Internet or over other packet networks. In a
Cisco environment, a media gateway is used between the Cisco
Communications Manager and the Cisco router and servers as a voice
gateway.

A specially crafted MGCP packet can cause a vulnerable device to crash
or become unresponsive. The unresponsive device will not be able to
establish new telephone calls, and a reboot is required to restore
normal operation. These vulnerabilities are documented as the following
Cisco Bug IDs:

* CSCsf08998 MGCP stop responding after receiving malformed packet
* CSCsd81407 Router crash on receiving abnormal MGCP messages

H.323-signaling related vulnerabilities
+--------------------------------------

H.323 is an ITU (International Telecommunications Union) set of
recommendations for multimedia communication and signaling in networks
that use Internet Protocol.

A malformed H.323 packet can crash a vulnerable device. These
vulnerabilities are documented as the following Cisco Bug IDs:

* CSCsi60004 H323 Proxy Unregistration from Gatekeeper
* CSCsg70474 IOS FW with h323 inspect crashes when malformed H.323
packets received

Real-time Transport Protocol-related vulnerabilities
+---------------------------------------------------

RTP is a protocol that is designed to provide delivery services for
data with real-time characteristics, such as interactive audio and
video.

A malformed RTP packet can cause a vulnerable device to crash. These
vulnerabilities are documented as the following Cisco Bug IDs:

* CSCse68138 Issue in handling specific packets in VOIP RTP Lib
* CSCse05642 I/O memory corruption crash on a router

Facsimile reception vulnerability
+--------------------------------

Reception of a large packet can cause a vulnerable device to crash.
This vulnerability is documented as the following Cisco Bug ID:

* CSCej20505 Router hangs with overly large packet

Vulnerability Scoring Details
+----------------------------

Cisco is providing scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 1.0.

Cisco will provide a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of the
vulnerability in individual networks.

Cisco PSIRT will set the bias in all cases to normal. Customers are
encouraged to apply the bias parameter when determining the
environmental impact of a particular vulnerability.

CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.

Cisco has provided an FAQ to answer additional questions regarding CVSS
at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html.

Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss.

Note: To make this document more readable, individual CVSS scores for
vulnerabilities are not shown. Instead, the vulnerabilities are grouped
according to the score.

The following SIP-related vulnerabilities have identical CVSS scoring:

* CSCsi80749 Crash while processing malformed SIP packet
* CSCsi80102 CUCM - Crash while processing malformed SIP packet

CVSS Base Score - 10
Access Vector - Remote
Access Complexity - Low
Authentication - Not Required
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
Impact Bias - Normal

CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed



The following SIP-related vulnerabilities have identical CVSS scoring:

* CSCsf11855 Crash while processing malformed SIP packet
* CSCeb21064 Crash while processing malformed SIP packet
* CSCse40276 Router crashed by malformed SIP message
* CSCse68355 Router crashed by malformed SIP message
* CSCsf30058 Memory leak when processing malformed SIP message
* CSCsb24007 Memory corruption and unexpected reload on receiving a SIP packet
* CSCsc60249 Crash while processing malformed SIP packet

CVSS Base Score - 3.3
Access Vector - Remote
Access Complexity - Low
Authentication - Not Required
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
Impact Bias - Normal

CVSS Temporal Score - 2.7
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed



The following MGCP-related vulnerabilities have identical CVSS scoring:

* CSCsf08998 MGCP stop responding after receiving malformed packet
* CSCsd81407 Router crash on receiving abnormal MGCP messages

CVSS Base Score - 3.3
Access Vector - Remote
Access Complexity - Low
Authentication - Not Required
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
Impact Bias - Normal

CVSS Temporal Score - 2.7
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed


The following H.323 signaling-related vulnerabilities have identical
CVSS scoring

* CSCsi60004 H323 Proxy Unregistration from Gatekeeper
* CSCsg70474 IOS FW with h323 inspect crashes when malformed H.323
packets received

CVSS Base Score - 3.3
Access Vector - Remote
Access Complexity - Low
Authentication - Not Required
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
Impact Bias - Normal

CVSS Temporal Score - 2.7
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed


The following RTP-related vulnerabilities have identical CVSS scoring

* CSCse68138 Issue in handling specific packets in VOIP RTP Lib
* CSCse05642 I/O memory corruption crash on a router

CVSS Base Score - 3.3
Access Vector - Remote
Access Complexity - Low
Authentication - Not Required
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
Impact Bias - Normal

CVSS Temporal Score - 2.7
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed


CVSS score for the facsimile reception vulnerability

* CSCej20505 Router hangs with overly large packet

CVSS Base Score - 3.3
Access Vector - Remote
Access Complexity - Low
Authentication - Not Required
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
Impact Bias - Normal

CVSS Temporal Score - 2.7
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed


Impact
======

The impacts associated with individual vulnerabilities are listed
according to vulnerability type. If not specifically called out, all
vulnerabilities within the same category have an identical impact.

SIP-related vulnerabilities
+--------------------------

Successful exploitation of the vulnerabilities listed as Cisco Bug ID
CSCsi80749 and CSCsi80102 can potentially lead to remote code execution.

