lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <200901141700.http@psirt.cisco.com>
Date: Wed, 14 Jan 2009 17:00:00 +0100
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Response: Cisco IOS Cross-Site Scripting
Vulnerabilities

http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml

Revision 1.0

For Public Release 2009 January 14 1600 UTC (GMT)

- ---------------------------------------------------------------------

Cisco Response
==============

Two separate Cisco IOS  Hypertext Transfer Protocol (HTTP) cross-site
scripting (XSS) vulnerabilities have been reported to Cisco by two
independent researchers. ProCheckup has posted a Security Advisory
titled "XSS on Cisco IOS HTTP Server" posted at 
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19

Cisco would like to thank Adrian Pastor and Richard J. Brain of
ProCheckUp and Nobuhiro Tsuji of NTT Data Security Corporation with
co-operation of JPCert.

This Cisco Security Response is posted at the following link: 
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml

Additional Information
======================

This response covers two separate cross-site scripting
vulnerabilities within the Cisco IOS Hypertext Transfer Protocol
(HTTP) server (including HTTP secure server - here after referred to
as purely HTTP Server) and applies to all Cisco products that run
Cisco IOS Software versions 11.0 through 12.4 with the HTTP server
enabled. A system that contains the IOS HTTP server or HTTP secure
server, but does not have it enabled, is not affected.

To determine if the HTTP server is running on your device, issue the
show ip http server status | include status and the show ip http
server secure status | include status commands at the prompt and look
for output similar to:

    Router#show ip http server status | include status
    HTTP server status: Enabled
    HTTP secure server status: Enabled

If the device is not running the HTTP server, you should see output
similar to:

    Router#show ip http server status | include status
    HTTP server status: Disabled
    HTTP secure server status: Disabled

These vulnerabilities are documented in the following Cisco bug IDs:

  * Cisco bug ID CSCsi13344 - XSS in IOS HTTP Server 
    Special Characters are not escaped in URL strings sent to the
    HTTP server.
  * Cisco bug ID CSCsr72301 - XSS in IOS HTTP Server (ping parameter)
    Special Characters are not escaped in URL strings sent to the
    HTTP server, via the ping parameter. The ping parameter is used
    both by external applications such as Router and Security Device
    Manager (SDM) as well as a direct HTTP session to Cisco IOS http
    server. This vulnerability affects 12.1E based trains and all
    Cisco IOS releases after 12.2(13)T.

These vulnerabilities are independent of each other. For a full
solution, download a Cisco IOS version that contains the fixes for
both Cisco bug IDs. These vulnerabilities have been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2008-3821.

Workaround
+---------

If the HTTP server is not used for any legitimate purposes on the
device, it is a best practice to disable it by issuing the following
commands in configure mode:

    no ip http server
    no ip http secure-server

If the HTTP server is required, it is a recommended best practice to
control which hosts may access the HTTP server to only trusted
sources. To control which hosts can access the HTTP server, you can
apply an access list to the HTTP server. To apply an access list to
the HTTP server, use the following command in global configuration
mode:

    ip http access-class {access-list-number | access-list-name}

The following example shows an access list that allows only trusted
hosts to access the Cisco IOS HTTP server:

    ip access-list standard 20
    permit 192.168.1.0 0.0.0.255
    remark "Above is a trusted subnet"
    remark "Add further trusted subnets or hosts below"

    ! (Note: all other access implicitly denied)
    ! (Apply the access-list to the http server)

    ip http access-class 20

For additional information on configuring the Cisco IOS HTTP server,
consult Using the Cisco Web Browser User Interface.

For additional information on cross-site scripting attacks and the
methods used to exploit these vulnerabilities, please refer to the
Cisco Applied Mitigation Bulletin "Understanding Cross-Site Scripting
(XSS) Threat Vectors", which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml

Further Problem Description
+--------------------------

This vulnerability is about escaping characters in the URL that are
sent to the HTTP server. This vulnerability is different from the
vulnerability reported in Cisco bug ID CSCsc64976. The fix for this
vulnerability is to escape special characters in the URL string 
echoed in the response generated by the web exec application.

Software Version and Fixes
+-------------------------

When considering software upgrades, also consult 
http://www.cisco.com/go/psirt and any subsequent advisories to 
determine exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center ("TAC") or your contracted
maintenance provider for assistance.

Each row of the Cisco IOS software table (below) describes a release
train and the platforms or products for which it is intended. If a
given release train is vulnerable, then the earliest possible
releases that contain the fix (the "First Fixed Release") and the
anticipated date of availability for each are listed in the "Rebuild"
and "Maintenance" columns. A device running a release in the given
train that is earlier than the release in a specific column (less
than the First Fixed Release) is known to be vulnerable. The release
should be upgraded at least to the indicated release or a later
version (greater than or equal to the First Fixed Release label).

