Cisco Security Advisory
Click Icon to Copy Verbose Score
AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
-
Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090908-tcp24.
-
Vulnerable Products
The following Cisco products have a TCP implementation that is affected by these vulnerabilities. Refer to the Software Versions and Fixes section for information on fixed software.
Cisco IOS Software
To determine the Cisco IOS® Software release that is running on a Cisco product, administrators can log into the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.
The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L:
Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih <output truncated>
The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M:
Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team <output truncated>
Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link:
http://www.cisco.com/web/about/security/intelligence/ios-ref.html
Cisco IOS-XE Software
The version of Cisco IOS-XE Software that is running on a Cisco product can be determined using the show version command from the Command Line Interface (CLI).
Cisco CatOS Software
The version of Cisco CatOS Software that is running on a Cisco product can be determined using the show version command from the CLI.
Cisco Adaptive Security Appliance (ASA) and Cisco PIX
Cisco ASA and Cisco PIX security appliances running versions 7.1, 7.2, 8.0, and 8.1 are affected when configured for any of the following features:
- SSL VPNs
- ASDM Administrative Access
- Telnet Access
- SSH Access
- Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs
- Virtual Telnet
- Virtual HTTP
- Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection
- Cut-Through Proxy for Network Access
The version of software that is running on a Cisco ASA and Cisco PIX security appliances can be determined using the show version command from the CLI.
Cisco NX-OS Software
The version of Cisco NX-OS Software that is running on Cisco Nexus 5000 and 7000 series devices can be determined using the show version command from the CLI.
Scientific Atlanta Products
Scientific Atlanta customers are instructed to contact Scientific Atlanta's Technical Support for questions regarding the impact, mitigation and remediation of the vulnerabilities discussed in this document.
Contact information for Scientific Atlanta Technical Support can be found at the following web site:
http://www.cisco.com/en/US/products/ps10459/serv_group_home.html
Linksys Products
Cisco has investigated the Linksys product family and found that no Linksys products are affected by the TCP vulnerabilities. Customers with additional questions on Linksys products should contact:
Products Confirmed Not Vulnerable
The following Cisco products are not affected:
- Cisco IOS XR
- Cisco IOS Software Modularity
- Cisco ASA Software version 8.2
- Cisco ASA and Cisco PIX Software version 7.0
- Cisco PIX Software version 6.x and earlier
- Cisco Firewall Services Module (FWSM)
- Cisco Multilayer Distribution Switches (MDS)
- Cisco Application Control Engine (ACE) Modules and Appliances
- Cisco ACE XML Gateway
- Cisco Access Control Server (ACS) Solution Engine
- Cisco Guard
- Cisco Security Monitoring, Analysis, and Response System (CS-MARS)
- Cisco ONS 15000
- Cisco Content Services Switches (CSS)
- Cisco Wide Area Application Services (WAAS)
- Cisco Wireless LAN Controller (WLC)
- IronPort C, M, S and X Series Appliances
- Cisco Global Site Selector (GSS)
- Cisco SSL Services Module (SSLM)
- Cisco Network Analysis Module (NAM)
- Cisco Content Switch Module (CSM)
- Cisco Web Application Firewall (WAF)
- Cisco Service Control Engine (SCE)
- Cisco Wireless Services Modules (WiSM)
- Cisco Application and Content Networking System (ACNS)
- Cisco Content Engine (CE)
Cisco PSIRT tested Cisco products that are based on Linux and Microsoft Windows operating systems and found that although TCP connections in a FINWAIT1 state may temporarily consume system resources the operating systems eventually clear the TCP connections. If enough system resources are consumed, a sustained DoS condition may be possible. This outcome is highly dependent on the configuration and usage of a system. For more information about how these vulnerabilities affect Microsoft Windows operating systems, please consult the following Microsoft website at the following link:
http://go.microsoft.com/fwlink/?LinkId=155978
No other Cisco products are currently known to be affected by these vulnerabilities.
-
Multiple Cisco products are affected by DoS vulnerabilities in the TCP protocol. By manipulating the state of TCP connections, an attacker could force a system that is under attack to maintain TCP connections for long periods of time, or indefinitely in some cases. With a sufficient number of open TCP connections, the attacker may be able to cause a system to consume internal buffer and memory resources, resulting in new TCP connections being denied access to a targeted port or an entire system. A system reboot may be required to restore full system functionality. A full TCP three-way handshake is required to exploit these vulnerabilities.
Network devices are not directly impacted by TCP state manipulation DoS attacks transiting a device; however, network devices that maintain the state of TCP connections may be impacted. If the attacker can establish enough TCP connections through a transit device that maintains TCP state, device resources may be exhausted and prevent the device from processing new TCP connections, resulting in a DoS condition. If an affected device that forwards traffic (that is, routes) in a network is the target of a TCP state manipulation attack, the attacker could cause a network-impacting DoS condition.
Cisco IOS Software
All Cisco IOS Software versions are affected by this vulnerability. A device running Cisco IOS Software that is under attack will have numerous hung TCP connections in the FINWAIT1 state. The show tcp brief command can be used to display the hung TCP connections. The following is example output showing an attack in progress.
