Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2904 Multiple vulnerabilities have been identified in Cisco IOS and IOS XE 27 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco IOS Cisco IOS XE Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-15373 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipv6hbh https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ospfv3-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sm1t3e3 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-tacplus https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-vtp Comment: This bulletin contains eight (8) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Security Advisory Cisco IOS and IOS XE Software Cisco Discovery Protocol Denial of Service Vulnerability Priority: Medium Advisory ID: cisco-sa-20180926-cdp-dos First Published: 2018 September 26 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvg54267 CVE-2018-15373 CWE-399 CVSS Score: Base 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary * A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-dos Affected Products * Vulnerable Products This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software and are configured to use the Cisco Discovery Protocol. For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory. Assessing the Cisco Discovery Protocol Configuration To determine whether a device is configured to use the Cisco Discovery Protocol, administrators can log in to the device and use the show cdp global command in the CLI. If the device is configured to use the protocol, the output of the command will be similar to the following example: CLI(config)# show cdp global Global CDP information: CDP enabled globally Refresh time is 60 seconds Hold time is 180 seconds CDPv2 advertisements is enabled DeviceID TLV in System-Name(Default) Format To determine whether specific interfaces of a device are configured to use the Cisco Discovery Protocol and to display information about those interfaces, administrators can use the show cdp interface command in the CLI. If any interfaces of the device are configured to use the protocol, the output of the command will show the protocol status and other information for each interface that is configured to use the protocol. Determining the Cisco IOS Software Release To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output. The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . . For information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Determining the Cisco IOS XE Software Release To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text. The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M: ios-xe-device# show version Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . . For information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software. Indicators of Compromise * Exploitation of this vulnerability will cause an increase in the amount of memory that is used by the CDP process on a device, as shown in the following example: Switch# show memory allocating totals | in CDP 0x7FF0A845688D 1045248800 806519 CDP Protocol (allocator: fh_fd_nd_cdp_add_notification_event) 0x7FF0A8456ADF 277598120 806519 CDP Protocol (allocator: fh_fd_nd_cdp_add_notification_event) The memory will be released if exploitation stops. Workarounds * There are no workarounds that address this vulnerability. However, administrators may disable use of the Cisco Discovery Protocol by a device. To disable use of the protocol globally for a device, use the no cdp run command in the CLI. To disable use of the protocol for a specific interface of a device, use the no cdp enable command in the CLI. To first determine whether use of the Cisco Discovery Protocol is enabled for a device, administrators can use the show cdp neighbors command in the device CLI. The output of the command displays detailed information about neighboring devices that were discovered by using the Cisco Discovery Protocol or, if use of the protocol is disabled, indicates that use of the protocol is not enabled, as shown in the following example: Router# show cdp neighbors % CDP is not enabled Router# Fixed Software * For detailed information about affected and fixed software releases, consult the Cisco IOS Software Checker. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker, that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (?First Fixed?). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (?Combined First Fixed?). Customers can use this tool to perform the following tasks: + Initiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse + Enter the output of the show version command for the tool to parse + Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com or enter a Cisco IOS Software or Cisco IOS XE Software release?for example, 15.1(4)M2 or 3.13.8S?in the following field: [ ] [Check] By default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list. Exploitation and Public Announcements * The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source * This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy * To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications * Subscribe URL * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-dos Revision History +----------------------------------------------------------------------------+ | Version | Description | Section | Status | Date | |---------+--------------------------+---------+--------+--------------------| | 1.0 | Initial public release. | | Final | 2018-September-26 | +----------------------------------------------------------------------------+ - ------------------------------------------------------------------------------- Cisco Security