Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Cisco Security Advisory

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers

Advisory ID: cisco-sa-20131030-asr1000

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000

Revision 1.0

For Public Release 2013 October 30 16:00  UTC (GMT)


Summary

Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities:

  • Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability
  • Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability
  • Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability
  • Cisco IOS XE Software Malformed EoGRE Packet Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the embedded services processors (ESP) card or the route processor (RP) card, causing an interruption of services.
Repeated exploitation could result in a sustained DoS condition.

Note: Cisco IOS Software and Cisco IOS-XR Software are not affected by these vulnerabilities.

Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000

Affected Products

Cisco IOS XE Software for 1000 Series ASR contains multiple DoS vulnerabilities. Affected versions of Cisco IOS XE Software for 1000 Series ASR will vary depending on the specific vulnerability. Consult the Software Versions and Fixes section of this security advisory for more information about the affected versions.

Vulnerable Products

For specific version information, refer to the Software Versions and Fixes section of this advisory.

Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that could cause an affected device to reload when processing malformed ICMP error packets that belong to a TCP or UDP connection that is inspected by a Zone-Based Firewall (ZBFW). The ZBFW is not enabled by default.

To verify if a ZBFW is configured on a device, use the show policy-map type inspect zone-pair privileged EXEC command. The presence of Match: protocol tcp or Match: protocol udp and Inspect under the configured zone pair class map in the output of show policy-map type inspect zone-pair indicates that the ZBFW inspection for TCP or UDP protocols is configured.

The following output is for show policy-map type inspect zone-pair on Cisco IOS XE Software that is configured as a ZBFW:
Router#show policy-map type inspect zone-pair 
  Zone-pair: clients-servers 
  Service-policy inspect : clients-servers-policy

    Class-map: L4-inspect-class (match-any)  
      Match: protocol tcp
      Match: protocol udp
      Match: protocol icmp
      Inspect <output suppressed>
Note: Cisco IOS devices configured with a ZBFW are not affected by this vulnerability. Only Cisco ASR 1000 Series Aggregation Services Routers running affected versions of Cisco IOS XE Software are affected by this vulnerability.

Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that may cause an affected device to reload while processing Point-to-Point Tunneling Protocol (PPTP) packets that undergo Network Address Translation (NAT) and PPTP application layer gateway (ALG) inspection. An attacker could exploit this vulnerability by sending a large number of PPTP packets to traverse a device that is configured for NAT.

Cisco IOS XE Software may be affected by this vulnerability if NAT and PPTP ALG are enabled on an affected device; these services are not enabled by default.

PPTP ALG is enabled on a device when NAT is enabled. 

To determine whether NAT has been enabled in the Cisco IOS XE Software configuration, the ip nat inside or ip nat outside commands must be present in different interfaces and at least one ip nat global configuration command must be present in the configuration. 

The show running-config | include ip nat command can be used to determine whether NAT is present in the configuration, as illustrated in the following example of a vulnerable configuration:

asr1004#show running-config | include ip nat
 ip nat inside
 ip nat outside
ip nat inside source static 192.168.1.100 10.0.0.1
 

If the output is empty, the Cisco IOS XE Software release running on a given device is not vulnerable. If the output returned is not empty, PPTP ALG services may be explicitly disabled in the NAT configuration. To determine whether PPTP ALG is disabled in the NAT configuration, use the show run | include ip nat privileged EXEC command. The presence of no ip nat service pptp in the output of show run | include ip nat indicates that PPTP ALG is disabled in the NAT configuration.

The following is the output of show run | include ip nat in Cisco IOS XE Software that has the PPTP ALG disabled under NAT configuration:

      asr1004#show running-config | include ip nat
  ip nat inside
  ip nat outside
ip nat inside source static 192.168.1.100 10.0.0.1
no ip nat service pptp

Note: A configuration command to disable PPTP ALG in the NAT configuration is available in Cisco IOS XE Software versions 3.9 and above. On Cisco IOS XE Software versions prior to 3.9, there is no capability to disable PPTP ALG in the NAT configuration.

Cisco IOS devices configured for PPTP ALG inspection are not affected by this vulnerability. Only Cisco ASR 1000 Series Aggregation Services Routers running affected versions of Cisco IOS XE Software are affected by this vulnerability.


Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that may cause an affected device to reload while processing segmented TCP packets that undergo Network Address Translation (NAT). An attacker could exploit this vulnerability by sending TCP packets that are large after the segment reassembly is complete when these packets traverse a device that is configured for NAT.

TCP reassembly is enabled when NAT is enabled.

To determine whether NAT has been enabled in the Cisco IOS XE Software configuration, the ip nat inside or ip nat outside commands must be present in different interfaces and at least one ip nat global configuration command must be present in the configuration. 

