Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service
Vulnerability

Advisory ID: cisco-sa-20090923-h323

Revision 1.0

For Public Release 2009 September 23

+---------------------------------------------------------------------

Summary
=======

The H.323 implementation in Cisco IOSĀ® Software contains a
vulnerability that can be exploited remotely to cause a device that
is running Cisco IOS Software to reload.

Cisco has released free software updates that address this
vulnerability. There are no workarounds to mitigate the vulnerability
apart from disabling H.323 if the device that is running Cisco IOS
Software does not need to run H.323 for VoIP services.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml

Note: The September 23, 2009, Cisco IOS Security Advisory bundled
publication includes eleven Security Advisories. Ten of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The
following table lists releases that correct all Cisco IOS Software
vulnerabilities that have been published on September 23, 2009, or
earlier.

http://www.cisco.com/warp/public/707/cisco-sa-20090923-bundle.shtml

Individual publication links are in "Cisco Event Response: Semiannual
Cisco IOS Software Advisory Bundled Publication" at the following
link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep09.html

Affected Products
=================

Vulnerable Products
+------------------

Cisco devices that are running affected Cisco IOS Software versions
that are configured to process H.323 messages are affected by this
vulnerability. H.323 is not enabled by default.

To determine the Cisco IOS Software device is running H.323 services
use the "show process cpu | include 323" command, as shown in the
following example:

    Router#show process cpu | include 323
     249       16000           3       5333  0.00%  0.00%  0.00%   0 CCH323_CT
     250           0           1          0  0.00%  0.00%  0.00%   0 CCH323_DNS
    Router# 

Note: Only H.323 listening port TCP 1720 is affected.

To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log in to the device and issue the 
"show version" command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the "show version" command or may provide
different output.

The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:

    Router#show version
    Cisco Internetwork Operating System Software
    IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by cisco Systems, Inc.
    Compiled Mon 17-Mar-08 14:39 by dchih
    
    
    !--- output truncated
    

The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C1841-ADVENTERPRISEK9-M:

    Router#show version
    Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by Cisco Systems, Inc.
    Compiled Thu 10-Jul-08 20:25 by prod_rel_team
    
    
    !--- output truncated
    

Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS Reference Guide"
at the following link:

http://www.cisco.com/warp/public/620/1.html

Products Confirmed Not Vulnerable
+--------------------------------

Cisco IOS XE and Cisco IOS XR Software are not affected by this
vulnerability. No other Cisco products are currently known to be
affected by this vulnerability.

Details
=======

H.323 is the ITU standard for real-time multimedia communications and
conferencing over packet-based (IP) networks. A subset of the H.323
standard is H.225.0, a standard used for call signalling protocols
and media stream packetization over IP networks.

The H.323 implementation in Cisco IOS Software contains a
vulnerability. An attacker can exploit this vulnerability remotely by
sending an H.323 crafted packet to the affected device that is
running Cisco IOS Software. A TCP three-way handshake is needed to
exploit this vulnerability.

This vulnerability is documented in Cisco bug ID CSCsz38104 and has
been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2866.

Vulnerability Scoring Details
=============================

Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding
CVSS at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

CSCsz38104 - Crafted H323 packets may cause device to reload

CVSS Base Score - 7.8

Access Vector           - Network
Access Complexity       - Low
Authentication          - None
Confidentiality Impact  - None
Integrity Impact        - None
Availability Impact     - Complete

CVSS Temporal Score - 6.4

Exploitability          - Functional
Remediation Level       - Official-Fix
Report Confidence       - Confirmed

Impact
======

Successful exploitation of the vulnerability described in this
document may cause the affected device to reload. The issue could be
exploited repeatedly to cause an extended DoS condition.

Software Versions and Fixes
===========================

When considering software upgrades, also consult:

http://www.cisco.com/go/psirt

and any subsequent advisories to determine exposure and a complete
upgrade solution.

In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.

Each row of the Cisco IOS software table (below) names a Cisco IOS
release train. If a given release train is vulnerable, then the
earliest possible releases that contain the fix (along with the
anticipated date of availability for each, if applicable) are listed
in the "First Fixed Release" column of the table. The "Recommended
Release" column indicates the releases which have fixes for the
published vulnerabilities at the time of this Advisory. A device
running a release in the given train that is earlier than the release
in a specific column (less than the First Fixed Release) is known to
be vulnerable. Cisco recommends upgrading to a release equal to or
later than the release in the "Recommended Releases" column of the
table.

