Cisco Security Advisory
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Medium
Advisory ID:
cisco-sa-20151021-ntp
First Published:
2015 October 21 23:00 GMT
Last Updated:
2016 January 27 19:20 GMT
Version 2.8:
Workarounds:
Cisco Bug IDs:
CVSS Score:
Base 6.4,
Temporal 5.3
Click Icon to Copy Verbose Score
AV:N/AC:L/Au:N/C:N/I:P/A:P/E:F/RL:OF/RC:C
Click Icon to Copy Verbose Score
AV:N/AC:L/Au:N/C:N/I:P/A:P/E:F/RL:OF/RC:C
-
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server.
On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows:
- CVE-2015-7691 - Denial of Service AutoKey Malicious Message
- CVE-2015-7692 - Denial of Service AutoKey Malicious Message
- CVE-2015-7701 - Denial of Service CRYPTO_ASSOC Memory Leak
- CVE-2015-7702 - Denial of Service AutoKey Malicious Message
- CVE-2015-7703 - Configuration Directive File Overwrite Vulnerability
- CVE-2015-7704 - Denial of Service by Spoofed Kiss-o'-Death
- CVE-2015-7705 - Denial of Service by Priming the Pump
- CVE-2015-7848 - Network Time Protocol ntpd Multiple Integer Overflow Read Access Violations
- CVE-2015-7849 - Network Time Protocol Trusted Keys Memory Corruption Vulnerability
- CVE-2015-7850 - Network Time Protocol Remote Configuration Denial of Service Vulnerability
- CVE-2015-7851 - Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability
- CVE-2015-7852 - Network Time Protocol ntpq atoascii Memory Corruption Vulnerability
- CVE-2015-7853 - Network Time Protocol Reference Clock Memory Corruption Vulnerability
- CVE-2015-7854 - Network Time Protocol Password Length Memory Corruption Vulnerability
- CVE-2015-7855 - Denial of Service Long Control Packet Message
- CVE-2015-7871 - NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability
Official Security Advisory from ntp.org: Security Notice
Boston University: Attacking the Network Time Protocol
Cisco TALOS: TALOS Vulnerability Reports
Cisco will release software updates that address these vulnerabilities.
Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
-
Products Under Investigation
Cisco has concluded its investigation to determine the impact of the vulnerabilities covered by this document.
Vulnerable Products
The following table lists Cisco products that are affected by one or more of the vulnerabilities documented in this advisory:
Product Defect Fixed releases availability Collaboration and Social Media Cisco WebEx Node for MCS CSCuw84679 Network Application, Service, and Acceleration Cisco Application Control Engine (ACE30/ ACE 4710) CSCuw84697 Cisco Visual Quality Experience Server CSCuw84852 3.10.5 (9-Nov-2015) Cisco Visual Quality Experience Tools Server CSCuw84852 3.10.5 (9-Nov-2015) Cisco Wide Area Application Services (WAAS) CSCuw84891 5.5.5 (March 2016) Network and Content Security Devices Cisco ASA CX and Cisco Prime Security Manager CSCuw84893 9.3.4.4 (9-Jan-2016) Cisco Identity Services Engine (ISE) CSCuw84914 2.1 (June 2016) Cisco Intrusion Prevention System Solutions (IPS) CSCuw84972 7.1(12) (May 2016)
7.3(05) (March 2016)
