-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager Advisory ID: cisco-sa-20070808-IOS-voice http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml Revision 1.0 For Public Release 2007 August 08 1600 UTC (GMT) - ----------------------------------------------------------------------- Summary ======= Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features: * Session Initiation Protocol (SIP) * Media Gateway Control Protocol (MGCP) * Signaling protocols H.323, H.254 * Real-time Transport Protocol (RTP) * Facsimile reception Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory. There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml. Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The advisories all affect IOS, one additionally affects Cisco Unified Communications Manager as well. Each advisory lists the releases that correct the vulnerability described in the advisory, and the advisories also detail the releases that correct the vulnerabilities in all four advisories. Individual publication links are listed below: * Cisco IOS Information Leakage Using IPv6 Routing Header http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml * Cisco IOS Next Hop Resolution Protocol Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml * Cisco IOS Secure Copy Authorization Bypass Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml * Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml * Cisco Unified MeetingPlace XSS Vulnerability http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml Affected Products ================= These vulnerabilities only affect devices running Cisco IOS that have voice services enabled. The only exception is the vulnerability documented as Cisco bug ID CSCsi80102, which also exists on Cisco Unified Communications Manager. Vulnerable Products +------------------ To determine the software running on a Cisco IOS product, log in to the device and issue the "show version" command to display the system banner. Cisco IOS software will identify itself as "Internetwork Operating System Software" or simply "IOS." On the next line of output, the image name will be displayed between parentheses, followed by "Version" and the Cisco IOS release name. Other Cisco devices will not have the "show version" command, or will give different output. The following example shows output from a device running an IOS image: Router>show version Cisco IOS Software, 7200 Software (C7200-IK9S-M), Version 12.3(14)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Thu 31-Mar-05 08:04 by yiyan Additional information about Cisco IOS release naming is available at the following link: http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_white_paper09186a008018305e.shtml. SIP-related vulnerabilities +-------------------------- Any Cisco device that runs a vulnerable version of IOS and supports SIP processing could be vulnerable. This includes IOS versions 12.3(4)XH, 12.3(4)XQ, 12.3(7)XR, 12.3(7)XS, 12.3(8)JA, 12.3(8)T, 12.3(8)XU, 12.3 (8)XW, 12.3(8)XX, 12.3(8)XY, 12.3(8)YA, 12.3(8)YG, 12.3(8)YH, 12.3(8) YI, 12.3(8)ZA, 12.4 Mainline and 12.4T onward. Routers that are configured as SIP Public Switched Telephone Network (PSTN) Gateways and SIP Session Border Controllers (SBCs) are vulnerable. The CAT6000-CMM card is also vulnerable. To determine if the device has SIP enabled, enter the commands "show ip sockets" and "show tcp brief all". In some newer IOS releases the command "show ip sockets" is removed. If that is the case use "show udp". The output is identical to the "show ip sockets" command. Router#show ip sockets Proto Remote Port Local Port In Out Stat TTY OutputIF 17 0.0.0.0 0 --any-- 5060 0 0 211 0 17 0.0.0.0 0 192.168.100.2 67 0 0 2211 0 17 0.0.0.0 0 192.168.100.2 2517 0 0 11 0 The first line with UDP Port 5060 shows that UDP SIP is enabled. Router#show tcp brief all TCB Local Address Foreign Address (state) 2051E680 *.5060 *.* LISTEN The above lines with *.5060 show that TCP SIP is enabled. The device is vulnerable even if it does not have SIP explicitly configured. If the output of the "show ip sockets" command is showing that the device is listening to port 5060, then the device is vulnerable. MGCP-related vulnerabilities +--------------------------- To determine whether MGCP is configured on an IOS device, look for either of the following lines in in the Cisco IOS configuration: Router#show running config .... voice-port 1/1/1 ! mgcp ! dial-peer voice 1 pots service mgcpapp port 1/1/1 or Router#show running config .... controller T1 1/1 framing sf linecode ami pri-group timeslots 1-24 service mgcp or Router#show running config .... controller T1 1/1 framing sf linecode ami ds0-group 0 timeslots 1-24 type none service mgcp The exact port numbers may vary in the configuration. H.323 signaling-related vulnerabilities +-------------------------------------- To determine whether H.323 is configured on an IOS device, look for either of the following lines in the Cisco IOS configuration. For Cisco bug ID CSCsi60004 this configuration is vulnerable: Router#show running config | include proxy proxy h323 For Cisco bug ID CSCsg70474 this configuration is vulnerable: Router#show running config | include inspect ip inspect name H323_protocol h323 ip inspect H323_protocol in Real-time Transport Protocol-related vulnerabilities +--------------------------------------------------- No particular configuration is required to enable RTP because this protocol is invoked when audio or video information is transmitted. H.323, MGCP, SIP, or H.320 protocols must be processing packets for a router to process RTP packets. Note: These vulnerabilities only