Successful exploitation of other SIP-related vulnerabilities listed in
this advisory can cause the affected device to crash. Repeated
exploitation could result in a sustained denial of service (DoS)
attack.

MGCP-related vulnerabilities
+---------------------------

Successful exploitation of the vulnerability listed as Cisco Bug ID
CSCsf08998 can cause the affected device to become unresponsive. The
device will not be able to establish any new connections, and a reboot
is required to restore normal functionality.

Successful exploitation of the vulnerability listed as Cisco Bug ID
CSCsd81407 can cause the affected device to crash. Repeated exploitation
could result in a sustained denial of service (DoS) attack.

H.323 Signaling-related vulnerabilities
+--------------------------------------

Successful exploitation of the vulnerabilities listed in this advisory
can cause the affected device to crash. Repeated exploitation could
result in a sustained denial of service (DoS) attack.

Real-time Transport Protocol-related vulnerabilities
+---------------------------------------------------

Successful exploitation of the vulnerabilities listed in this advisory
can cause the affected device to crash. Repeated exploitation could
result in a sustained denial of service (DoS) attack.

Facsimile reception vulnerability
+--------------------------------

Successful exploitation of the vulnerability listed in this advisory
can cause the affected device to crash. Repeated exploitation could
result in a sustained denial of service (DoS) attack.

Software Versions and Fixes
===========================

When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center ("TAC") or your contracted
maintenance provider for assistance.

Each row of the Cisco IOS software table (below) names a Cisco IOS
release train. If a given release train is vulnerable, then the
earliest possible releases that contain the fix (along with the
anticipated date of availability for each, if applicable) are listed in
the "First Fixed Release" column of the table. The "Recommended
Release" column indicates the releases which have fixes for all the
published vulnerabilities at the time of this Advisory. A device
running a release in the given train that is earlier than the release
in a specific column (less than the First Fixed Release) is known to be
vulnerable. Cisco recommends upgrading to a release equal to or later
than the release in the "Recommended Releases" column of the table.

For further information about how Cisco IOS is built, numbered and
maintained, please see the following URL:
http://www.cisco.com/warp/public/620/1.html