Cisco Physical Access Control Gateway CSCuw84901 Cisco Physical Access Manager CSCuw84903 Cisco Secure Access Control Server (ACS) CSCuw84970 5.7 Patch 2 (30-Apr-2016) Cisco Virtual Security Gateway for Microsoft Hyper-V CSCuw84714 5.2(1)VSG2(1.5) (30-May-2016) Network Management and Provisioning Cisco Prime Data Center Network Manager (.ova and .iso installers) CSCuw84704 7.2.2 (30-Dec-2015) Cisco Prime Infrastructure Standalone Plug and Play Gateway CSCuw84746 Cisco Prime License Manager CSCuw84810 10.5(2)su3 (31-Jan-2016)
11.0(1)su2 (31-Mar-2016)Cisco Prime Service Catalog Virtual Appliance CSCuw84835 11.0 (30-Apr-2016)
11.1 (30- Apr-2016)Cisco Quantum Policy Suite (QPS) CSCuw85824 9.0 (March 2016) Cisco Quantum SON Suite CSCuw85825 Update via CLI Cisco UCS Central CSCuw84719 1.4(1a) (18-Dec-2015) Cisco Virtual Topology System (formally Virtual Systems Operations Center) CSCuw84765 2.0.1 (30-Dec-2015) Routing and Switching - Enterprise and Service Provider Cisco Application Policy Infrastructure Controller (APIC) CSCuw84705 1.2(1) (4-Dec-2015) Cisco Connected Grid Router CSCuw84854 15.3(01)IE101.155 (5-Feb-2016) Cisco Connected Grid Routers - CGOS CSCuw84702 Cisco IOS and Cisco IOS XE Software CSCuw85826 Consult Cisco IOS Software Checker for fixed release info. Cisco MDS 9000 Series Multilayer Switches CSCuw84707 7.3 (31-Jan-2016)
6.2.15 (31-Jan-2016)Cisco Nexus 1000V Series Switches CSCuw84710 5.2(1)SV3(1.11) (16-Feb-2016) Cisco Nexus 3000 Series Switches CSCuw84712 7.0.3.I3 (31-Jan-2016) Cisco Nexus 5000 and 6000 Series Switches CSCuw84708 7.3 (31-Jan-2016) Cisco Nexus 7000 Series Switches CSCuw84708 7.3 (31-Jan-2016) Cisco Nexus 9000 Series Switches CSCuw84709 7.0.3.I3 (31-Jan-2016) Unified Computing Cisco Common Services Platform Collector CSCuw84644 1.8 (24-Nov-2015) Cisco Standalone rack server CIMC CSCuw84720 EPMR8 2.0 (9x) (15-Jan-2016) Cisco UCS Director CSCuw84703 5.5 (March 2016) Cisco UCS Invicta Series CSCuw84706 A patch file will be available by 4-Dec-2015. Cisco Unified Computing System E-Series Blade Server CSCuw84640 5.2VSG2(1.5) (30-May-2016) Voice and Unified Communications Devices Cisco ASR5X00 Series CSCuw84642 19.3 (12-Feb-2016) Cisco Emergency Responder CSCuw85099 11.5 (14-Jun-2016) Cisco Finesse CSCuw98638 11.5 (30-Apr-2016) Cisco Hosted Collaboration Mediation Fulfillment CSCuw85108 10.6.3 (Available) Cisco IM and Presence Service (CUPS) CSCuw85104 10.5(2) SU2 (February 2016) Cisco Management Heartbeat Server CSCuw84997 5.1 (31-Mar-2016) Cisco MediaSense CSCuw85139 11.0(1) (17-Dec-2015)
11.5(1) (31-Mar-2016)Cisco Quantum Virtualized Packet Core CSCuw84642 19.3 (12-Feb-2016) Cisco SocialMiner CSCuw85071 Cisco Unified Communications Manager (UCM) CSCuw85074 10.5(2)SU3 (31-Jan-2015) Cisco Unified Communications Manager Session Management Edition (SME) CSCuw85074 10.5(2)SU3 (31-Jan-2015) Cisco Unified Contact Center Express CSCuw98637 Cisco Unified Sip Proxy CSCuw84641 10.0 (June 2016) Cisco Unity Connection (UC) CSCuw85080 Cisco Unity Express CSCuw84638 10.0 (2-Jan-2017) Cisco Virtualization Experience Client 6215 CSCuw85157 No further releases planned. Video, Streaming, TelePresence, and Transcoding Devices Cisco 910 Industrial Router CSCuw84981 1.2.1RB3 (30-Nov-2015) Cisco DCM Series 9900-Digital Content Manager CSCuw84721 18.0.0 (31-Mar-2016) Cisco DNCS Application Server (AppServer) CSCuw85001 Cisco Digital Transport Adapter Control System (DTACS) CSCuw85005 Cisco Download Server (DLS) (Solaris) CSCuw94421 Cisco Edge 300 Digital Media Player CSCuw84983 1.6RB4_2 (20-Nov-2015) Cisco Edge 340 Digital Media Player CSCuw84987 1.2.0.16 (30-Nov-2016) Cisco Enterprise Content Delivery System (ECDS) CSCuw84791 2.6.6 (31-Dec-2015) Cisco Expressway Series CSCuw84833 X8.7 (13-Nov-2015) Cisco IPTV Service Delivery System (ISDS) CSCuw94413 Cisco International Digital Network Control System (iDNCS) CSCuw85007 Cisco Media Experience Engines (MXE) CSCuw84808 3.5 (Available) Cisco Remote Network Control System (RNCS) CSCuw94428 Cisco TelePresence 1310 CSCuw85054 Cisco TelePresence Conductor CSCuw84782 XC4.1 (8-Dec-2015) Cisco TelePresence EX Series CSCuw84818 TC7.3.5 (February 2016) Cisco TelePresence ISDN Link CSCuw84797 IL1.1.6 (15-Dec-2015) Cisco TelePresence MX Series CSCuw84818 TC7.3.5 (February 2016) Cisco TelePresence Profile Series CSCuw84818 TC7.3.5 (February 2016) Cisco TelePresence SX Series CSCuw84818 TC7.3.5 (February 2016) Cisco TelePresence System 1000 CSCuw85054 Cisco TelePresence System 1100 CSCuw85054 Cisco TelePresence System 1300 CSCuw85054 Cisco TelePresence System 3000 Series CSCuw85054 Cisco TelePresence System 500-32 CSCuw85054 Cisco TelePresence System 500-37 CSCuw85054 Cisco TelePresence TX 9000 Series CSCuw85054 Cisco TelePresence Video Communication Server (VCS) CSCuw84833 X8.7 (13-Nov-2015) Cisco Telepresence Integrator C Series CSCuw84818 TC7.3.5 (February 2016) Cisco VDS Service Broker CSCuw85022 No further releases planned. Cisco Video Delivery System Recorder CSCuw84847 No updates planned. Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) CSCuw84849 4.3.1 (31-Jan-2016) Cisco Video Surveillance Media Server CSCuw84912 7.8 (March 2016) Cisco Videoscape Distribution Suite Transparent Caching CSCuw85024 Cloud Object Store (COS) CSCuw84845 2.1.2 (10-Nov-2015)
3.0.1 (10-Nov-2015)
3.5.0 (10-Nov-2015)Explorer Controller (EC) system CSCuw85003 Wireless Cisco Small Business 121 Series Wireless Access Points CSCuw84962 Cisco Small Business 321 Series Wireless Access Points CSCuw84962 Cisco Small Business 500 Series Wireless Access Points CSCuw84958 Cisco WAP371 wireless access point CSCuw84954 Cisco Hosted Services Cisco Cloud Services CSCuw84780 Affected systems have been patched. Cisco Cloud Web Security CSCuw84974 Cisco Intelligent Automation for Cloud CSCuw84837 4.3.1 (30-Dec-2015) Cisco Universal Small Cell 5000 Series running V3.4.2.x software CSCuw84995 BV3.4.2.34 (31-Dec-2015)
BV3.5.12.16 (31-Jan-2016)Cisco Universal Small Cell 7000 Series running V3.4.2.x software CSCuw84995 BV3.4.2.34 (31-Dec-2015)
BV3.5.12.16 (31-Jan-2016)Cisco Universal Small Cell CloudBase CSCuw84990 Affected systems have been patched. Network Change and Configuration Management CSCuw84649 A patch is available for affected releases.
2.9.2 (30-Jan-2015)Products Confirmed Not Vulnerable
Collaboration and Social Media
- Cisco MeetingPlace
- Cisco WebEx Meetings Server versions 1.x
- Cisco WebEx Meetings Server versions 2.x
Endpoint Clients and Client Software
- Cisco Agent for OpenFlow
- Cisco IP Communicator
- Cisco Jabber Guest 10.0(2)
- Cisco NAC Agent for Mac
- Cisco NAC Agent for Web
- Cisco UC Integration for Microsoft Lync
- Cisco Unified Personal Communicator
- Cisco WebEx Meetings for Android
- Cisco WebEx Meetings for BlackBerry
- Cisco WebEx Meetings for WP8
- Cisco WebEx Productivity Tools
- JCF components
- WebEx Recording Playback Client
Network Application, Service, and Acceleration
- Cisco Adaptive Security Appliance (ASA) Software
- Cisco Application and Content Networking System (ACNS)
- Cisco Extensible Network Controller (XNC)
- Cisco Nexus Data Broker (NDB)
- Content Services Switch
Network and Content Security Devices
- Cisco Adaptive Security Device Manager
- Cisco Clean Access Manager
- Cisco Email Security Appliance (ESA)
- Cisco FireSIGHT System Software
- Cisco Firepower 9000 Cisco Integrated Management Controller (CIMC)
- Cisco Ironport WSA
- Cisco NAC Appliance (Clean Access Server)
- Cisco NAC Guest Server
- Cisco NAC Server
- Cisco Security Management Appliance (SMA)
Network Management and Provisioning
- Cisco Access Registrar Appliance
- Cisco Application Networking Manager
- Cisco Connected Grid Device Manager
- Cisco Connected Grid Network Management System
- Cisco Insight Reporter
- Cisco Linear Stream Manager
- Cisco Multicast Manager
- Cisco Network Collector
- Cisco Prime Access Registrar Appliance
- Cisco Prime Access Registrar
- Cisco Prime Analytics
- Cisco Prime Cable Provisioning
- Cisco Prime Central for SPs
- Cisco Prime Collaboration Assurance
- Cisco Prime Collaboration Provisioning
- Cisco Prime Home
- Cisco Prime IP Express
- Cisco Prime Infrastructure
- Cisco Prime LAN Management Solution (LMS - Solaris)
- Cisco Prime Network Registrar (CPNR) virtual appliance
- Cisco Prime Network Registrar IP Address Manager (IPAM)
- Cisco Prime Network Services Controller
- Cisco Prime Network
- Cisco Prime Optical for SPs
- Cisco Prime Performance Manager
- Cisco Prime Provisioning for SPs
- Cisco Security Manager
- Cisco Unified Provisioning Manager (CUPM)
- CiscoWorks Network Compliance Manager
- Local Collector Appliance (LCA)
- Unified Communications Deployment Tools
Routing and Switching - Enterprise and Service Provider
- CRS-CGSE-PLIM
- CRS-CGSE-PLUS
- Cisco ASR 9000 Series Integrated Service Module
- Cisco Broadband Access Center Telco Wireless
- Cisco IOS XR Software
- Cisco Metro Ethernet 1200 Series Access Devices
- Cisco Mobile Wireless Transport Manager
- Cisco Nexus 4000 Series
- Cisco ONS 15454 Series Multiservice Provisioning Platforms
- Cisco OnePK All-in-One VM
- Cisco Service Control Application for Broadband
- Cisco Service Control Collection Manager
- Cisco Service Control Operating System
- Cisco Service Control Subscriber Manager
- Cisco VPN Acceleration Engine
- IOS-XR for Cisco Network Convergence System (NCS) 6000
Routing and Switching - Small Business
- Cisco Small Business AP500 Series Wireless Access Points
- Cisco Small Business RV 120W Wireless-N VPN Firewall
- Cisco Small Business RV Series Routers 0xxv3
- Cisco Small Business RV Series Routers RV110W
- Cisco Small Business RV Series Routers RV130x
- Cisco Small Business RV Series Routers RV215W
- Cisco Small Business RV Series Routers RV220W
- Cisco Small Business RV Series Routers RV315W
- Cisco Small Business RV Series Routers RV320
- Cisco Sx220 switches
- Cisco Sx300 switches
- Cisco Sx500 switches
Unified Computing
- Cisco UCS ADA
- Cisco UCS Manager
- Cisco Unified Computing System B-Series (Blade) Servers
- UCS IO Modules
Voice and Unified Communications Devices
- Cisco 190 ATA Series Analog Terminal Adaptor
- Cisco 7937 IP Phone
- Cisco 8800 Series IP Phones - VPN Feature
- Cisco ATA 187 Analog Telephone Adaptor
- Cisco Agent Desktop
- Cisco Broadband Access Center for Cable Tools Suite 4.1
- Cisco Broadband Access Center for Cable Tools Suite 4.2
- Cisco Computer Telephony Integration Object Server (CTIOS)