For more information on the terms "Rebuild" and "Maintenance,"
consult the following URL: 
http://www.cisco.com/warp/public/620/1.html

+----------------------------------------+
|   Major    | Availability of Repaired  |
|  Release   |         Releases          |
|------------+---------------------------|
|  Affected  | First Fixed | Recommended |
| 12.0-Based |   Release   |   Release   |
|  Releases  |             |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0       | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0DA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0DB     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0DC     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | 12.0(33)S3; |             |
| 12.0S      | Available   |             |
|            | on          |             |
|            | 03-APR-2009 |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.0SC     | first fixed |             |
|            | in 12.0S    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.0SL     | first fixed |             |
|            | in 12.0S    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0SP     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.0ST     | first fixed |             |
|            | in 12.0S    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.0SX     | first fixed |             |
|            | in 12.0S    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.0SY     | first fixed |             |
|            | in 12.0S    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.0SZ     | first fixed |             |
|            | in 12.0S    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0T      | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.0(3c)W5  |
| 12.0W      | first fixed | (8)         |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0WC     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.0WT     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XB     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XC     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XD     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XE     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.0XF     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XG     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XH     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Releases    |             |
|            | prior to    |             |
|            | 12.0(4)XI2  |             |
|            | are         |             |
|            | vulnerable, |             |
| 12.0XI     | release     | 12.4(15)    |
|            | 12.0(4)XI2  | T812.4(23)  |
|            | and later   |             |
|            | are not     |             |
|            | vulnerable; |             |
|            | first fixed |             |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XJ     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XK     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XL     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XM     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XN     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XQ     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XR     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XS     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XT     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.0XV     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|  Affected  | First Fixed | Recommended |
| 12.1-Based |   Release   |   Release   |
|  Releases  |             |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1       | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1AA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.1AX     | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.1AY     | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.1AZ     | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1CX     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1DA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1DB     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1DC     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.1E      | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.1EA     | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
| 12.1EB     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(33)    |
| 12.1EC     | first fixed | SCA212.2    |
|            | in 12.3BC   | (33)SCB12.3 |
|            |             | (23)BC6     |
|------------+-------------+-------------|
| 12.1EO     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(31)    |
| 12.1EU     | first fixed | SGA912.2    |
|            | in 12.2SG   | (50)SG      |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(20)    |
| 12.1EV     | first fixed | S1212.2(33) |
|            | in 12.4     | SB312.4(15) |
|            |             | T812.4(23)  |
|------------+-------------+-------------|
|            |             | 12.2(31)    |
|            | Vulnerable; | SGA912.2    |
| 12.1EW     | first fixed | (50)SG12.4  |
|            | in 12.4     | (15)T812.4  |
|            |             | (23)        |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1EX     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.1EY     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1EZ     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1GA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1GB     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1T      | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XB     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XC     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XD     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XE     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XF     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XG     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XH     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XI     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XJ     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XL     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XM     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XP     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XQ     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XR     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XS     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XT     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XU     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XV     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XW     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XX     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XY     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1XZ     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1YA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1YB     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1YC     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1YD     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Releases    |             |
|            | prior to    |             |
|            | 12.1(5)YE6  |             |
|            | are         |             |
|            | vulnerable, |             |
| 12.1YE     | release     | 12.4(15)    |
|            | 12.1(5)YE6  | T812.4(23)  |
|            | and later   |             |
|            | are not     |             |
|            | vulnerable; |             |
|            | first fixed |             |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1YF     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.1YH     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.1YI     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.1YJ     | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|  Affected  | First Fixed | Recommended |
| 12.2-Based |   Release   |   Release   |
|  Releases  |             |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2       | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2B      | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            |             | 12.2(33)    |
|            | Vulnerable; | SCA212.2    |
| 12.2BC     | first fixed | (33)SCB12.3 |
|            | in 12.4     | (23)BC612.4 |
|            |             | (15)T812.4  |
|            |             | (23)        |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2BW     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(33)    |
| 12.2BX     | first fixed | SB312.4(15) |
|            | in 12.4     | T812.4(23)  |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2BY     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2BZ     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            |             | 12.2(33)    |
|            | Vulnerable; | SCA212.2    |
| 12.2CX     | first fixed | (33)SCB12.3 |
|            | in 12.4     | (23)BC612.4 |
|            |             | (15)T812.4  |
|            |             | (23)        |
|------------+-------------+-------------|
|            |             | 12.2(33)    |
