Cisco IOS Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 25 Mar 2010 4712 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Cisco IOS software, which could be exploited by attackers to cause denial of service or execute arbitrary code.

1. Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability

2. Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability

3. Cisco IOS Software IPsec Vulnerability

4. Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

5. Cisco IOS Software H.323 Denial of Service Vulnerabilities

6. Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability

7. Cisco Unified Communications Manager Express Denial of Service Vulnerabilities

Impact

Denial of Service
Remote Code Execution

System / Technologies affected

Cisco IOS 12.x
Cisco IOS R12.x
Cisco IOS-XE 2.x
Cisco IOS XR 3.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Update to the fixed version:
http://www.cisco.com/warp/public/707/cisco-sa-20100324-bundle.shtml
Users with contracts should obtain upgraded software through regular update channels. Most users can obtain upgrades via the Software Center on Cisco's Worldwide Web site at http://www.cisco.com/.
Users without contracts should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows:
+1 800 553 2447 (toll-free call within North America)
+1 408 526 7209 (toll call from elsewhere in the world)
E-mail: [email protected]

Cisco IOS Multiple Vulnerabilities

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link