The show running-config | include ip nat command can be used to determine whether NAT is present in the configuration, as illustrated in the following example of a vulnerable configuration:

asr1004#show running-config | include ip nat
 ip nat inside
 ip nat outside
ip nat inside source static 192.168.1.100 10.0.0.1
 

Only Cisco ASR 1000 Series Aggregation Services Routers with embedded services processor 100 (ASR1000-ESP100) and Cisco ASR1002-X Series Routers are affected by this vulnerability.

To determine whether a Cisco ASR 1000 device has ASR1000-ESP100 installed or is a Cisco ASR1002-X Series Router, administrators can issue the show inventory command. The following is the output of the show inventory in Cisco IOS XE Software running on a Cisco ASR 1006 Router with ASR1000-ESP100:


asr1006#show inventory 
NAME: "Chassis", DESCR: "Cisco ASR1006 Chassis"
PID: ASR1006          
NAME: "module F1", DESCR: "Cisco ASR1000 Embedded Services Processor, 10 0Gbps"
PID: ASR1000-ESP10 0    
<output suppressed>

Note: Cisco IOS devices configured for NAT are not affected by this vulnerability. Only Cisco ASR 1000 Series Aggregation Services Routers running affected versions of Cisco IOS XE Software are affected by this vulnerability.


Cisco IOS XE Software Malformed EoGRE Packet Denial of Service Vulnerability

Cisco IOS XE Software contains a vulnerability that may cause an affected device to reload while processing malformed IP version 4 (IPv4) or IP version 6 (IPv6) Ethernet over Generic Routing Encapsulation (EoGRE) packets on an interface configured with EoGRE. 
EoGRE is not enabled by default.

To determine whether EoGRE has been enabled in the Cisco IOS XE Software configuration, the tunnel mode ethernet gre ipv4 or tunnel mode ethernet gre ipv6 commands must be present on a tunnel interface configuration and at least one IP address must be configured on that interface.

The show running-config | include Tunnel|(tunnel mode|ip address .)  command can be used to determine whether EoGRE is present in the configuration, as illustrated in the following example of a vulnerable configuration:

asr1004#show running-config | include Tunnel|(tunnel mode|ip address .) 
interface Tunnel0
 ip address 192.168.1.1 255.255.255.0 tunnel mode ethernet gre ipv4

Note: Cisco IOS devices configured for EoGRE are not affected by this vulnerability. Only Cisco ASR 1000 Series Aggregation Services Routers running affected versions of Cisco IOS XE Software are affected by this vulnerability.

Determine the Running Software Version

The Cisco ASR 1000 Series Aggregation Services Routers IOS XE releases correspond to the Cisco IOS Software releases. For example, Cisco IOS XE Release 3.6.2S is the software release for Cisco ASR 1000 Series Aggregation Services Routers IOS Release 15.2(2)S2.
For more information about mappings between the Cisco IOS XE releases and their associated Cisco IOS releases, see the following:
http://www.cisco.com/en/US/docs/routers/asr1000/release/notes/asr1k_rn_intro.html 

To determine whether a vulnerable version of Cisco IOS XE Software is running on a device, administrators can issue the show version command. The following example shows Cisco IOS XE Software that is running IOS XE Software version 3.6.2S, which maps to Cisco IOS Software version 15.2(2)S2:

asr1004#show version 
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 07-Aug-12 13:40 by mcpre
<output suppressed>

Note: A Cisco IOS XE Software image consists of seven individual modules, also referred to as subpackages. The packages are designed to use the In-Service Software Upgrade (ISSU) capability of Cisco IOS XE Software. Customers can choose to upgrade only those packages that need to be upgraded. For more information about the Cisco IOS XE Software packaging, see the following:
http://www.cisco.com/en/US/partner/prod/collateral/routers/ps9343/product_bulletin_c25-448387.html

If the packages are upgraded individually, the output of the show version command may vary.


Products Confirmed Not Vulnerable

The products running Cisco IOS Software or Cisco IOS-XR Software are not affected by any of these vulnerabilities.

With the exception of Cisco IOS XE Software for 1000 Series Aggregation Services Routers, no other Cisco products are currently known to be affected by these vulnerabilities.

Details

The following section provides additional information about each vulnerability.

Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability

A vulnerability in the Zone-Based Firewall (ZBFW) TCP or UDP inspection feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper processing of malformed ICMP error packets traversing a vulnerable device that belong to a TCP or UDP connection that is inspected by a ZBFW. An attacker could exploit this vulnerability by sending a number of malformed ICMP error packets that belong to an inspected TCP or UDP session. An exploit could allow the attacker to cause a reload of the affected device, resulting in DoS condition.