+-------------------------------------------------------------+
| Major | Availability of Repaired Releases |
| Release | |
|------------+------------------------------------------------|
| Affected | | Recommended |
| 12.0-Based | First Fixed Release | Release |
| Release | | |
|------------+--------------------------------+---------------|
| 12.0 | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0DA | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0DB | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0DC | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0S | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0SC | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0SL | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0SP | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0ST | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0SX | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0SY | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0SZ | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0T | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0W | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0WC | 12.0(5)WC16 | |
|------------+--------------------------------+---------------|
| 12.0WT | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0XA | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XB | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0XC | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XD | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XE | Vulnerable; first fixed in | |
| | 12.1(27b)E2 | |
|------------+--------------------------------+---------------|
| 12.0XF | Vulnerable; contact TAC | |
|------------+--------------------------------+---------------|
| 12.0XG | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XH | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XI | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XJ | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0XK | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XL | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XM | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XN | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XQ | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XR | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XS | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.0XV | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.0XW | Not Vulnerable | |
|------------+--------------------------------+---------------|
| Affected | | Recommended |
| 12.1-Based | First Fixed Release | Release |
| Release | | |
|------------+--------------------------------+---------------|
| 12.1 | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1AA | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1AX | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1AY | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1AZ | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1CX | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1DA | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1DB | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1DC | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1E | 12.1(27b)E2 | |
|------------+--------------------------------+---------------|
| | | 12.1(22)EA10a |
| | | |
| 12.1EA | 12.1(22)EA10 | 12.1(22) |
| | | EA10b; |
| | | available |
| | | 13-Sept-07 |
|------------+--------------------------------+---------------|
| 12.1EB | Not Vulnerable | |
|------------+--------------------------------+---------------|
| | Vulnerable; first fixed in | 12.3(17b)BC8 |
| 12.1EC | 12.2(4)BC1 | |
| | | 12.3(21a)BC3 |
|------------+--------------------------------+---------------|
| 12.1EO | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1EU | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1EV | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1EW | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1EX | Vulnerable; first fixed in | |
| | 12.1(27b)E2 | |
|------------+--------------------------------+---------------|
| 12.1EY | Vulnerable; first fixed in | |
| | 12.1(27b)E2 | |
|------------+--------------------------------+---------------|
| 12.1EZ | Vulnerable; first fixed in | |
| | 12.1(27b)E2 | |
|------------+--------------------------------+---------------|
| 12.1GA | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1GB | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1T | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1XA | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1XB | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1XC | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1XD | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1XE | Vulnerable; first fixed in | |
| | 12.1(27b)E2 | |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XF | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XG | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| 12.1XH | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1XI | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XJ | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| 12.1XK | Not Vulnerable | |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XL | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XM | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| 12.1XN | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1XO | Not Vulnerable | |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XP | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XQ | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XR | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| 12.1XS | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XT | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XU | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1XV | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| 12.1XW | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1XX | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.1XY | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| 12.1XZ | Vulnerable; first fixed in | 12.2(46a) |
| | 12.2(26c); available 14-Aug-07 | |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1YA | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1YB | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1YC | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1YD | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1YE | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1YF | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| 12.1YG | Not Vulnerable | |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1YH | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.1YI | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| 12.1YJ | Not Vulnerable | |
|------------+--------------------------------+---------------|
| Affected | | Recommended |
| 12.2-Based | First Fixed Release | Release |
| Release | | |
|------------+--------------------------------+---------------|
| | 12.2(26c); available 14-Aug-07 | |
| | | |
| | 12.2(27c); available 14-Aug-07 | |
| | | |
| 12.2 | 12.2(28d); available 14-Aug-07 | 12.2(46a) |
| | | |
| | 12.2(29b); available 14-Aug-07 | |
| | | |
| | 12.2(46a); available 15-Aug-07 | |
|------------+--------------------------------+---------------|
| | | 12.4(12c) |
| | | |
| | | 12.4(3h) |
| | | |
| | | 12.4(5c) |
| | | |
| | | 12.4(8d); |
| | Vulnerable; first fixed in | available |
| 12.2B | 12.3(11)T12; available | 03-Sep-07 |
| | 16-Aug-07 | |
| | | 12.4(7f) |
| | | |
| | | 12.4(16) |
| | | |
| | | 12.4(10c) |
| | | |
| | | 12.4(13d) |
|------------+--------------------------------+---------------|
| 12.2BC | Not Vulnerable | |
|------------+--------------------------------+---------------|
| | | 12.3(23) |
| | | |
| | | 12.3(20a) |
| | | |
| | | 12.3(21b) |
| | | |
| | | 12.3(22a) |
| | Vulnerable; first fixed in | |
| 12.2BW | 12.3(23) | 12.3(18a) |
| | | |
| | | 12.3(19a); |
| | | available |
| | | 16-Aug-07 |
| | | |
| | | 12.3(17c); |
| | | available |
| | | 16-Aug-07 |
|------------+--------------------------------+---------------|
| | | 12.4(12c) |
| | | |
| | | 12.4(3h) |
| | | |
| | | 12.4(5c) |
| | | |
| | | 12.4(8d); |
| | Vulnerable; first fixed in | available |
| 12.2BY | 12.3(11)T12; available | 03-Sep-07 |
| | 16-Aug-07 | |
| | | 12.4(7f) |
| | | |
| | | 12.4(16) |
| | | |
| | | 12.4(10c) |
| | | |
| | | 12.4(13d) |
|------------+--------------------------------+---------------|
| 12.2BZ | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2CX | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2CY | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2CZ | Vulnerable; contact TAC | |
|------------+--------------------------------+---------------|
| 12.2DA | Not Vulnerable | |
|------------+--------------------------------+---------------|
| | | 12.4(12c) |
| | | |
| | | 12.4(3h) |
| | | |
| | | 12.4(5c) |
| | | |
| | | 12.4(8d); |
| | Vulnerable; first fixed in | available |
| 12.2DD | 12.3(11)T12; available | 03-Sep-07 |
| | 16-Aug-07 | |
| | | 12.4(7f) |
| | | |
| | | 12.4(16) |
| | | |
| | | 12.4(10c) |
| | | |
| | | 12.4(13d) |
|------------+--------------------------------+---------------|
| | | 12.4(12c) |
| | | |
| | | 12.4(3h) |
| | | |
| | | 12.4(5c) |
| | | |
| | | 12.4(8d); |
| | Vulnerable; first fixed in | available |
| 12.2DX | 12.3(11)T12; available | 03-Sep-07 |
| | 16-Aug-07 | |
| | | 12.4(7f) |
| | | |
| | | 12.4(16) |
| | | |
| | | 12.4(10c) |
| | | |
| | | 12.4(13d) |
|------------+--------------------------------+---------------|
| 12.2EU | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2EW | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2EWA | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2EX | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2EY | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2EZ | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2FX | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2FY | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2FZ | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2IXA | Vulnerable; first fixed in | 12.2(18)IXD1 |
| | 12.2(18)IXD1 | |
|------------+--------------------------------+---------------|
| 12.2IXB | Vulnerable; first fixed in | 12.2(18)IXD1 |
| | 12.2(18)IXD1 | |
|------------+--------------------------------+---------------|
| 12.2IXC | Vulnerable; first fixed in | 12.2(18)IXD1 |
| | 12.2(18)IXD1 | |
|------------+--------------------------------+---------------|
| 12.2IXD | 12.2(18)IXD1 | 12.2(18)IXD1 |
|------------+--------------------------------+---------------|
| 12.2IXE | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2JA | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2JK | Not Vulnerable | |
|------------+--------------------------------+---------------|
| 12.2MB | Not Vulnerable | |
|------------+--------------------------------+---------------|
| | 12.2(15)MC1 | |
| | | |
| | 12.2(15)MC2a | |
| | | |
| 12.2MC | 1

 

TOP