Advisory Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-20180926-cmp First Published: 2018 September 26 16:00 GMT Version 1.0: Final Workarounds: Yes Cisco Bug IDs: CSCvg48576 CVE-2018-0475 CWE-20 CVSS Score: Base 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary * A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Affected Products * Vulnerable Products This vulnerability affects Cisco Catalyst Switches that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software with the cluster feature enabled that have not been a cluster member since the last reload. On some platforms, the cluster feature is enabled by default. A switch with the cluster feature enabled is vulnerable only if it has not been a cluster member since the last reload. For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory. Determining Whether the Cluster Feature Is Enabled in a Vulnerable Way There are two methods for determining whether the cluster feature is enabled in a vulnerable way. Option 1: Using the show cluster Command To determine the status of the Cluster feature on a device, use the show cluster privileged EXEC command on the device. The following example shows the output of the show cluster command on a Cisco Catalyst Switch that has the cluster feature enabled but has not been a cluster member since the last reload: SWITCH1#show cluster % Not a management cluster member This is the only output of the show cluster command that indicates that the device is vulnerable. If this command does not exist, or if it produces any other output, the device is not affected by the vulnerability described in this advisory. Option 2: Using the show running-config [all] Command To determine whether a device is configured with the cluster feature enabled, use the show running-config all | include cluster run privileged EXEC command on the device. The following example shows the output of the show running-config all | include cluster run command on a switch that has the cluster feature enabled: SWITCH2#show running-config all | include cluster run cluster run To determine whether a device has been a cluster member since the last reload, use the show running-config | include cluster commander privileged EXEC command on the device. The following example shows the output of the show running-config | include cluster commander command on a switch that has been a cluster member since the last reload. On a switch that has not been a cluster member since the last reload, this command would result in empty output. SWITCH2#show running-config | include cluster commander cluster commander-address 0001.0001.0001 When Option 2 is used to assess the device, it is affected by the vulnerability described in this advisory only if both the following conditions are true: + The output of the show running-config all command includes cluster run + The show running-config | include cluster commander command results in empty output Determining the Cisco IOS Software Release To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output. The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . . For information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Determining the Cisco IOS XE Software Release To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text. The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M: ios-xe-device# show version Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . . For information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software. Workarounds * Manually configuring an arbitrary cluster command switch MAC address using the cluster commander-address mac_address command in global configuration mode prevents exploitation of this vulnerability. Administrators who do not use the cluster feature in their environments can also disable the cluster feature by using the no cluster run command in global configuration mode to mitigate this issue. Fixed Software * Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker, that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (?First Fixed?). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (?Combined First Fixed?). Customers can use this tool to perform the following tasks: + Initiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse + Enter the output of the show version command for the tool to parse + Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com or enter a Cisco IOS Software or Cisco IOS XE Software release?for example, 15.1(4)M2 or 3.13.8S?in the following field: [ ] [Check] By default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list. For a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, or Cisco IOS XE 3SG Release Notes, depending on the Cisco IOS XE Software release. Exploitation and Public Announcements * The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source * Cisco would like to thank Dmitry Kuznetsov of Digital Security for reporting this vulnerability. Cisco Security Vulnerability Policy * To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications * Subscribe Related to This Advisory * Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication Cisco Security Blog: Cisco IOS and IOS XE Software Bundled Publication September 2018 URL * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp Revision History +----------------------------------------------------------------------------+ | Version | Description | Section | Status | Date | |---------+--------------------------+---------+--------+--------------------| | 1.0 | Initial public release. | | Final | 2018-September-26 | +----------------------------------------------------------------------------+ Legal Disclaimer * THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. - ------------------------------------------------------------------------------- Cisco Security Advisory Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability Prioroity: High Advisory ID: cisco-sa-20180926-ipv6hbh First Published: 2018 September 26 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCuz28570 CVE-2018-0467 CWE-20 CVSS Score: Base 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary * A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipv6hbh This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Affected Products * Vulnerable Products This vulnerability affects devices that are running a vulnerable version of Cisco IOS or IOS XE Software and are configured with an IPv6 address. For more information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory. Administrators can identify interfaces that have assigned IPv6 addresses by using the show ipv6 interface brief command in the CLI. The following example shows the output of the command on a device with IPv6 enabled: router#show ipv6 interface brief . . . GigabitEthernet0/0/0 [Up/Up] fe80::212:daff:fe62:c150 2001:DB8::1 If IPv6 is not supported by the software release that is running on a device, using the show ipv6 interface brief command produces an error message. If IPv6 is not enabled on the device, using the show ipv6 interface brief command does not show any interfaces with IPv6 addresses. In either scenario, the device is not affected by this vulnerability. Determining the Cisco IOS Software Release To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output. The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . . For information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Determining the Cisco IOS XE Software Release To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text. The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M: ios-xe-device# show version Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . . For information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software. Workarounds * There are no workarounds that address this vulnerability. Fixed Software * Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker, that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (?First Fixed?). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (?Combined First Fixed?). Customers can use this tool to perform the following tasks: + Initiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse + Enter the output of the show version command for the tool to parse + Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com or enter a Cisco IOS Software or Cisco IOS XE Software release?for example, 15.1(4)M2 or 3.13.8S?in the following field: [ ] [Check] By default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list. For a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, or Cisco IOS XE 3SG Release Notes, depending on the Cisco IOS XE Software release. Exploitation and Public Announcements * The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source * This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy * To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications * Subscribe Related to This Advisory * Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication Cisco Security Blog: Cisco IOS and IOS XE Software Bundled Publication September 2018 URL * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipv6hbh Revision History +----------------------------------------------------------------------------+ | Version | Description | Section | Status | Date | |---------+--------------------------+---------+--------+--------------------| | 1.0 | Initial public release. | | Final | 2018-September-26 | +----------------------------------------------------------------------------+ Legal Disclaimer * THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. - ------------------------------------------------------------------------------- Cisco Security Advisory Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-20180926-ospfv3-dos First Published: 2018 September 26 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCuy82806 CVE-2018-0466 CWE-399 CVSS Score: Base 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary * A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ospfv3-dos This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Affected Products * Vulnerable Products This vulnerability affects devices running vulnerable releases of Cisco IOS and IOS XE Software that are configured for OSPFv3 operations. For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory. Assessing the OSPFv3 Configuration Administrators can verify whether OSPFv3 is in use on a device by verifying that the show ospfv3 CLI command is producing an output. If that command does not produce output, then OSPFv3 operation is not configured. Here is an example of a device on which OSPFv3 is enabled: router#show ospfv3 OSPFv3 10 address-family ipv4 Determining the Cisco IOS Software Release To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output. The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . . For information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Determining the Cisco IOS XE Software Release To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text. The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M: ios-xe-device# show version Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . . For information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco ASA Software, Cisco NX-OS Software, or Cisco IOS XR Software. Indicators of Compromise * A successful exploit of this vulnerability will cause an affected device to reload and generate a crashinfo file. A successful exploit of this vulnerability may be confirmed by decoding the stack trace for the device and determining whether the stack trace correlates with this vulnerability. Contact the Cisco Technical Assistance Center (TAC) to review the crashinfo file and determine whether the device has been compromised by exploitation of this vulnerability. Workarounds * There are no workarounds that address this vulnerability. Fixed Software * Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker, that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (?First Fixed?). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (?Combined First Fixed?). Customers can use this tool to perform the following tasks: + Initiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse + Enter the output of the show version command for the tool to parse + Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com or enter a Cisco IOS Software or Cisco IOS XE Software release?for example, 15.1(4)M2 or 3.13.8S?in the following field: [ ] [Check] By default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list. For a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, or Cisco IOS XE 3SG Release Notes, depending on the Cisco IOS XE Software release. Exploitation and Public Announcements * The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source * This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy * To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications * Subscribe Related to This Advisory * Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication Cisco Security Blog: Cisco IOS and IOS XE Software Bundled Publication September 2018 URL * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ospfv3-dos Revision History +----------------------------------------------------------------------------+ | Version | Description | Section | Status | Date | |---------+--------------------------+---------+--------+--------------------| | 1.0 | Initial public release. | | Final | 2018-September-26 | +----------------------------------------------------------------------------+ - ------------------------------------------------------------------------------- Cisco Security Advisory Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability Priority: Medium Advisory ID: cisco-sa-20180926-pnp-memleak First Published: 2018 September 26 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvi30136 CVE-2018-15377 CWE-400 CVSS Score: Base 6.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary * A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak Affected Products * Vulnerable Products This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software. For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory. Determining the Cisco IOS Software Release To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output. The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . . For information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Determining the Cisco IOS XE Software Release To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text. The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M: ios-xe-device# show version Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . . For information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software. Workarounds * There are no workarounds that address this vulnerability. Fixed Software * For detailed information about affected and fixed software releases, consult the Cisco IOS Software Checker. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker, that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (?First Fixed?). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (?Combined First Fixed?). Customers can use this tool to perform the following tasks: + Initiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse + Enter the output of the show version command for the tool to parse + Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com or enter a Cisco IOS Software or Cisco IOS XE Software release?for example, 15.1(4)M2 or 3.13.8S?in the following field: [ ] [Check] By default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list. Exploitation and Public Announcements * The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source * This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy * To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications * Subscribe URL * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak Revision History +----------------------------------------------------------------------------+ | Version | Description | Section | Status | Date | |---------+--------------------------+---------+--------+--------------------| | 1.0 | Initial public release. | | Final | 2018-September-26 | +----------------------------------------------------------------------------+ Legal Disclaimer * THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. - ------------------------------------------------------------------------------- Cisco Security Advisory Cisco IOS and IOS XE Software SM-1T3/E3 Service Module Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-20180926-sm1t3e3 First Published: 2018 September 26 16:00 GMT Version 1.0: Final Workarounds: Yes Cisco Bug IDs: CSCva23932, CSCvi95007 CVE-2018-0485 CWE-19 CVSS Score: Base 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary * A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, remote attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of user input. An attacker could exploit this vulnerability by first connecting to the SM-1T3/E3 module console and entering a string sequence. A successful exploit could allow the attacker to cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a DoS condition on an affected device. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sm1t3e3 This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Affected Products * The Cisco SM-X-1T3/E3 1-port T3/E3 enhanced service module (SM-X) is a software-configurable T3/E3 product supported on the Cisco ISR G2 and Cisco ISR4451-X Routers. Vulnerable Products This vulnerability affects Cisco ISR G2 or Cisco ISR4451-X Routers if they have an SM-X-1T3/E3 module installed and are running an affected version of Cisco IOS or IOS XE Software. For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory. Determining if an SM-X-1T3/E3 Module is Installed On Cisco ISR G2 Routers, enter the show version CLI command. If the output contains Subrate T3/E3 port, then the device has an affected module installed. The following example shows a device with an SM-X-1T3/E3 module installed: ISR-G2#show version | include T3/E3 1 Subrate T3/E3 port ISR-G2# If the output returns nothing, then the device does not have an SM-X-1T3/E3 module installed. On ISR4451-X Routers, enter the show diag all eeprom | include SM-X-1T3 CLI command. If the output contains SM-X-1T3/E3, then the device has an affected module installed. The following example shows a device with an SM-X-1T3/E3 module installed: ISR-G2#sho diag all eeprom | include SM-X-1T3 Product Identifier (PID) : SM-X-1T3/E3 ISR-G2# If the output returns nothing, then the device does not have an SM-X-1T3/E3 module installed. Determining the Cisco IOS Software Release To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output. The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . . For information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Determining the Cisco IOS XE Software Release To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text. The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M: ios-xe-device# show version Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . . For information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco NX-OS Software or Cisco IOS XR Software. Details * The firmware for the SM-X-1T3/E3 module is bundled within the Cisco IOS or IOS XE Software image. SM-X-1T3/E3 Console This vulnerability is exploitable only when a user has a session to the SM-X-1T3/E3 console. On ISR G2 Routers prior to Cisco Bug ID CSCuz92665, the SM-X-1T3/E3 console was remotely accessible based on the configuration of the TTY line. See the Workarounds section to change the configuration to prevent remote access to the SM-X-1T3/E3 console. If you are using local authentication on the ISR G2 Router, the line may be accessible without authentication. If you are using authentication, authorization, and accounting (AAA) for authentication, then a valid username and password combination are required to remotely access the module. On ISR4451-X Routers, the SM-X-1T3/E3 console is only available locally by using the privilege 15 hw-module session <slot/card> command. Impact of Exploit On ISR G2 Routers, the entire router will reload when the vulnerability is exploited. On ISR4451-X Routers, only the SM-X-1T3/E3 module will reload. On both devices, the SM-X-1T3/E3 module will be down for at least 180 seconds. Upgrading to a Fixed Software Release - ISR G2 Routers Only Prior to upgrading to a fixed software release on ISR G2 Routers, delete the existing firmware on the device. The following CLI output shows an example of the applicable commands: ISR-G2#delete flash0:/firmware/sm_1t3e3/sm_1t3e3_fw.ver Delete filename [/firmware/sm_1t3e3/sm_1t3e3_fw.ver]? Delete flash0:/firmware/sm_1t3e3/sm_1t3e3_fw.ver? [confirm] ISR-G2# ISR-G2#delete flash0:/firmware/sm_1t3e3/sm_1t3e3_fw.img Delete filename [/firmware/sm_1t3e3/sm_1t3e3_fw.img]? Delete flash0:/firmware/sm_1t3e3/sm_1t3e3_fw.img? [confirm] ISR-G2# Workarounds * While the following workaround does not prevent exploitation of the vulnerability, it does limit the attack surface: Prevent Access to the SM-X-1T3/E3 Console (ISR G2 Routers Only) It is recommended that access to the SM-X-1T3/E3 console be disabled by configuring transport input none on the associated line for the SM-X-1T3/E3 console as in the following example: ISR-G2#configure terminal ISR-G2(config)#line 68 ISR-G2(config)#transport input none ISR-G2(config)#exit ISR-G2# On Cisco ISR4451-X Routers, the SM-X-1T3/E3 console is only available locally by using the privilege 15 hw-module session <slot/card> command Fixed Software * Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker, that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (?First Fixed?). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (?Combined First Fixed?). Customers can use this tool to perform the following tasks: + Initiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse + Enter the output of the show version command for the tool to parse + Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com or enter a Cisco IOS Software or Cisco IOS XE Software release?for example, 15.1(4)M2 or 3.13.8S?in the following field: [ ] [Check] By default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list. For a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, or Cisco IOS XE 3SG Release Notes, depending on the Cisco IOS XE Software release. Exploitation and Public Announcements * The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source * This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy * To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications * Subscribe Related to This Advisory * Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication Cisco Security Blog: Cisco IOS and IOS XE Software Bundled Publication September 2018 