This vulnerability is documented in Cisco bug ID CSCtt26470 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2013-5543.


Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability

A vulnerability in the PPTP ALG feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to the improper handling of PPTP packets that are being inspected as part of the NAT feature on Cisco IOS XE Software. An attacker could exploit this vulnerability by sending a large number of PPTP packets to traverse a vulnerable system that is configured for NAT.

A successful exploit could allow the attacker to cause a system to reload, resulting in a DoS condition. Repeated exploitation could result in a sustained DoS condition.

This vulnerability is documented in Cisco bug ID CSCuh19936 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2013-5545.


Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability

A vulnerability in TCP segment reassembly of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper processing of large TCP reassembled packets that are being processed by NAT and ALG features on the affected device. An attacker could exploit this vulnerability by sending a TCP packet that is large after the reassembly to traverse a vulnerable device. Only packets being handled by NAT and ALG features have a potential to cause an affected device to reload. An exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition.

This vulnerability is documented in Cisco bug ID CSCud72509 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2013-5546.


Cisco IOS XE Software Malformed EoGRE Packet Denial of Service Vulnerability

A vulnerability in the EoGRE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper processing of malformed EoGRE packets. An attacker could exploit this vulnerability by sending malformed IPv4 or IPv6 EoGRE packets to an affected device configured with an EoGRE interface; this vulnerability cannot be exploited by sending malformed EoGRE packets to traverse a vulnerable system. An exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition.

This vulnerability is documented in Cisco bug ID CSCuf08269 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2013-5547.

Vulnerability Scoring Details

Cisco has scored the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this security advisory is in accordance with CVSS version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability severity and helps organizations determine the urgency and priority of a response.

Cisco has provided a base and temporal score. Customers can also compute environmental scores that help determine the impact of the vulnerability in their own networks.

Cisco has provided additional information regarding CVSS at the following link:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to compute the environmental impact for individual networks at the following link:

http://intellishield.cisco.com/security/alertmanager/cvss




CSCtt26470 - Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability - Cisco IOS XE Software

Calculate the environmental score of CSCtt26470

CVSS Base Score - 7.8

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Network

Low

None

None

None

Complete

CVSS Temporal Score - 6.4

Exploitability

Remediation Level

Report Confidence

Functional

Official-Fix

Confirmed





CSCuh19936 - Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability - Cisco IOS XE Software

Calculate the environmental score of CSCuh19936

CVSS Base Score - 7.8

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Network

Low

None

None

None

Complete

CVSS Temporal Score - 6.4

Exploitability

Remediation Level

Report Confidence

Functional

Official-Fix

Confirmed





CSCud72509 - Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability - Cisco IOS XE Software

Calculate the environmental score of CSCud72509

CVSS Base Score - 7.8

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Network

Low

None

None

None

Complete

CVSS Temporal Score - 6.4

Exploitability

Remediation Level

Report Confidence

Functional

Official-Fix

Confirmed





CSCuf08269 - Cisco IOS XE Software Malformed EoGRE Packet Denial of Service Vulnerability - Cisco IOS XE Software

Calculate the environmental score of CSCuf08269

CVSS Base Score - 7.8

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Network

Low

None

None

None

Complete

CVSS Temporal Score - 6.4

Exploitability

Remediation Level

Report Confidence

Functional

Official-Fix

Confirmed


Impact

Successful exploitation of any of the following vulnerabilities may allow a remote, unauthenticated attacker to reload the embedded services processors (ESP) card, causing service interruption:

  • Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability
  • Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability
  • Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability
Repeated exploitation could result in a sustained DoS condition.

Note: In scenarios where dual ESP cards are present on the affected system, both ESP cards may reload.


Successful exploitation of the Cisco IOS XE Software Malformed EoGRE Packet Denial of Service Vulnerability may allow a remote, unauthenticated attacker to trigger a reload of both the ESP card and route processor (RP) card, causing service interruption:

Repeated exploitation could result in a sustained DoS condition.

Note: In scenarios where dual ESP or RP cards are present on the affected system, both ESP and RP cards may reload.

Software Versions and Fixes

When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. 