+-------------------------------------------------------------------+
|   Major    |          Availability of Repaired Releases           |
|  Release   |                                                      |
|------------+------------------------------------------------------|
|  Affected  |                                       | Recommended  |
| 12.0-Based |          First Fixed Release          |   Release    |
|  Releases  |                                       |              |
|-------------------------------------------------------------------|
| There are no affected 12.0 based releases.                        |
|-------------------------------------------------------------------|
|  Affected  |                                       | Recommended  |
| 12.1-Based |          First Fixed Release          |   Release    |
|  Releases  |                                       |              |
|-------------------------------------------------------------------|
| There are no affected 12.1 based releases.                        |
|-------------------------------------------------------------------|
|  Affected  |                                       | Recommended  |
| 12.2-Based |          First Fixed Release          |   Release    |
|  Releases  |                                       |              |
|------------+---------------------------------------+--------------|
| 12.2       | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; first fixed in 12.4       | 12.4(25b)    |
| 12.2B      |                                       |              |
|            | Releases up to and including 12.2(4)  | 12.4(23b)    |
|            | B8 are not vulnerable.                |              |
|------------+---------------------------------------+--------------|
| 12.2BC     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2BW     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; first fixed in 12.4       | 12.4(25b)    |
| 12.2BX     |                                       |              |
|            | Releases up to and including 12.2(15) | 12.4(23b)    |
|            | BX are not vulnerable.                |              |
|------------+---------------------------------------+--------------|
| 12.2BY     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2BZ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2CX     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2CY     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2CZ     | Vulnerable; migrate to 12.2SB         | 12.2(33)SB7  |
|------------+---------------------------------------+--------------|
| 12.2DA     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2DD     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2DX     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2EW     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2EWA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2EX     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2EY     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2EZ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2FX     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2FY     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2FZ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IRA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IRB    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IRC    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IXA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IXB    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IXC    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IXD    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IXE    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IXF    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IXG    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2IXH    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2JA     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2JK     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2MB     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Releases up to and including 12.2(15) |              |
|            | MC1 are not vulnerable.               | 12.4(25b)    |
| 12.2MC     |                                       |              |
|            | Releases 12.2(15)MC2b and later are   | 12.4(23b)    |
|            | not vulnerable; first fixed in 12.4   |              |
|------------+---------------------------------------+--------------|
| 12.2S      | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SB     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SBC    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SCA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SCB    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SE     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SEA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SEB    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SEC    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SED    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SEE    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SEF    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SEG    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SG     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SGA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SL     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SM     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SO     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SQ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SRA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SRB    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SRC    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SRD    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2STE    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SU     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SV     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SVA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SVC    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SVD    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SVE    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SW     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SX     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SXA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SXB    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SXD    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SXE    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SXF    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SXH    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SXI    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SY     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2SZ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; first fixed in 12.4       | 12.4(25b)    |
| 12.2T      |                                       |              |
|            | Releases up to and including 12.2(8)  | 12.4(23b)    |
|            | T10 are not vulnerable.               |              |
|------------+---------------------------------------+--------------|
| 12.2TPC    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XA     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XB     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XC     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XD     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XE     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XF     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XG     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XH     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XI     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XJ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XK     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XL     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XM     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XNA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XNB    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XNC    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XND    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XO     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XQ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XR     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XS     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XT     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XU     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XV     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2XW     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YA     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YB     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YC     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YD     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YE     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YF     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YG     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2YH     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2YJ     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
| 12.2YK     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2YL     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.2YM     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2YN     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
| 12.2YO     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YP     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YQ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YR     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YS     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2YT     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2YU     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            | Releases prior to 12.2(11)YV1 are     |              |
| 12.2YV     | vulnerable, release 12.2(11)YV1 and   |              |
|            | later are not vulnerable              |              |
|------------+---------------------------------------+--------------|
| 12.2YW     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YX     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YY     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2YZ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2ZA     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2ZB     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2ZC     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2ZD     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.2ZE     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.2ZF     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
| 12.2ZG     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.2ZH     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2ZJ     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2ZL     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.2ZP     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