affect sessions terminating or originating on a device itself, not transit traffic; for example, traffic that passes through a device, but is destined elsewhere is not affected. Facsimile reception vulnerability +-------------------------------- The IOS device will listen to incoming facsimile transmission by default if the Digital Signal Processor (DSP) is present. To determine the presence of DSP on a device, execute the following command: Note: This vulnerability only affects sessions terminating or originating on a device itself, not transit traffic; for example, traffic that passes through a device, but is destined elsewhere is not affected. Router#show voice dsp DSP DSP DSPWARE CURR BOOT PAK TX/RX TYPE NUM CH CODEC VERSION STATE STATE RST AI VOICEPORT TS ABORT PACK COUNT ==== === == ======== ======= ===== ======= === == ========= == ===== =========== C542 001 01 None 7.4.1 IDLE idle 0 0 1/1/0 NA 0 598/607 C542 002 01 None 7.4.1 IDLE idle 0 0 1/1/1 NA 0 591/588 The above example shows that DSP is present on the device. Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. The following devices are known not to be affected: * Cisco Unified Communications Manager (with the exception of CSCsi80102) * Cisco IP Phone Details ======= Details for vulnerabilities are grouped by category and impact. SIP-related vulnerabilities +-------------------------- SIP is a protocol that is used to establish, modify, and terminate multimedia sessions. Most commonly, SIP is used for Internet telephony. SIP call signaling can use UDP (User Datagram Protocol) or TCP (Transport Control Protocol) as an underlying transport protocol. In all cases vulnerabilities can be triggered by processing a malformed SIP packet. A malformed SIP packet may cause a vulnerable device to crash and may allow arbitrary code to be executed. These vulnerabilities are documented as the following Cisco Bug IDs: * CSCsi80749 Crash while processing malformed SIP packet * CSCsi80102 CUCM - Crash while processing malformed SIP packet A malformed SIP packet may cause a memory leak and device crash. These vulnerabilities are documented as the following Cisco Bug IDs: * CSCsf11855 Crash while processing malformed SIP packet * CSCeb21064 Crash while processing malformed SIP packet * CSCse40276 Router crashed by malformed SIP message * CSCse68355 Router crashed by malformed SIP packet * CSCsf30058 Memory leak when processing malformed SIP message * CSCsb24007 Memory corruption and unexpected reload on receiving a SIP packet * CSCsc60249 Crash while processing malformed SIP packet MGCP-related vulnerabilities +--------------------------- MGCP is a protocol for controlling media gateways from external call control elements such as Media Gateway Controllers or Call Agents. A media gateway is typically a network element that provides conversion between the audio signals carried on telephone circuits and data packets carried over the Internet or over other packet networks. In a Cisco environment, a media gateway is used between the Cisco Communications Manager and the Cisco router and servers as a voice gateway. A specially crafted MGCP packet can cause a vulnerable device to crash or become unresponsive. The unresponsive device will not be able to establish new telephone calls, and a reboot is required to restore normal operation. These vulnerabilities are documented as the following Cisco Bug IDs: * CSCsf08998 MGCP stop responding after receiving malformed packet * CSCsd81407 Router crash on receiving abnormal MGCP messages H.323-signaling related vulnerabilities +-------------------------------------- H.323 is an ITU (International Telecommunications Union) set of recommendations for multimedia communication and signaling in networks that use Internet Protocol. A malformed H.323 packet can crash a vulnerable device. These vulnerabilities are documented as the following Cisco Bug IDs: * CSCsi60004 H323 Proxy Unregistration from Gatekeeper * CSCsg70474 IOS FW with h323 inspect crashes when malformed H.323 packets received Real-time Transport Protocol-related vulnerabilities +--------------------------------------------------- RTP is a protocol that is designed to provide delivery services for data with real-time characteristics, such as interactive audio and video. A malformed RTP packet can cause a vulnerable device to crash. These vulnerabilities are documented as the following Cisco Bug IDs: * CSCse68138 Issue in handling specific packets in VOIP RTP Lib * CSCse05642 I/O memory corruption crash on a router Facsimile reception vulnerability +-------------------------------- Reception of a large packet can cause a vulnerable device to crash. This vulnerability is documented as the following Cisco Bug ID: * CSCej20505 Router hangs with overly large packet Vulnerability Scoring Details +---------------------------- Cisco is providing scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 1.0. Cisco will provide a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco PSIRT will set the bias in all cases to normal. Customers are encouraged to apply the bias parameter when determining the environmental impact of a particular vulnerability. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html. Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss. Note: To make this document more readable, individual CVSS scores for vulnerabilities are not shown. Instead, the vulnerabilities are grouped according to the score. The following SIP-related vulnerabilities have identical CVSS scoring: * CSCsi80749 Crash while processing malformed SIP packet * CSCsi80102 CUCM - Crash while processing malformed SIP packet CVSS Base Score - 10 Access Vector - Remote Access Complexity - Low Authentication - Not Required Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete Impact Bias - Normal CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed The following SIP-related vulnerabilities have identical CVSS scoring: * CSCsf11855 Crash while processing malformed SIP packet * CSCeb21064 Crash while processing malformed SIP packet * CSCse40276 Router crashed by malformed SIP message * CSCse68355 Router crashed by malformed SIP message * CSCsf30058 Memory leak when processing malformed SIP message * CSCsb24007 Memory corruption and unexpected reload on receiving a SIP packet * CSCsc60249 Crash while processing malformed SIP packet CVSS Base Score - 3.3 Access Vector - Remote Access Complexity - Low Authentication - Not Required Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete Impact Bias - Normal CVSS Temporal Score - 2.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed The following MGCP-related vulnerabilities have identical CVSS scoring: * CSCsf08998 MGCP stop responding after receiving malformed packet * CSCsd81407 Router crash on receiving abnormal MGCP messages CVSS Base Score - 3.3 Access Vector - Remote Access Complexity - Low Authentication - Not Required Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete Impact Bias - Normal CVSS Temporal Score - 2.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed The following H.323 signaling-related vulnerabilities have identical CVSS scoring * CSCsi60004 H323 Proxy Unregistration from Gatekeeper * CSCsg70474 IOS FW with h323 inspect crashes when malformed H.323 packets received CVSS Base Score - 3.3 Access Vector - Remote Access Complexity - Low Authentication - Not Required Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete Impact Bias - Normal CVSS Temporal Score - 2.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed The following RTP-related vulnerabilities have identical CVSS scoring * CSCse68138 Issue in handling specific packets in VOIP RTP Lib * CSCse05642 I/O memory corruption crash on a router CVSS Base Score - 3.3 Access Vector - Remote Access Complexity - Low Authentication - Not Required Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete Impact Bias - Normal CVSS Temporal Score - 2.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CVSS score for the facsimile reception vulnerability * CSCej20505 Router hangs with overly large packet CVSS Base Score - 3.3 Access Vector - Remote Access Complexity - Low Authentication - Not Required Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete Impact Bias - Normal CVSS Temporal Score - 2.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== The impacts associated with individual vulnerabilities are listed according to vulnerability type. If not specifically called out, all vulnerabilities within the same category have an identical impact. SIP-related vulnerabilities +-------------------------- Successful exploitation of the vulnerabilities listed as Cisco Bug ID CSCsi80749 and CSCsi80102 can potentially lead to remote code execution. Successful exploitation of other SIP-related vulnerabilities listed in this advisory can cause the affected device to crash. Repeated exploitation could result in a sustained denial of service (DoS) attack. MGCP-related vulnerabilities +--------------------------- Successful exploitation of the vulnerability listed as Cisco Bug ID CSCsf08998 can cause the affected device to become unresponsive. The device will not be able to establish any new connections, and a reboot is required to restore normal functionality. Successful exploitation of the vulnerability listed as Cisco Bug ID CSCsd81407 can cause the affected device to crash. Repeated exploitation could result in a sustained denial of service (DoS) attack. H.323 Signaling-related vulnerabilities +-------------------------------------- Successful exploitation of the vulnerabilities listed in this advisory can cause the affected device to crash. Repeated exploitation could result in a sustained denial of service (DoS) attack. Real-time Transport Protocol-related vulnerabilities +--------------------------------------------------- Successful exploitation of the vulnerabilities listed in this advisory can cause the affected device to crash. Repeated exploitation could result in a sustained denial of service (DoS) attack. Facsimile reception vulnerability +-------------------------------- Successful exploitation of the vulnerability listed in this advisory can cause the affected device to crash. Repeated exploitation could result in a sustained denial of service (DoS) attack. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center ("TAC") or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. For further information about how Cisco IOS is built, numbered and maintained, please see the following URL: http://www.cisco.com/warp/public/620/1.html +-------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------| | Affected | | Recommended | | 12.0-Based | First Fixed Release | Release | | Release | | | |------------+--------------------------------+---------------| | 12.0 | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0DA | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0DB | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0DC | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0S | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0SC | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0SL | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0SP | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0ST | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0SX | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0SY | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0SZ | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0T | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0W | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0WC | 12.0(5)WC16 | | |------------+--------------------------------+---------------| | 12.0WT | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0XA | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XB | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0XC | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XD | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XE | Vulnerable; first fixed in | | | | 12.1(27b)E2 | | |------------+--------------------------------+---------------| | 12.0XF | Vulnerable; contact TAC | | |------------+--------------------------------+---------------| | 12.0XG | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XH | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XI | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XJ | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0XK | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XL | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XM | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XN | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XQ | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XR | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XS | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.0XV | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.0XW | Not Vulnerable | | |------------+--------------------------------+---------------| | Affected | | Recommended | | 12.1-Based | First Fixed Release | Release | | Release | | | |------------+--------------------------------+---------------| | 12.1 | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1AA | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1AX | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1AY | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1AZ | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1CX | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1DA | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1DB | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1DC | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1E | 12.1(27b)E2 | | |------------+--------------------------------+---------------| | | | 12.1(22)EA10a | | | | | | 12.1EA | 12.1(22)EA10 | 12.1(22) | | | | EA10b; | | | | available | | | | 13-Sept-07 | |------------+--------------------------------+---------------| | 12.1EB | Not Vulnerable | | |------------+--------------------------------+---------------| | | Vulnerable; first fixed in | 12.3(17b)BC8 | | 12.1EC | 12.2(4)BC1 | | | | | 12.3(21a)BC3 | |------------+--------------------------------+---------------| | 12.1EO | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1EU | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1EV | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1EW | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1EX | Vulnerable; first fixed in | | | | 12.1(27b)E2 | | |------------+--------------------------------+---------------| | 12.1EY | Vulnerable; first fixed in | | | | 12.1(27b)E2 | | |------------+--------------------------------+---------------| | 12.1EZ | Vulnerable; first fixed in | | | | 12.1(27b)E2 | | |------------+--------------------------------+---------------| | 12.1GA | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1GB | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1T | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1XA | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1XB | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1XC | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1XD | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1XE | Vulnerable; first fixed in | | | | 12.1(27b)E2 | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XF | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XG | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.1XH | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1XI | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XJ | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.1XK | Not Vulnerable | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XL | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XM | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.1XN | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1XO | Not Vulnerable | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XP | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XQ | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XR | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.1XS | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XT | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XU | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1XV | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.1XW | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1XX | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.1XY | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | 12.1XZ | Vulnerable; first fixed in | 12.2(46a) | | | 12.2(26c); available 14-Aug-07 | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1YA | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1YB | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1YC | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1YD | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1YE | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1YF | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.1YG | Not Vulnerable | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1YH | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.1YI | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.1YJ | Not Vulnerable | | |------------+--------------------------------+---------------| | Affected | | Recommended | | 12.2-Based | First Fixed Release | Release | | Release | | | |------------+--------------------------------+---------------| | | 12.2(26c); available 14-Aug-07 | | | | | | | | 12.2(27c); available 14-Aug-07 | | | | | | | 12.2 | 12.2(28d); available 14-Aug-07 | 12.2(46a) | | | | | | | 12.2(29b); available 14-Aug-07 | | | | | | | | 12.2(46a); available 15-Aug-07 | | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2B | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | 12.2BC | Not Vulnerable | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2BW | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2BY | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | 12.2BZ | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2CX | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2CY | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2CZ | Vulnerable; contact TAC | | |------------+--------------------------------+---------------| | 12.2DA | Not Vulnerable | | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2DD | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2DX | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | 12.2EU | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2EW | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2EWA | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2EX | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2EY | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2EZ | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2FX | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2FY | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2FZ | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2IXA | Vulnerable; first fixed in | 12.2(18)IXD1 | | | 12.2(18)IXD1 | | |------------+--------------------------------+---------------| | 12.2IXB | Vulnerable; first fixed in | 12.2(18)IXD1 | | | 12.2(18)IXD1 | | |------------+--------------------------------+---------------| | 12.2IXC | Vulnerable; first fixed in | 12.2(18)IXD1 | | | 12.2(18)IXD1 | | |------------+--------------------------------+---------------| | 12.2IXD | 12.2(18)IXD1 | 12.2(18)IXD1 | |------------+--------------------------------+---------------| | 12.2IXE | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2JA | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2JK | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2MB | Not Vulnerable | | |------------+--------------------------------+---------------| | | 12.2(15)MC1 | | | | | | | | 12.2(15)MC2a | | | | | | | 12.2MC | 12.2(15)MC2i | 12.2(15)MC2j | | | | | | | 12.2(8)MC1 | | | | | | | | 12.2(8)MC2 | | |------------+--------------------------------+---------------| | | 12.2(14)S19 | | | | | | | | 12.2(18)S13 | | | | | 12.2(25)S13 | | 12.2S | 12.2(20)S13 | | | | | 12.2(14)S19 | | | 12.2(25)S13 | | | | | | | | 12.2(30)S | | |------------+--------------------------------+---------------| | | | 12.2(28)SB9; | | | 12.2(28)SB1 | available | | 12.2SB | | 15-Aug-07 | | | 12.2(31)SB6 | | | | | 12.2(31)SB6 | |------------+--------------------------------+---------------| | | | 12.2(28)SB9; | | | Vulnerable; first fixed in | available | | 12.2SBC | 12.2(28)SB1 | 15-Aug-07 | | | | | | | | 12.2(31)SB6 | |------------+--------------------------------+---------------| | 12.2SE | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SEA | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SEB | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SEC | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SED | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SEE | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SEF | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SEG | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SG | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SGA | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SL | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SM | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SO | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SRA | 12.2(33)SRA5 | 12.2(33)SRA5 | |------------+--------------------------------+---------------| | | 12.2(33)SRB2; available | 12.2(33)SRB2; | | 12.2SRB | 31-Aug-07 | available | | | | 31-Aug-07 | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2SU | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | 12.2(22)SV | | | | | | | | 12.2(23)SV | | | | | | | | 12.2(24)SV | | | | | | | | 12.2(25)SV | | | | | 12.2(29)SV4; | | 12.2SV | 12.2(27)SV2 | available | | | | 14-Oct-07 | | | 12.2(27)SV3 | | | | | | | | 12.2(28)SV1 | | | | | | | | 12.2(29)SV | | | | | | | | 12.2(29a)SV | | |------------+--------------------------------+---------------| | 12.2SVA | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SVC | Vulnerable; contact TAC | | |------------+--------------------------------+---------------| | | 12.2(20)SW | | | | | | | | 12.2(21)SW | | | | | | | 12.2SW | 12.2(21)SW1 | 12.2(25)SW11 | | | | | | | 12.2(25)SW10 | | | | | | | | 12.2(25)SW11 | | |------------+--------------------------------+---------------| | 12.2SX | Vulnerable; first fixed in | | | | 12.2(18)SXF10 | | |------------+--------------------------------+---------------| | 12.2SXA | Vulnerable; first fixed in | | | | 12.2(18)SXF10 | | |------------+--------------------------------+---------------| | 12.2SXB | Vulnerable; first fixed in | 12.2(18)SXF10 | | | 12.2(18)SXF10 | | |------------+--------------------------------+---------------| | 12.2SXD | Vulnerable; contact TAC | | |------------+--------------------------------+---------------| | 12.2SXE | Vulnerable; first fixed in | 12.2(18)SXF10 | | | 12.2(18)SXF10 | | |------------+--------------------------------+---------------| | 12.2SXF | 12.2(18)SXF10 | 12.2(18)SXF10 | |------------+--------------------------------+---------------| | 12.2SXH | Not Vulnerable | | |------------+--------------------------------+---------------| | 12.2SY | Not Vulnerable | | |------------+--------------------------------+---------------| | | Vulnerable; first fixed in | 12.2(25)S13 | | 12.2SZ | 12.2(30)S | | | | | 12.2(14)S19 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2T | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.2TPC | 12.2(8)TPC10c; available | 12.2(8)TPC10c | | | 17-Aug-07 | | |------------+--------------------------------+---------------| | 12.2UZ | Not Vulnerable | | |------------+--------------------------------+---------------| | | | 12.2(28)SB9; | | | Vulnerable; first fixed in | available | | 12.2VZ | 12.2(31)SB6 | 15-Aug-07 | | | | | | | | 12.2(31)SB6 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XA | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XB | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2XC | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XD | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XE | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.2XF | Not Vulnerable | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XG | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XH | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XI | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XJ | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XK | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XL | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XM | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XN | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XQ | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.2XR | Not Vulnerable | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XS | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XT | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XU | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XV | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2XW | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | 12.2(4)YA12; available | | | 12.2YA | 17-Aug-07 | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2YB | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2YC | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YD | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | Vulnerable; first fixed in | 12.2(25)S13 | | 12.2YE | 12.2(30)S | | | | | 12.2(14)S19 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2YF | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2YG | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2YH | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2YJ | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YK | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YL | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YM | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YN | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | 12.2YO | Not Vulnerable | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2YP | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YQ | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YR | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | | available | | 12.2YS | Vulnerable; contact TAC | 03-Sep-07 | | | | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2YT | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YU | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YV | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YW | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YX | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2YY | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | Vulnerable; first fixed in | 12.2(25)S13 | | 12.2YZ | 12.2(30)S | | | | | 12.2(14)S19 | |------------+--------------------------------+---------------| | 12.2ZA | Not Vulnerable | | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | | available | | 12.2ZB | 12.2(8)ZB | 03-Sep-07 | | | | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2ZC | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | 12.2ZD | Vulnerable; contact TAC | | |------------+--------------------------------+---------------| | | | 12.3(23) | | | | | | | | 12.3(20a) | | | | | | | | 12.3(21b) | | | | | | | | 12.3(22a) | | | Vulnerable; first fixed in | | | 12.2ZE | 12.3(23) | 12.3(18a) | | | | | | | | 12.3(19a); | | | | available | | | | 16-Aug-07 | | | | | | | | 12.3(17c); | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2ZF | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | | | 12.4(13d) | |------------+--------------------------------+---------------| | | | 12.3(2)XA6 | | | | | | 12.2ZG | Vulnerable; contact TAC | 12.3(8)YG6; | | | | available | | | | 16-Aug-07 | |------------+--------------------------------+---------------| | 12.2ZH | 12.2(13)ZH9; available | 12.2(13)ZH9 | | | 17-Aug-07 | | |------------+--------------------------------+---------------| | | | 12.4(12c) | | | | | | | | 12.4(3h) | | | | | | | | 12.4(5c) | | | | | | | | 12.4(8d); | | | Vulnerable; first fixed in | available | | 12.2ZJ | 12.3(11)T12; available | 03-Sep-07 | | | 16-Aug-07 | | | | | 12.4(7f) | | | | | | | | 12.4(16) | | | | | | | | 12.4(10c) | | | | | | |