Datasheet
134
Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC
OL-2310-11
Caveats
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from
disabling the protocol or feature itself.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
• Some UDP packets that have the Terminal Access Controller Access Control System (TACACS)
port (49) as their destination might remain suspended in the interface queue. This problem occurs
when TACACS+ is configured. This problem is resolved in Release 12.1(26)E9. (CSCsb11698)
• With RCP enabled, a reload might occur when the system receives a spoofed RCP packet that
contains a specific data content. This problem is resolved in Release 12.1(26)E9. (CSCse05736)
Resolved General Caveats in Release 12.1(26)E8
• CSCse68138—Resolved in Release 12.1(26)E8.
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also
shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following
protocols or features:
–
Session Initiation Protocol (SIP)
–
Media Gateway Control Protocol (MGCP)
–
Signaling protocols H.323, H.254
–
Real-time Transport Protocol (RTP)
–
Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed
Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all
vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from
disabling the protocol or feature itself.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml