Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers (ASR), Cisco 4400 Series Integrated Services Routers (ISR), and Cisco Cloud Services Routers (CSR) 1000v Series contains the following vulnerabilities: Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability Cisco IOS XE Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco IOS XE Software Layer 4 Redirect Crafted Packet Denial of Service Vulnerability Cisco IOS XE Software Common Flow Table Crafted Packet Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to trigger a reload of the forwarding plane, causing an interruption of services. Repeated exploitation could result in a sustained denial of service (DoS) condition. Successful exploitation of Cisco IOS XE Software Crafted TCP Packet Remote Code Execution Vulnerability could allow an unauthenticated remote attacker to execute malicious code on the affected device. Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe Note: The March 25, 2015, Cisco IOS & XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS & XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html
Fragmented packets that may need ALG |
Fragmented packets that do not need ALG |
|
NAT/HSL |
Vulnerable |
Not Vulnerable |
NAT/HSL/zone-based policy firewall |
Vulnerable |
Vulnerable |
Router#show running-config | include ip nat
ip nat inside
ip nat outside
ip nat inside source static 192.168.1.100 10.0.0.1
Router#show running-config | include ip nat
ip nat inside
ip nat outside
ip nat inside source static 192.168.1.100 10.0.0.1 vrf sip
no ip nat service sip udp port 5060
no ip nat service sip tcp port 5060
Router#show running-config | include ip nat
ip nat inside
ip nat outside
ip nat inside source static 192.168.1.100 10.0.0.1
ip nat log translations flow-export v9 udp destination 10.10.0.1 1020 source GigabitEthernet 0/0/0
Router# show service-insertion appnav-controller-group
All AppNav Controller Groups in service context
Appnav Controller Group : acg
Member Appnav Controller Count : 2
Members:
IP Address
21.0.0.36
21.0.0.160
AppNav Controller : 21.0.0.36
Local AppNav Controller : Yes
Current status of AppNav Controller : Alive
Router# show running-config | include ipv6.(enable|address)
ipv6 enable ipv6 address dhcp rapid-commit
ipv6 address autoconfig ipv6 address MANAGEMENT ::1FFF:0:0:0:3560/128
ipv6 address 2001:DB8::1/64
Router# show running-config | include redirect
redirect server-group TEST_SERVER
redirect to group TEST_SERVER
Router#show policy-map type performance-monitor Service-policy performance-monitor input: mmon_policy
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
Total Packets classified: 0
Total Bytes classified: 0
Monitor AOR: disabled
Service-policy performance-monitor output: mmon_policy
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
Total Packets classified: 0
Total Bytes classified: 0
Monitor AOR: disabled ethernet 0/0
Router# show run | include nbar.+(teredo|ipv6inip)
ip nbar classification tunneled-traffic ipv6inip
ip nbar classification tunneled-traffic teredo
Router#show version
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 07-Aug-12 13:40 by mcpre
Router#show version running | section espbase
Package: espbase, version: 03.10.03.S.153-3.S3-ext, status: active
File: bootflash:packages/asr1001-espbase.03.10.03.S.153-3.S3-ext.pkg, on: ESP0
Built: 2014-06-01_11.45, by: mcpre
File SHA1 checksum: f07a15e85bdd0c23603504ea56994924ec9c0ea6
Vulnerability |
Major Release |
Extended Release |
First Fixed Release |
CSCuo25741 |
2.x |
-- |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
3.1 |
Yes |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.2 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.3 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.4 |
Yes |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.5 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.6 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.7 |
Yes |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.8 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.9 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.10 |
Yes |
3.10.4S |
|
3.11 |
No |
3.11.3S |
|
3.12 |
No |
3.12.1S |
|
3.13 |
Yes |
3.13.0S |
|
3.14 |
No | 3.14.0S |
|
3.15 |
No | 3.15.0S |
Vulnerability
|
Major Release
|
Extended Release
|
First Fixed Release
|
CSCuo53622
|
2.x
|
--
|
N/A
|
3.1
|
Yes
|
N/A
|
|
3.2
|
No
|
N/A
|
|
3.3
|
No
|
N/A
|
|
3.4
|
Yes
|
N/A
|
|
3.5
|
No
|
N/A
|
|
3.6
|
No
|
N/A
|
|
3.7
|
Yes
|
N/A
|
|
3.8
|
No
|
Vulnerable; migrate to 3.10.3S or one of fixed extended releases
|
|
3.9
|
No
|
Vulnerable; migrate to 3.10.3S or one of fixed extended releases
|
|
3.10
|
Yes
|
3.10.3S
|
|
3.11
|
No
|
3.11.3S
|
|
3.12
|
No
|
3.12.1S
|
|
3.13
|
Yes
|
3.13.0S
|
|
3.14 |
No | 3.14.0S | |
3.15 |
No | 3.15.0S |
Vulnerability |
Major Release |
Extended Release |
First Fixed Release |
CSCub68073 |
2.x |
-- |
Vulnerable; migrate to 3.10.0S or one of fixed extended releases |
3.1 |
Yes |
Vulnerable; migrate to 3.10.0S or one of fixed extended releases |
|
3.2 |
No |
Vulnerable; migrate to 3.10.0S or one of fixed extended releases |
|
3.3 |
No |
Vulnerable; migrate to 3.10.0S or one of fixed extended releases |
|
3.4 |
Yes |
Vulnerable; migrate to 3.10.0S or one of fixed extended releases |
|
3.5 |
No |
Vulnerable; migrate to 3.10.0S or one of fixed extended releases |
|
3.6 |
No |
Vulnerable; migrate to 3.10.0S or one of fixed extended releases |
|
3.7 |
Yes |
Vulnerable; migrate to 3.10.0S or one of fixed extended releases |
|
3.8 |
No |
Vulnerable; migrate to 3.10.0S or one of fixed extended releases |
|
3.9 |
No |
3.9.0S |
|
3.10 |
Yes |
3.10.0S |
|
3.11 |
No |
3.11.0S |
|
3.12 |
No |
3.12.0S |
|
3.13 |
Yes |
3.13.0S |
|
3.14 |
No | 3.14.0S | |
3.15 |
No | 3.15.0S |
Vulnerability |
Major Release |
Extended Release |
First Fixed Release |
CSCuq59131 |
2.x |
-- |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
3.1 |
Yes |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.2 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.3 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.4 |
Yes |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.5 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.6 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.7 |
Yes |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.8 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.9 |
No |
Vulnerable; migrate to 3.10.4S or one of fixed extended releases |
|
3.10 |
Yes |
3.10.4S |
|
3.11 |
No |
3.11.3S |
|
3.12 |
No |
3.12.2S |
|
3.13 |
Yes |
3.13.1S |
|
3.14 |
No | 3.14.0S | |
3.15 |
No | 3.15.0S |
Vulnerability |
Major Release |
Extended Release |
First Fixed Release |
CSCua79665 |
2.x |
-- |
N/A |
3.1 |
Yes |
N/A |
|
3.2 |
No |
N/A |
|
3.3 |
No |
N/A |
|
3.4 |
Yes |
N/A |
|
3.5 |
No |
N/A |
|
3.6 |
No |
None |
|
3.7 |
Yes |
3.7.1S |
|
3.8 |
No |
3.8.0S |
|
3.9 |
No |
3.9.0S |
|
3.10 |
Yes |
3.10.0S |
|
3.11 |
No |
3.11.0S |
|
3.12 |
No |
3.12.0S |
|
3.13 |
Yes |
3.13.0S |
|
3.14 |
No | 3.14.0S |
|
3.15 |
No | 3.15.0S |
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Version | Description | Section | Status | Date |
---|---|---|---|---|
1.2 | Updated to include additional bug ID. | Header, Details, Fixed Software | Final | 2018-February-23 |
1.1 | Edited Fixed Software section. | Fixed Software | Final | 2015-April-01 |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.