- Cisco DX Series IP Phones
- Cisco IP Interoperability and Collaboration System (IPICS)
- Cisco Packaged Contact Center Enterprise
- Cisco Paging Server (Informacast)
- Cisco Paging Server
- Cisco Prime Cable Provisioning Tools Suite 5.0
- Cisco Prime Cable Provisioning Tools Suite 5.1
- Cisco Remote Silent Monitoring
- Cisco SPA112 2-Port Phone Adapter
- Cisco SPA122 ATA with Router
- Cisco SPA232D Multi-Line DECT ATA
- Cisco SPA30X Series IP Phones
- Cisco SPA50X Series IP Phones
- Cisco SPA51X Series IP Phones
- Cisco SPA525G
- Cisco SPA8000 8-port IP Telephony Gateway
- Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
- Cisco TAPI Service Provider (TSP)
- Cisco Unified 3900 series IP Phones
- Cisco Unified 6911 IP Phones
- Cisco Unified 6921 IP Phones
- Cisco Unified 6945 IP Phones
- Cisco Unified 7800 Series IP Phones
- Cisco Unified 8831 series IP Conference Phone
- Cisco Unified 8961 IP Phone
- Cisco Unified 9951 IP Phone
- Cisco Unified 9971 IP Phone
- Cisco Unified Attendant Console Advanced
- Cisco Unified Attendant Console Business Edition
- Cisco Unified Attendant Console Department Edition
- Cisco Unified Attendant Console Enterprise Edition
- Cisco Unified Attendant Console Premium Edition
- Cisco Unified Attendant Console Standard
- Cisco Unified Client Services Framework
- Cisco Unified Communications Domain Manager
- Cisco Unified Contact Center Enterprise
- Cisco Unified E-Mail Interaction Manager
- Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
- Cisco Unified IP Phone 7900 Series
- Cisco Unified IP Phone 8941 and 8945 (SIP)
- Cisco Unified Integration for IBM Sametime
- Cisco Unified Intelligent Contact Management Enterprise
- Cisco Unified Operations Manager (CUOM)
- Cisco Unified Web Interaction Manager
- Cisco Unified Wireless IP Phone
- Cisco Unified Workforce Optimization
- Cisco Virtualization Experience Media Engine for Windows
- Cisco Voice Portal (CVP)
- xony VIM/CCDM/CCMP
Video, Streaming, TelePresence, and Transcoding Devices
- Cisco AnyRes Live (CAL)
- Cisco AnyRes VOD (CAL)
- Cisco Command 2000 Server (cmd2k) (RH Based)
- Cisco D9824 Advanced Multi Decryption Receiver
- Cisco D9854/D9854-I Advanced Program Receiver
- Cisco D9858 Advanced Receiver Transcoder
- Cisco D9859 Advanced Receiver Transcoder
- Cisco D9865 Satellite Receiver
- Cisco Digital Media Manager (DMM)
- Cisco Digital Media Manager
- Cisco Digital Media Players (DMP) 4300 Series
- Cisco Digital Media Players (DMP) 4400 Series
- Cisco Media Services Interface
- Cisco Model D9485 DAVIC QPSK
- Cisco Powerkey CAS Gateway (PCG)
- Cisco Powerkey Encryption Server (PKES)
- Cisco Show and Share
- Cisco TelePresence Advanced Media Gateway Series
- Cisco TelePresence Content Server (TCS)
- Cisco TelePresence Exchange System (CTX)
- Cisco TelePresence ISDN GW 3241
- Cisco TelePresence ISDN GW MSE 8321
- Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300)
- Cisco TelePresence Management Suite (TMS)
- Cisco TelePresence Management Suite Analytics Extension (TMSAE)
- Cisco TelePresence Management Suite Extension (TMSXE)
- Cisco TelePresence Management Suite Extension for IBM
- Cisco TelePresence Management Suite Provisioning Extension
- Cisco TelePresence Serial Gateway Series
- Cisco TelePresence Server 8710, 7010
- Cisco TelePresence Server on Multiparty Media 310, 320
- Cisco TelePresence Server on Virtual Machine
- Cisco TelePresence Supervisor MSE 8050
- Cisco Transaction Encryption Device (TED)
- Cisco VEN501 Wireless Access Point
- Cisco Video Surveillance 3000 Series IP Cameras
- Cisco Video Surveillance 4000 Series High-Definition IP Cameras
- Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras
- Cisco Video Surveillance 6000 Series IP Cameras
- Cisco Video Surveillance 7000 Series IP Cameras
- Cisco Video Surveillance PTZ IP Cameras
- Cisco Videoscape Conductor
- Cisco Virtual PGW 2200 Softswitch
- Tandberg Codian ISDN GW 3210/3220/3240
- Tandberg Codian MSE 8320 model
Wireless
- Cisco 3G Femtocell Wireless
- Cisco IOS Access Points
- Cisco RF Gateway 1 (RFGW-1)
- Cisco Wireless Control System (WCS)
- Cisco Wireless LAN Controller (WLC)
- Cisco Wireless Security Gateway Application (WSG)