Router#show tcp brief | include FIN 63D697C4 192.168.1.10.80 192.168.1.20.38479 FINWAIT1 63032A28 192.168.1.10.80 192.168.1.20.54154 FINWAIT1 645F8068 192.168.1.10.80 192.168.1.20.56287 FINWAIT1 630323F4 192.168.1.10.80 192.168.1.20.6372 FINWAIT1 63D69190 192.168.1.10.80 192.168.1.20.23489 FINWAIT1
The vulnerabilities for Cisco IOS Software are documented in Cisco Bug ID CSCsv04836 ( registered customers only) .
Cisco IOS-XE Software
All Cisco IOS-XE Software versions are affected by this vulnerability. A device running Cisco IOS-XE Software that is under attack will have numerous hung TCP connections in the FINWAIT1 state. The show tcp brief command can be used to display the hung TCP connections. The following is example output showing an attack in progress.
Router#show tcp brief | include FIN 63D697C4 192.168.1.10.80 192.168.1.20.38479 FINWAIT1 63032A28 192.168.1.10.80 192.168.1.20.54154 FINWAIT1 645F8068 192.168.1.10.80 192.168.1.20.56287 FINWAIT1 630323F4 192.168.1.10.80 192.168.1.20.6372 FINWAIT1 63D69190 192.168.1.10.80 192.168.1.20.23489 FINWAIT1
The vulnerabilities for Cisco IOS-XE Software are documented in Cisco Bug ID CSCsv07712 ( registered customers only) .
Cisco CatOS Software
All Cisco CatOS Software versions are affected by these vulnerabilities. A device running Cisco CatOS Software that is under attack will have numerous hung TCP connections in the FIN_WAIT_1 state. The show netstat command can be used to display the hung TCP connections. The following is example output showing an attack in progress.
Console> (enable) show netstat Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 83 192.168.1.10.23 192.168.1.20.46056 FIN_WAIT_1 tcp 0 83 192.168.1.10.23 192.168.1.20.16305 FIN_WAIT_1 tcp 0 83 192.168.1.10.23 192.168.1.20.14628 FIN_WAIT_1 tcp 0 83 192.168.1.10.23 192.168.1.20.7275 FIN_WAIT_1 tcp 0 83 192.168.1.10.23 192.168.1.20.39559 FIN_WAIT_1
The vulnerabilities for Cisco CatOS Software are documented in Cisco Bug ID CSCsv66169 ( registered customers only) .
Cisco ASA and Cisco PIX Software
Certain Cisco ASA and Cisco PIX Software versions are affected by these vulnerabilities. A device running Cisco ASA and Cisco PIX Software that is under attack will have numerous TCP connections in the established state. The show asp table socket command can be used to display the TCP connections. The following is example output showing a potential attack in progress.
FIREWALL# show asp table socket | grep ESTAB TCP 123a8a6c 192.168.1.10:80 192.168.1.20:46181 ESTAB TCP 123e6d54 192.168.1.10:80 192.168.1.20:29546 ESTAB TCP 1244f78c 192.168.1.10:80 192.168.1.20:40271 ESTAB TCP 124f8d2c 192.168.1.10:80 192.168.1.20:46599 ESTAB TCP 12507f2c 192.168.1.10:80 192.168.1.20:5607 ESTAB
It is possible for normal traffic to cause established TCP connections to appear on Cisco ASA or PIX devices, especially VPN connections terminated to the device. In order to confirm if established TCP connections are part of an attack, administrators should use a monitoring point outside the firewall such as a packet sniffer or Netflow collection agent to examine the profile of the suspicious TCP connections and determine if an attack is occurring.
Note: The show asp table socket command was introduced in Cisco ASA and Cisco PIX Software 8.0(1).
Further detail about hung TCP connections can be found with show conn detail all long command. The IP address used to qualify the example below is the address of the firewall interface under attack.
FIREWALL# show conn detail all long | grep 192.168.1.10 TCP outside:192.168.1.20/62345 (192.168.1.20/62345) NP Identity Ifc:192.168.1.10/80 (192.168.1.10/80), flags UB, idle 0s, uptime 0s, timeout 1m0s, bytes 0 TCP outside:192.168.1.20/56268 (192.168.1.20/56268) NP Identity Ifc:192.168.1.10/80 (192.168.1.10/80), flags UB, idle 0s, uptime 0s, timeout 1m0s, bytes 0 TCP outside:192.168.1.20/63445 (192.168.1.20/63445) NP Identity Ifc:192.168.1.10/80 (192.168.1.10/80), flags UB, idle 0s, uptime 0s, timeout 1m0s, bytes 0 TCP outside:192.168.1.20/49151 (192.168.1.20/49151) NP Identity Ifc:192.168.1.10/80 (192.168.1.10/80), flags UB, idle 0s, uptime 0s, timeout 1m0s, bytes 0 TCP outside:192.168.1.20/57147 (192.168.1.20/57147) NP Identity Ifc:192.168.1.10/80 (192.168.1.10/80), flags UB, idle 0s, uptime 0s, timeout 1m0s, bytes 0
Note: Both troubleshooting commands referenced about will display TCP connections that are terminated to a firewall interface and transiting through the firewall.
