Cisco released its semi-annual IOS software security advisory bundled publication as part of its bi-annual patch release last week. This IOS patch update includes nine security advisories which cover a total of 13 vulnerabilities, 12 of which are DoS vulnerabilities.
Cisco IOS Software Zone-Based Firewall suffers from four DoS vulnerabilities that have been patched. All four have a CVSS score of 7.8, and involve the H.323 inspection engine (firewall HTTP inspection engine), a crafted IP packets based bug, and a session initiation protocol engine issue.
Other DoS vulnerabilities are present in in the following IOS software components:
- IOS’s Software Network Address Translation
- IOS’s Software Internet Key Exchange
- IOS’s Multicast Source Discovery Protocol (MSDP) handling
- IOS’s Smart Install feature
- IOS and IOS XE Secure Shell (SSH) server implementation
- IOS and IOS XE Software RSVP bug on devices configured with VRF (VPN routing and forwarding) instances
- Multiple vulnerabilities in Cisco IOS Software Traffic Optimization Features.
The consolidated advisory is available here. Cisco’s IOS software checker tool can be used to check if a particular IOS software release is vulnerable. This tool does not support IOS XE and interim builds of the IOS platform.