|            | Vulnerable; | SCA212.2    |
| 12.2CY     | first fixed | (33)SCB12.3 |
|            | in 12.4     | (23)BC612.4 |
|            |             | (15)T812.4  |
|            |             | (23)        |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(20)    |
| 12.2CZ     | first fixed | S1212.2(33) |
|            | in 12.2SB   | SB3         |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2DA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2DD     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2DX     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(31)    |
| 12.2EW     | first fixed | SGA912.2    |
|            | in 12.2SG   | (50)SG      |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(31)    |
| 12.2EWA    | first fixed | SGA912.2    |
|            | in 12.2SG   | (50)SG      |
|------------+-------------+-------------|
| 12.2EX     | 12.2(40)EX  | 12.2(44)EX1 |
|------------+-------------+-------------|
|            | 12.2(44)EY; | 12.2(46)EY; |
| 12.2EY     | Available   | Available   |
|            | on          | on          |
|            | 30-JAN-2009 | 23-JAN-2009 |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2EZ     | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2FX     | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(44)    |
| 12.2FY     | first fixed | EX112.2(44) |
|            | in 12.2EX   | SE4         |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2FZ     | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
| 12.2IRA    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2IRB    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2IXA    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2IXB    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2IXC    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2IXD    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2IXE    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2IXF    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2IXG    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2JA     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2JK     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2MB     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2MC     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2S      | first fixed | 12.2(20)S12 |
|            | in 12.2SB   |             |
|------------+-------------+-------------|
|            | 12.2(33)    |             |
|            | SB12.2(31)  |             |
| 12.2SB     | SB14;       | 12.2(33)SB3 |
|            | Available   |             |
|            | on          |             |
|            | 16-JAN-2009 |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2SBC    | first fixed | 12.2(33)SB3 |
|            | in 12.2SB   |             |
|------------+-------------+-------------|
| 12.2SCA    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2SCB    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2SE     | 12.2(40)SE  | 12.2(44)SE4 |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2SEA    | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2SEB    | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2SEC    | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2SED    | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2SEE    | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2SEF    | first fixed | 12.2(44)SE4 |
|            | in 12.2SE   |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(44)    |
| 12.2SEG    | first fixed | EX112.2(44) |
|            | in 12.2EX   | SE4         |
|------------+-------------+-------------|
| 12.2SG     | 12.2(44)SG  | 12.2(50)SG  |
|------------+-------------+-------------|
| 12.2SGA    | 12.2(31)    | 12.2(31)    |
|            | SGA9        | SGA9        |
|------------+-------------+-------------|
| 12.2SL     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2SM     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SO     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SQ     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2SR     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2SRA    | migrate to  | 12.2(33)    |
|            | any release | SRC3        |
|            | in 12.2SRC  |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2SRB    | migrate to  | 12.2(33)    |
|            | any release | SRC3        |
|            | in 12.2SRC  |             |
|------------+-------------+-------------|
| 12.2SRC    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2SRD    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2STE    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2SU     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
| 12.2SV     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SVA    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SVC    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SVD    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SVE    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2SW     | first fixed | 12.4(15)T8  |
|            | in 12.4SW   |             |
|------------+-------------+-------------|
| 12.2SX     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SXA    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SXB    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SXD    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SXE    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SXF    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2SXH    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2SXI    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(20)    |
| 12.2SY     | first fixed | S1212.2(33) |
|            | in 12.2SB   | SB3         |
|------------+-------------+-------------|
|            | Vulnerable; | 12.2(20)    |
| 12.2SZ     | first fixed | S1212.2(33) |
|            | in 12.2SB   | SB3         |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2T      | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.2TPC    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XB     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XC     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XD     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XE     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            |             | 12.2(33)    |
|            | Vulnerable; | SCA212.2    |
| 12.2XF     | first fixed | (33)SCB12.3 |
|            | in 12.4     | (23)BC612.4 |
|            |             | (15)T812.4  |
|            |             | (23)        |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XG     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XH     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XI     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XJ     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XK     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XL     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XM     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            |             | 12.2(20)    |
|            |             | S1212.2(33) |
|            |             | SB312.2(33) |
| 12.2XN     | 12.2(33)XN1 | SRC312.2    |
|            |             | (33)        |
|            |             | XNA212.2    |
|            |             | (33r)SRD2   |
|------------+-------------+-------------|
| 12.2XNA    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2XNB    | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
|            | 12.2(46)XO; | 12.2(46)XO; |
| 12.2XO     | Available   | Available   |
|            | on          | on          |
|            | 02-FEB-2009 | 02-FEB-2009 |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XQ     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XR     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XS     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XT     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XU     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XV     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2XW     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2YA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.2YB     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YC     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YD     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YE     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YF     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YG     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YH     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YJ     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YK     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YL     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2YM     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