Each Cisco IOS XE Software release is classified as either a Standard Support or an Extended Support release. A Standard Support release has a total engineering support lifetime of one year, with two scheduled rebuilds. The Extended Support release provides a total engineering support lifetime of two years, with four scheduled rebuilds. 
For more information about the Cisco IOS XE Software End-of-Life policy and associated support milestones for specific Cisco IOS XE Software releases, see:

Cisco IOS XE Software Support Timeline up to IOS XE 3.9S and Cisco IOS XE Software Support Timeline Starting with Cisco IOS XE Software Release 3.10S


Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability

Vulnerability Major Release
Extended Release First Fixed Release
CSCtt26470

2.x  -
Not affected
3.1 Yes Not affected
3.2 No
Not affected
3.3 No
Not affected
3.4 Yes
3.4.2S
3.5 No
3.5.1S
3.6 No Not affected
3.7 Yes
Not affected
3.8 No Not affected
3.9 No Not affected
3.10 Yes Not affected


Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability

Vulnerability Major Release
Extended Release First Fixed Release
CSCuh19936

2.x  -
Not affected
3.1 Yes Not affected
3.2 No
Not affected
3.3 No
Not affected
3.4 Yes
Not affected
3.5 No
Not affected
3.6 No Not affected
3.7 Yes
Not affected
3.8 No Not affected
3.9  No 3.9.2S
3.10 Yes Not affected


Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability

Vulnerability Major Release
Extended Release First Fixed Release
CSCud72509

2.x  -
Not affected
3.1 Yes Not affected
3.2 No
Not affected
3.3 No
Not affected
3.4 Yes
Not affected
3.5 No
Not affected
3.6 No Not affected
3.7 Yes
3.7.3S
3.8 No 3.8.1S
3.9 No Not affected
3.10 Yes Not affected


Cisco IOS XE Software Malformed EoGRE Packet Denial of Service Vulnerability

Vulnerability Major Release
Extended Release First Fixed Release
CSCuf08269

2.x  -
Not affected
3.1 Yes Not affected
3.2 No
Not affected
3.3 No
Not affected
3.4 Yes
Not affected
3.5 No
Not affected
3.6 No Not affected
3.7 Yes
Not affected
3.8 No Not affected
3.9 No 3.9.2S
3.10 Yes Not affected

Recommended Releases

The Recommended Release table lists the releases that have fixes for all the published vulnerabilities at the time of this advisory. Cisco recommends upgrading to a release equal to or later than the release in the following table.

Affected Release

Recommended Release

Extended Release

2.x Not vulnerable
 -
3.1 Not vulnerable
Yes
3.2 Not vulnerable
No
3.3 Not vulnerable
No
3.4 3.4.2S
Yes 
3.5 3.5.1S
No
3.6 Not vulnerable 
No
3.7 3.7.3S Yes
3.8 3.8.1S No
3.9 3.9.2S No
3.10 Not vulnerable
Yes




Workarounds

No workarounds are available to mitigate these vulnerabilities.

Obtaining Fixed Software

Cisco has released free software updates that address the vulnerabilities described in this advisory. Prior to deploying software, customers are advised to consult their maintenance providers or check the software for feature set compatibility and known issues that are specific to their environments.

Customers may only install and expect support for feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html.

Customers with Service Contracts

Customers with contracts should obtain upgraded software through their regular update channels. For most customers, upgrades should be obtained through the Software Navigator on Cisco.com at http://www.cisco.com/cisco/software/navigator.html.

Customers Using Third-Party Support Organizations

Customers with Cisco products that are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers, should contact that organization for assistance with the appropriate course of action.

The effectiveness of any workaround or fix depends on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Because of the variety of affected products and releases, customers should consult their service providers or support organizations to ensure that any applied workaround or fix is the most appropriate in the intended network before it is deployed.

Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC):

  • +1 800 553 2447 (toll free from within North America)
  • +1 408 526 7209 (toll call from anywhere in the world)
  • e-mail: tac@cisco.com

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Customers without service contracts should request free upgrades through the TAC.

Refer to Cisco Worldwide Contacts at http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, instructions, and e-mail addresses for support in various languages.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability and Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability were discovered during the resolution of customer support cases.

The remaining vulnerabilities described in this security advisory were discovered during internal security testing.

Status of This Notice: Final

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.


Distribution

This advisory is posted on Cisco Security Intelligence Operations at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000

Additionally, a text version of this advisory is clear signed with the Cisco PSIRT PGP key and circulated among the following e-mail addresses:

  • cust-security-announce@cisco.com
  • first-bulletins@lists.first.org
  • bugtraq@securityfocus.com
  • vulnwatch@vulnwatch.org
  • cisco@spot.colorado.edu
  • cisco-nsp@puck.nether.net
  • full-disclosure@lists.grok.org.uk

Future updates of this advisory, if any, will reside on Cisco.com but may not be announced on mailing lists. Users can monitor this advisory's URL for any updates.


Revision History

Revision 1.0 2013-October-30 Initial public release

Cisco Security Procedures

Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html. This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at http://www.cisco.com/go/psirt.


Download this document (PDF)
View Printable Version