Cisco Hosted Services
- Cisco Cloud Email Security
- Cisco Cloud and Systems Management
- Cisco Partner Supporting Service
- Cisco Registered Envelope Service (CRES)
- Cisco Smart Care
- Cisco SmartConnection
- Cisco SmartReports
- Cisco Unified Services Delivery Platform (CUSDP)
- Cisco WebEx Meeting Center
- Cisco WebEx Node
- Cisco WebEx11 Application Server
- Communication/Collaboration Sizing Tool, Virtue Machine Placement Tool, Cisco Unified Communications Upgrade Readiness Assessment
- DCAF UCS Collector
- Life Cycle Management Agent Manager (LCM)
- MACD Process Controller (MPC)
- Network Device Security Assessment
- Partner Supporting Service (PSS) 1.x
- Partner Supporting Service (PSS) 2.x
- Sentinel
- Serial Number Assessment Service (SNAS)
- Small Cell factory recovery root filesystem V2.99.4 or later
- Smart Net Total Care (SNTC)
- WebEx PCNow
- WebEx QuickBooks
-
Mitigations that apply to the NAK-to-the-Future vulnerability involve preventing the device from processing NTP queries from untrusted hosts. In products that allow editing the ntp.conf file, this is accomplished by the notrust directive and configuring peer authentication. Other products may support ntp access-group commands that can be used to filter NTP queries to trusted hosts only. Potential workarounds for each affected Cisco product are referenced in the Cisco Bug ID workarounds section.
-
When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
-
These vulnerabilities were discovered by researchers from Boston University, Cisco Systems Inc., RedHat, Tenable Networks, and IDA.org.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Show LessVersion Description Section Status Date 2.8 Updated the Affected Products section. Affected Products Final 2016-January-27 2.7 Updated information about first fixed releases. Affected Products Interim 2016-January-06 2.6 Added link to Cisco IOS Software Checker. Moved the following products from Affected to Not Affected based on further evaluation: Cisco WebEx11 Application Server, Cisco Powerkey Encryption Server (PKES) and Cisco Transaction Encryption Device (TED). Affected Products Interim 2015-December-24 2.5 Updated available fixed software releases. Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-December-18 2.4 Moved Cisco IOS-XR for Cisco Network Convergence System (NCS) 6000 to the Products Confirmed Not Vulnerable section and changed the name to "Cisco IOS-XR and sysadmin for Cisco Network Convergence System (NCS) 6000." Affected Products Interim 2015-December-08 2.3 Removed duplicate entry of "Cisco Virtual Topology System (formerly Virtual Systems Operations Center)." Affected Products Interim 2015-December-07 2.2 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-December-02 2.1 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Cisco IOS Affected versions and first fixed versions added to Cisco IOS Software Checker. Affected Products Interim 2015-November-24 2.0 Moved Cisco IOS Software and Cisco IOS XE Software to the Affected Products section due to Kiss of Death (KoD) issues. Moved Cisco IOS XR Software from the Affected Products section to the Products Confirmed Not Vulnerable section after further investigation. Affected Products Interim 2015-November-16 1.10 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-November-13 1.9 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-November-09 1.8 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-November-02 1.7 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-October-30 1.6 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-October-29 1.5 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-October-28 1.4 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-October-27 1.3 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-October-26 1.2 Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Affected Products Interim 2015-October-23 1.1 Added products under investigation, known affected, and known not affected. Affected products Interim 2015-October-22 1.0 Initial public release. - Interim 2015-October-21
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.