URL * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sm1t3e3 Revision History +----------------------------------------------------------------------------+ | Version | Description | Section | Status | Date | |---------+--------------------------+---------+--------+--------------------| | 1.0 | Initial public release. | | Final | 2018-September-26 | +----------------------------------------------------------------------------+ Legal Disclaimer * THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. - ------------------------------------------------------------------------------- Cisco Security Advisory Cisco IOS and IOS XE Software TACACS+ Client Denial of Service Vulnerability Priority: Medium Advisory ID: cisco-sa-20180926-tacplus First Published: 2018 September 26 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCux66796 CVE-2018-15369 CWE-20 CVSS Score: Base 6.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary * A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-tacplus Affected Products * Vulnerable Products This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software and are configured as a TACACS+ client. For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory. Determining the Cisco IOS Software Release To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output. The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . . For information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Determining the Cisco IOS XE Software Release To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text. The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M: ios-xe-device# show version Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . . For information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software. Workarounds * There are no workarounds that address this vulnerability. Fixed Software * For detailed information about affected and fixed software releases, consult the Cisco IOS Software Checker. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker, that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (?First Fixed?). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (?Combined First Fixed?). Customers can use this tool to perform the following tasks: + Initiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse + Enter the output of the show version command for the tool to parse + Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com or enter a Cisco IOS Software or Cisco IOS XE Software release?for example, 15.1(4)M2 or 3.13.8S?in the following field: [ ] [Check] By default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list. Exploitation and Public Announcements * The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source * This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy * To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications * Subscribe URL * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-tacplus Revision History +----------------------------------------------------------------------------+ | Version | Description | Section | Status | Date | |---------+--------------------------+---------+--------+--------------------| | 1.0 | Initial public release. | | Final | 2018-September-26 | +----------------------------------------------------------------------------+ Legal Disclaimer * THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. - ------------------------------------------------------------------------------- Cisco Security Advisory Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability Priority: Medium Advisory ID: cisco-sa-20180926-vtp First Published: 2018 September 26 16:00 GMT Version 1.0: Final Workarounds: Yes Cisco Bug IDs: CSCvd37163 CVE-2018-0197 CWE-20 CVSS Score: Base 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X Summary * A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-vtp Affected Products * Vulnerable Products This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured. For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory. Determining the VTP Configuration To determine the VTP operating mode and whether a VTP domain name has been configured for a device, administrators can log in to the device, use the show vtp status command in the CLI, and refer to the output of the command. The following example shows the output of the show vtp status command for a device that is using the default configuration, which is to operate in VTP server mode with no VTP domain name configured. If the device is also running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, the device is affected by this vulnerability. Switch# show vtp status VTP Version capable : 1 to 3 VTP version running : 1 VTP Domain Name : VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0cd9.9675.dd80 Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 192.168.88.1 on interface Vl1 (lowest numbered VLAN interface found) Feature VLAN: -------------- VTP Operating Mode : Server Maximum VLANs supported locally : 1005 Number of existing VLANs : 5 Configuration Revision : 0 MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD 0x56 0x9D 0x4A 0x3E 0xA5 0x69 0x35 0xBC Switch# The following example shows the output of the show vtp status command for a device that is operating in VTP server mode and has the VTP domain name MYVTPDOMAIN. The device is not affected by this vulnerability because a VTP domain name has been configured for the device. Switch# show vtp status VTP Version capable : 1 to 3 VTP version running : 1 VTP Domain Name : MYVTPDOMAIN VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0cd9.9675.dd80 Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 192.168.88.1 on interface Vl1 (lowest