Cisco has released software updates that address this vulnerability
for all the affected products except Cisco Business Edition 3000. Cisco
Business Edition 3000 should contact their Cisco representative for
When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Notices archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
The following table provides the first fixed release for each of the affected product:
||First Fixed Release
|| 188.8.131.523-6, 184.108.40.2065-4, 220.127.116.118-6, 18.104.22.168-9, 22.214.171.124-4, 126.96.36.199-4 and 188.8.131.529
|Cisco Business Edition 3000
|| Not available - Please contact Cisco TAC or your Cisco representative for available options
|Cisco Unified SIP Proxy
|Cisco MXE 3500 Series
|| 3.3.2 and apply StrutsPatch.zip
Cisco ISE is affected by additional vulnerabilities that are described in the Cisco Security Advisory at the following link:
Cisco ISE customers should consult that advisory before making a decision on the upgrade path.