Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3181 isco IOS and IOS XE Software multiple vulnerabilities 23 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco IOS Software Cisco IOS XE Software Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Existing Account Unauthorised Access -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-34705 CVE-2021-34703 CVE-2021-34699 CVE-2021-1620 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-dos-sBnuHSjT https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2 Comment: This bulletin contains four (4) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability Priority: High Advisory ID: cisco-sa-fxo-pattern-bypass-jUXgygYv First Published: 2021 September 22 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvw53542 CVE Names: CVE-2021-34705 CWEs: CWE-232 Summary o A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv This advisory is part of the September 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Affected Products o Vulnerable Products This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS or IOS XE Software and both of the following are true: There is a destination pattern with at least one wildcard configured for an FXO interface. The device is enabled to support incoming calls via ISDN or SIP. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Determine the FXO Interface Configuration To determine the FXO interface configuration, first use the show inventory | include FXO command in the device CLI to determine whether at least one FXO interface card is installed in the device. It this command returns empty output, no FXO interface card is installed and the device is not vulnerable. The following example shows the output of the show inventory | include FXO command on a device that has an FXO interface card installed in subslot 0/ 3: ios#show inventory | include FXO NAME: "NIM subslot 0/3", DESCR: "NIM-4FXO Voice Analog Module" PID: NIM-4FXO , VID: V02 , SN: XXXXXXXXXXX If the preceding command does return output, note the (sub-)slot number(s) from the command output. Then use the show running-config | section dial-peer voice command and look for an output section where all the following are true: The output starts with dial-peer voice tag pots . The entry has a destination-pattern pattern where pattern contains at least one wildcard character. The same entry indicates port x/y/z where x/y/z is a port on an FXO interface card that correlates to the output from the earlier show inventory | include FXO command. The following example illustrates show running-config | section dial-peer voice output where the entry has a destination pattern with the dot (.) wildcard character and the dial peer with tag 35 is linked to the FXO interface card in subslot 0/3. ios#show running-config | section dial-peer voice . . . dial-peer voice 35 pots destination-pattern 123. port 0/3/5 forward-digits all . . . Determine the ISDN Interface Configuration To determine whether a device has an ISDN interface configured, use the show running config | include isdn switch-type command in the CLI. If a value is returned, an ISDN interface is enabled. The following example shows the output of the command on a device that has an ISDN interface: ios#show running-config | include isdn switch-type isdn switch-type primary-net5 Note: The exact switch type does not affect this vulnerability. Determine the SIP Configuration The default dial-peer voice tag voip , which is not visible in the output of show running-config or show running-config all , supports incoming SIP calls. Therefore, no specific configuration is required. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: IOS XR Software Meraki products NX-OS Software Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory ("First Fixed"). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified ("Combined First Fixed"). Customers can use the Cisco Software Checker to search advisories in the following ways: Choose the software and one or more releases Upload a .txt file that includes a list of specific releases Enter the output of the show version command After initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication. Customers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release-for example, 15.1(4)M2 or 3.13.8S : By default, the Cisco Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank Austin Martinetti for reporting this vulnerability. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-SEP-22 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-ikev2-ebFrwMPr First Published: 2021 September 22 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvw25564 CVE Names: CVE-2021-1620 CWEs: CWE-563 Summary o A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr This advisory is part of the September 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Affected Products o Vulnerable Products This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS or IOS XE Software and have the IKEv2 AutoReconnect feature enabled. The IKEv2 AutoReconnect feature is not enabled by default. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Determine the Device Configuration To determine whether the IKEv2 AutoReconnect feature is enabled, use the show running-config | include ^ reconnect command that is available under the crypto IKEv2 profile. If the command returns output, the device is affected by this vulnerability. Empty output indicates that the IKEv2 AutoReconnect feature is not enabled and the device is not affected by this vulnerability. The following example shows output for a device that is configured with the IKEv2 AutoReconnect feature enabled: Router#show running-config | include ^ reconnect reconnect timeout 1800 Router# Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: IOS XR Software Meraki products NX-OS Software Workarounds o There are no workarounds that address this vulnerability. The only way to recover the IP pool involves a device reload. To mitigate this vulnerability, an administrator can remove the reconnect timeout command that is available under the crypto IKEv2 profile and reload the device. This action will recover any consumed IP addresses from the IP pool and prevent the vulnerability from being exploited until an upgrade can be performed. The administrator can restore the reconnect timeout command to the configuration after the upgrade. While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory ("First Fixed"). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified ("Combined First Fixed"). Customers can use the Cisco Software Checker to search advisories in the following ways: Choose the software and one or more releases Upload a .txt file that includes a list of specific releases Enter the output of the show version command After initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication. Customers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release-for example, 15.1(4)M2 or 3.13.8S : By default, the Cisco Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-SEP-22 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability Priority: Medium Advisory ID: cisco-sa-lldp-dos-sBnuHSjT First Published: 2021 September 22 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvv12527 CVE Names: CVE-2021-34703 CWEs: CWE-456 Summary o A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-dos-sBnuHSjT This advisory is part of the September 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco devices if they were running a vulnerable release of Cisco IOS or IOS XE Software and had the LLDP feature enabled. The LLDP feature is disabled in Cisco IOS and IOS XE Software by default. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Determine the Device Configuration To determine whether the LLDP feature is enabled, use the show running-config | include lldp run command at the device CLI. If the command returns output, the device is affected by this vulnerability. Empty output indicates that the LLDP feature is not enabled and the device is not affected by this vulnerability. Note: The show lldp command should not be used to determine the LLDP configuration because this command could trigger the vulnerability described in this advisory and cause a device reload. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: IOS XR Software Meraki products NX-OS Software Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory ("First Fixed"). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified ("Combined First Fixed"). Customers can use the Cisco Software Checker to search advisories in the following ways: Choose the software and one or more releases Upload a .txt file that includes a list of specific releases Enter the output of the show version command After initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication. Customers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release-for example, 15.1(4)M2 or 3.13.8S : By default, the Cisco Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-dos-sBnuHSjT Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-SEP-22 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-trustsec-dos-7fuXDR2 First Published: 2021 September 22 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvx66699 CVE Names: CVE-2021-34699 CWEs: CWE-435 Summary o A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2 This advisory is part of the September 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Affected Products o Vulnerable Products This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS or IOS XE Software, have TrustSec capabilities, and have the web UI enabled. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Determine Device TrustSec Capabilities To determine whether a device has TrustSec capabilities, log in to the device and use the show subsys | include cts_core command in the CLI. If the command does not produce output, the TrustSec core subsystem is absent and the device has no TrustSec capabilities. The following example shows the output of the show subsys | include cts_core command for a device that has TrustSec capabilities: Router# show subsys | include cts_core cts_core Protocol 1.000.001 Router# Determine the HTTP Server Configuration To determine whether the HTTP Server feature is enabled for a device, log in to the device and use the show running-config | include ip http server| secure|active command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. If either command is present and configured, the HTTP Server feature is enabled for the device. The following example shows the output of the show running-config | include ip http server|secure|active command for a device that has the HTTP Server feature enabled: Router# show running-config | include ip http server|secure|active ip http server ip http secure-server Note: The presence of either command or both commands in the device configuration indicates that the web UI feature is enabled. If the ip http server command is present and the configuration also contains ip http active-session-modules none , the vulnerability is not exploitable over HTTP. If the ip http secure-server command is present and the configuration also contains ip http secure-active-session-modules none , the vulnerability is not exploitable over HTTPS. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: IOS XR Software Meraki products NX-OS Software Workarounds o There are no workarounds that address this vulnerability. Disabling the HTTP Server feature eliminates the attack vector for this vulnerability and may be a suitable mitigation until affected devices can be upgraded. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature. While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory ("First Fixed"). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified ("Combined First Fixed"). Customers can use the Cisco Software Checker to search advisories in the following ways: Choose the software and one or more releases Upload a .txt file that includes a list of specific releases Enter the output of the show version command After initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication. Customers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release-for example, 15.1(4)M2 or 3.13.8S : By default, the Cisco Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2 Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-SEP-22 | +----------+---------------------------+----------+--------+--------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUvLM+NLKJtyKPYoAQiQ/w/9EGz8Yk6Ne9WPCCNezfsu26mpQ4fi7gim tXBajgO+404AvYH8lj5yK/UTta89cytjBfVa5/D74GB/3E07znpUZ9+mjFubR9hk +LoteD/7jfVzI8oTKdWHqR/thcQS0kDgkYw9tS94hsy9YgDcWDlQEBnjucogiZXC LgB0nVvKkYto95EGZLxK/rLFFyFsVvSJEBFqTN2HHSghbLOPb2VwqPi6j6mGS+Ul PI2mNVTRgRbuJOft1EcDfZDGMPjT7ZE61GjH+GoR8di81QycO3fyD8nlE113x0iT 2Eini3AC/Mu2OtoOtJzIWeJidAWnv3Pkn3wiD61a0wEqb4+rBWh9qNNtUDDznN9D CGQ1JQziGIjLdhVGAslWGMcT8f2SdyntIJjCA7QlnmAyEXc9N27s5kL57WBrpzfo jitWUCeNEqFr48yyQESKLmNV507qRaGm+lrOgl4wkRfkvhEa9IjveeDYodi8Q7P6 8FMzPyo+qCP9eP+hXFICDeJjC+K7WHcZx5toOdCyt/pk/KaZsZ5ksaWIeIgspkkx RgZkssKO0jW1nL7G4NrHmXGwjgpeyj1g6QnTXIooJY6F9niHTFLTzYdTSRdbev2z jcADLaTIOACWM9V5UYVyRu5p+ULpfbceAvOBexOriroSIyXCBHqykutuU9q8gVyu nNKkmpaugdk= =tDMh -----END PGP SIGNATURE-----