numbered VLAN interface found) Feature VLAN: -------------- VTP Operating Mode : Server Maximum VLANs supported locally : 1005 Number of existing VLANs : 5 Configuration Revision : 0 MD5 digest : 0xFE 0x33 0x43 0x04 0x9D 0x91 0x37 0x58 0x66 0xA0 0x68 0x3F 0x74 0x6A 0x22 0x5B Switch# Determining the Cisco IOS Software Release To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output. The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M: Router> show version Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . . For information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Determining the Cisco IOS XE Software Release To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text. The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M: ios-xe-device# show version Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . . For information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software. Details * This vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. For exploitation of this vulnerability to occur, a device must receive the VTP packets through a port that is operating as a trunk port. A device will not process the VTP packets if they are received on a port that is operating as an access port. On most Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP, the default port configuration for a switch port is dynamic auto. A port in the dynamic auto configuration can be converted to a trunk port by a device that is connected to it. Administrators who are using this configuration on their switch ports should determine whether such behavior is required or desirable. If it is not and the ports are expected to be used only to provide network access to hosts, administrators may consider reconfiguring their switch ports to be static access ports. Indicators of Compromise * Exploitation of this vulnerability could generate the following logging messages: Aug 29 2018 13:02:57.434 EST: %SW_VLAN-4-VTP_INTERNAL_ERROR: VLAN manager received an internal error 4 from vtp function vtp_get_domain_info: No such domain -Traceback= 463F74z 1DE5DE4z 2253E40z 2257D14z 2254C88z 22593C8z 2B0A128z 2B0A194z 225AA28z 225827Cz 2255540z 297DD08z 297A088z Aug 29 2018 13:03:27.445 EST: %SW_VLAN-4-VTP_INTERNAL_ERROR: VLAN manager received an internal error 4 from vtp function vtp_get_domain_info: No such domain -Traceback= 463F74z 1DE5DE4z 2253E40z 2257D14z 2254C88z 22593C8z 2B0A128z 2B0A194z 225AA28z 225827Cz 2255540z 297DD08z 297A088z Aug 29 2018 13:03:57.444 EST: %SW_VLAN-4-VTP_INTERNAL_ERROR: VLAN manager received an internal error 4 from vtp function vtp_get_domain_info: No such domain -Traceback= 463F74z 1DE5DE4z 2253E40z 2257D14z 2254C88z 22593C8z 2B0A128z 2B0A194z 225AA28z 225827Cz 2255540z 297DD08z 297A088z Aug 29 2018 13:04:27.449 EST: %SW_VLAN-4-VTP_INTERNAL_ERROR: VLAN manager received an internal error 4 from vtp function vtp_get_domain_info: No such domain -Traceback= 463F74z 1DE5DE4z 2253E40z 2257D14z 2254C88z 22593C8z 2B0A128z 2B0A194z 225AA28z 225827Cz 2255540z 297DD08z 297A088z The messages will occur approximately every 30 seconds. The values printed after the -Traceback= text are version dependent. Workarounds * To prevent exploitation of this vulnerability, administrators can configure a VTP domain name for a device by using the vtp domain configuration command in the CLI. Fixed Software * For detailed information about affected and fixed software releases, consult the Cisco IOS Software Checker. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker, that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (?First Fixed?). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (?Combined First Fixed?). Customers can use this tool to perform the following tasks: + Initiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse + Enter the output of the show version command for the tool to parse + Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com or enter a Cisco IOS Software or Cisco IOS XE Software release?for example, 15.1(4)M2 or 3.13.8S?in the following field: [ ] [Check] By default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list. Exploitation and Public Announcements * The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source * Cisco would like to thank Mr. Marcin T. Sleczek of networkers.pl for reporting this vulnerability. Cisco Security Vulnerability Policy * To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications * Subscribe URL * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-vtp Revision History +----------------------------------------------------------------------------+ | Version | Description | Section | Status | Date | |---------+--------------------------+---------+--------+--------------------| | 1.0 | Initial public release. | | Final | 2018-September-26 | +----------------------------------------------------------------------------+ Legal Disclaimer * THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW6wvDGaOgq3Tt24GAQin9Q//bJxLy/ZXNrmiBzDu8s9uit4zsiU8izp+ 1FhiwZiA5GocccLBwlEoG575IfQWAv3ksmOWzzrK/PUSfRXya1yFrUGvtn+9SgER Ame1ojdMoWROk9EPHHteEYUtJimzbVPWAqo0cNHEV9qDssKrZQeiU/lfh3WvMM/w qb/wU9WFkcGXKzWdNm8UstSzqChlarY9eOeJTlyvFEGJ7NlC6IqgPkh2lkeghy5r 3dPTaP79SSTCawTtOSVQX/VZROrIhAFN83q6TsX04Zdov8Tk75/o/K/pzbiC7h6J D1W5b3vpuko0YevlVunQEzN5AKqkllxDQZZf/Uw4oB/cG9kckgp3fT9+Bo3spC/V NVXStK+GK1Mv1fgSVzzTaC8D6O8b+LYws2Qa6ZzZRbTTs/XEbhU4QYyOlGvEA4TQ Cs+ah9ObSk3YKH0JFk33Sd9n8hNYBF8LyBiCptWcB5Bh2ZDpaEWdSb5JYqIm+kYc W12LvBDg+Njk1ynGtsR3wVT5uyK42l0kNjIe50bmnR9eaNh5+4TkNefE/LI9C3UF UPvXm5NeL3m+G/hhzP7jn2JCEGebVHg+h8hvwieOWH5EUMqylexX/Vb8KKZszYxn 23BwWFibLNR+QUe8WcdGdTWwUwmhpUqq0O2HBSjeQWXO6V9NwRZHpUHmdKeVWFSe 7VIaGJEGtuQ= =Cpn3 -----END PGP SIGNATURE-----