| 12.2ZU     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2ZX     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2ZY     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.2ZYA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|  Affected  |                                       | Recommended  |
| 12.3-Based |          First Fixed Release          |   Release    |
|  Releases  |                                       |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3       | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3B      | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
| 12.3BC     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.3BW     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.3EU     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.3JA     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.3JEA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.3JEB    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.3JEC    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Releases up to and including 12.3(2)  |              |
|            | JK3 are not vulnerable.               | 12.4(25b)    |
| 12.3JK     |                                       |              |
|            | Releases 12.3(8)JK1 and later are not | 12.4(23b)    |
|            | vulnerable; first fixed in 12.4       |              |
|------------+---------------------------------------+--------------|
| 12.3JL     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.3JX     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3T      | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
| 12.3TPC    | Releases up to and including 12.3(4)  |              |
|            | TPC11a are not vulnerable.            |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.3VA     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            | Releases prior to 12.3(2)XA7 are      | 12.4(25b)    |
| 12.3XA     | vulnerable, release 12.3(2)XA7 and    |              |
|            | later are not vulnerable; first fixed | 12.4(23b)    |
|            | in 12.4                               |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.3XB     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XC     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XD     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XE     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.3XF     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XG     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            | Note: Releases prior to 12.3(7)XI11   | 12.2(33)SB7  |
| 12.3XI     | are vulnerable, release 12.3(7)XI11   |              |
|            | and later are not vulnerable;         | 12.2(31)SB16 |
|------------+---------------------------------------+--------------|
| 12.3XJ     | Vulnerable; migrate to any release in | 12.4(15)T10  |
|            | 12.4XN                                |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XK     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XL     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XQ     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XR     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
| 12.3XS     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            | Vulnerable; first fixed in 12.4T      | 12.4(20)T4   |
|            |                                       |              |
| 12.3XU     | Releases up to and including 12.3(8)  | 12.4(22)T3   |
|            | XU1 are not vulnerable.               |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            | Vulnerable; migrate to any release in | 12.4(15)XR7  |
| 12.3XW     | 12.4XR                                |              |
|            |                                       | 12.4(22)XR   |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XX     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XY     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(25b)    |
| 12.3XZ     | Vulnerable; first fixed in 12.4       |              |
|            |                                       | 12.4(23b)    |
|------------+---------------------------------------+--------------|
| 12.3YA     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.3YD     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; migrate to any release in | 12.4(15)XR7  |
| 12.3YF     | 12.4XR                                |              |
|            |                                       | 12.4(22)XR   |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.3YG     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
| 12.3YH     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.3YI     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.3YJ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            | Releases prior to 12.3(11)YK3 are     | 12.4(20)T4   |
|            | vulnerable, release 12.3(11)YK3 and   |              |
| 12.3YK     | later are not vulnerable; first fixed | 12.4(22)T3   |
|            | in 12.4T                              |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.3YM     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.3YQ     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            | Vulnerable; first fixed in 12.4T      | 12.4(20)T4   |
|            |                                       |              |
| 12.3YS     | Releases up to and including 12.3(11) | 12.4(22)T3   |
|            | YS1 are not vulnerable.               |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.3YT     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.3YU     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)XR7  |
| 12.3YX     | Vulnerable; migrate to 12.4XR         |              |
|            |                                       | 12.4(22)XR   |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.3YZ     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.3ZA     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|  Affected  |                                       | Recommended  |
| 12.4-Based |          First Fixed Release          |   Release    |
|  Releases  |                                       |              |
|------------+---------------------------------------+--------------|
|            | 12.4(25b)                             | 12.4(25b)    |
| 12.4       |                                       |              |
|            | 12.4(23b)                             | 12.4(23b)    |
|------------+---------------------------------------+--------------|
| 12.4GC     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4JA     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4JDA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4JDC    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4JDD    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4JK     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4JL     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4JMA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4JMB    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4JX     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4MD     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4MDA    | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Releases prior to 12.4(19)MR3 are     |              |
| 12.4MR     | vulnerable, release 12.4(19)MR3 and   |              |
|            | later are not vulnerable              |              |
|------------+---------------------------------------+--------------|
| 12.4SW     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            | 12.4(15)T10                           |              |
|            |                                       | 12.4(20)T4   |
|            | 12.4(20)T4                            |              |
| 12.4T      |                                       | 12.4(22)T3   |
|            | 12.4(22)T2                            |              |
|            |                                       | 12.4(24)T2;  |
|            | 12.4(24)T1                            | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4XA     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4XB     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4XC     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4XD     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4XE     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
| 12.4XF     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4XG     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4XJ     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
| 12.4XK     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.4XL     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            | Vulnerable; first fixed in 12.4T      | 12.4(20)T4   |
|            |                                       |              |
| 12.4XM     | Releases up to and including 12.4(15) | 12.4(22)T3   |
|            | XM are not vulnerable.                |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
| 12.4XN     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.4XP     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
| 12.4XQ     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4XR     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4XT     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            | Vulnerable; Contact your support      |              |
| 12.4XV     | organization per the instructions in  |              |
|            | Obtaining Fixed Software section of   |              |
|            | this advisory                         |              |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4XW     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4XY     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4XZ     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
|            |                                       | 12.4(15)T10  |
|            |                                       |              |
|            |                                       | 12.4(20)T4   |
|            |                                       |              |
| 12.4YA     | Vulnerable; first fixed in 12.4T      | 12.4(22)T3   |
|            |                                       |              |
|            |                                       | 12.4(24)T2;  |
|            |                                       | Available on |
|            |                                       | 23-OCT-2009  |
|------------+---------------------------------------+--------------|
| 12.4YB     | 12.4(22)YB4                           | 12.4(22)YB4  |
|------------+---------------------------------------+--------------|
| 12.4YD     | Not Vulnerable                        |              |
|------------+---------------------------------------+--------------|
| 12.4YE     | Not Vulnerable                        |              |
+-------------------------------------------------------------------+

Note: No Cisco IOS-XE Software or Cisco IOS Software Modularity
releases are affected by this vulnerability.

Workarounds
===========

There are no workarounds to mitigate the vulnerability apart from
disabling H.323 if the Cisco IOS device does not need to run H.323
for VoIP services. Affected devices that must run H.323 are
vulnerable, and there are not any specific configurations that can be
used to protect them. Applying access