| 12.2YN     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YO     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2YP     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.2YQ     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YR     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YS     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.2YT     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YU     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YV     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YW     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YX     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YY     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2YZ     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2ZA     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2ZB     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Releases    |             |
|            | prior to    |             |
|            | 12.2(13)ZC  |             |
|            | are         |             |
| 12.2ZC     | vulnerable, |             |
|            | release     |             |
|            | 12.2(13)ZC  |             |
|            | and later   |             |
|            | are not     |             |
|            | vulnerable; |             |
|------------+-------------+-------------|
| 12.2ZD     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2ZE     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2ZF     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2ZG     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.2ZH     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.2ZJ     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2ZL     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2ZP     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2ZU     | migrate to  |             |
|            | any release |             |
|            | in 12.2SXH  |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.2ZX     | first fixed | 12.2(33)SB3 |
|            | in 12.2SB   |             |
|------------+-------------+-------------|
| 12.2ZY     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.2ZYA    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|  Affected  | First Fixed | Recommended |
| 12.3-Based |   Release   |   Release   |
|  Releases  |             |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3       | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3B      | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
| 12.3BC     | 12.3(23)BC6 | 12.3(23)BC6 |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3BW     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
| 12.3EU     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.3JA     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.3JEA    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.3JEB    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.3JEC    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3JK     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
| 12.3JL     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.3JX     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3T      | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
| 12.3TPC    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3VA     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XA     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.3XB     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XC     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XD     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XE     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
| 12.3XF     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XG     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3XI     | first fixed | 12.2(33)SB3 |
|            | in 12.2SB   |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3XJ     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XK     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XL     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XQ     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XR     | first fixed | T812.4(23)  |
|            | in 12.4     |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XS     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3XU     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3XW     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XX     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XY     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3XZ     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(15)    |
| 12.3YA     | first fixed | T812.4(23)  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YD     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YF     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YG     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YH     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YI     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YJ     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YK     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YM     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YQ     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YS     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YT     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YU     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3YX     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
| 12.3YZ     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.3ZA     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|  Affected  | First Fixed | Recommended |
| 12.4-Based |   Release   |   Release   |
|  Releases  |             |             |
|------------+-------------+-------------|
| 12.4       | 12.4(16)    | 12.4(23)    |
|------------+-------------+-------------|
| 12.4JA     | 12.4(16b)JA | 12.4(16b)   |
|            |             | JA1         |
|------------+-------------+-------------|
| 12.4JDA    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.4JK     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.4JL     | 12.4(3)JL1  | 12.4(3)JL1  |
|------------+-------------+-------------|
| 12.4JMA    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.4JMB    | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            | Vulnerable; | 12.4(16b)   |
| 12.4JX     | first fixed | JA1         |
|            | in 12.4JA   |             |
|------------+-------------+-------------|
| 12.4MD     | 12.4(15)MD  | 12.4(15)MD2 |
|------------+-------------+-------------|
| 12.4MR     | 12.4(16)MR  |             |
|------------+-------------+-------------|
| 12.4SW     | 12.4(11)SW3 | 12.4(15)T8  |
|------------+-------------+-------------|
| 12.4T      | 12.4(15)T   | 12.4(15)T8  |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.4XA     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.4XB     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.4XC     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.4XD     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.4XE     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
| 12.4XF     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.4XG     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.4XJ     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.4XK     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
| 12.4XL     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.4XM     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.4XN     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.4XP     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
| 12.4XQ     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.4XR     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
|            | Vulnerable; |             |
| 12.4XT     | first fixed | 12.4(15)T8  |
|            | in 12.4T    |             |
|------------+-------------+-------------|
| 12.4XV     | Vulnerable; |             |
|            | contact TAC |             |
|------------+-------------+-------------|
|            |             | 12.4(11)    |
|            |             | XW10;       |
| 12.4XW     | 12.4(11)XW3 | Available   |
|            |             | on          |
|            |             | 22-JAN-2009 |
|------------+-------------+-------------|
| 12.4XY     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.4XZ     | Not         |             |
|            | Vulnerable  |             |
|------------+-------------+-------------|
| 12.4YA     | Not         |             |
|            | Vulnerable  |             |
+----------------------------------------+

Status of this Notice: FINAL
============================

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.

Revision History
================

+---------------------------------------+
| Revision |                 | Initial  |
| 1.0      | 2009-January-14 | public   |
|          |                 | release  |
+---------------------------------------+

Cisco Security Procedures
=========================

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at 
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco 
security notices. All Cisco security advisories are available at 
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkluC58ACgkQ86n/Gc8U/uA6vACfY36eBjbCbnJsrnJlOCE0Mr6Y
JqUAn1TVyUvBk8lGTm94F+tvmZy4n3Ke
=cGUi
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