The vulnerabilities for Cisco ASA and Cisco PIX Software are documented in Cisco Bug ID CSCsv02768 ( registered customers only) .
Cisco NX-OS Software
All Cisco Nexus 5000 and 7000 platforms running Cisco NX-OS Software are affected by these vulnerabilities. A Nexus 5005 or 7000 device running Cisco NX-OS Software that is under attack will have numerous hung TCP connections in the FIN_WAIT_1 state. The show tcp connection detail command can be used to display the hung TCP connections. The following is example output showing an attack in progress.
NEXUS# show tcp connection detail | include FIN State: FIN_WAIT_1 State: FIN_WAIT_1 State: FIN_WAIT_1 State: FIN_WAIT_1 State: FIN_WAIT_1
The hung TCP connection vulnerabilities for Nexus 5000 and Nexus 7000 devices are documented in Cisco Bug ID CSCsv08325 ( registered customers only) and Cisco Bug ID CSCsv08579 ( registered customers only) respectively.
While investigating the TCP state manipulation vulnerabilities, it was discovered that Cisco NX-OS on Nexus 5000 platforms may be vulnerable to a system crash when receiving a specific sequence of TCP packets. This vulnerability is documented in Cisco Bug ID CSCsv08059 ( registered customers only) and has been assigned CVE identifier CVE-2009-0627.
The TCP state manipulation vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-4609.
-
It is possible to mitigate these vulnerabilities with the following workarounds.
Cisco IOS Software
The Cisco Guide to Harden Cisco IOS Devices provides examples of many useful techniques to mitigate against the TCP state manipulation vulnerabilities. These include:
- Infrastructure Access Control Lists (iACL)
- Receive Access Control Lists (rACL)
- Transit Access Control Lists (tACL)
- VTY Access Control Lists
- Control Plane Policing (CoPP)
- Control Plane Protection (CPPr)
- Management Plane Policing (MPP)
For more information on the topics listed above, consult the Cisco Guide to Harden Cisco IOS Devices at the following link:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
Cisco CatOS Software
Cisco CatOS software provides VLAN Access Control Lists (VACL) to mitigate against the TCP state manipulation vulnerabilities. For more information on configuring VACLs on CatOS 7.x software versions, please consult the following link:
For more information on configuring VACLs on CatOS 8.x software versions, please consult the following link:
Cisco ASA and Cisco PIX Software
Cisco ASA and Cisco PIX Software provide a method to expire stalled half-closed TCP connections that helps mitigate against the TCP state manipulation vulnerabilities. This method protects against attacks directed to a firewall and devices protected by a firewall. The timeout half-closed command will expire TCP sessions that have remained in a half-closed state beyond a user-configured timeout.
FIREWALL(config)# timeout half-closed 0:5:0
This command will set the TCP half-closed timeout to the smallest permitted value of five minutes. For more information on the TCP half-closed timeout, please consult the following link:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/t.html#wp1500148
Cisco Nexus Software
Cisco Nexus software provides several ACL methods to mitigate against the TCP state manipulation vulnerabilities. For more information on configuring ACLs on Nexus 5000 systems, please consult the following link:
For more information on configuring ACLs on Nexus 7000 systems, please consult the following link:
Cisco Applied Mitigation Bulletin
Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link:
-
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
Cisco IOS Software
Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table.
Major Release
Availability of Repaired Releases
Affected 12.0-Based Releases
First Fixed Release
Recommended Release
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
12.0(33)S3
12.0(32)S12
12.0(33)S5
12.0(32)S14; Available on 25-SEP-2009
Vulnerable; first fixed in 12.0S
12.0(33)S5
12.0(32)S14; Available on 25-SEP-2009
Vulnerable; first fixed in 12.0S
12.0(33)S5
12.0(32)S14; Available on 25-SEP-2009
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.0S
12.0(33)S5
12.0(32)S14; Available on 25-SEP-2009
Vulnerable; first fixed in 12.0S
12.0(33)S5
12.0(32)S14; Available on 25-SEP-2009
12.0(32)SY8
12.0(32)SY9a
12.0(32)SY10 ; Available on 25-SEP-2009
12.0(32)SY9a
12.0(32)SY10; Available on 25-SEP-2009
12.0(30)SZ10
12.0(33)S5
12.0(32)S14; Available on 25-SEP-2009
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(25b)
12.4(23b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Affected 12.1-Based Releases
First Fixed Release
Recommended Release
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.1EA
12.1(22)EA13
Vulnerable; first fixed in 12.1EA
12.1(22)EA13
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.1(22)EA13
12.1(22)EA13
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
12.2(44)EY
12.2(46)EY
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.1EA
12.1(22)EA13
Affected 12.2-Based Releases
First Fixed Release
Recommended Release
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.2SB
12.2(28)SB14; Available on 20-OCT-2009
12.2(12)DA14
12.4(25b)
12.4(23b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Releases prior to 12.2(44)EY are vulnerable, release 12.2(44)EY and later are not vulnerable
12.2(50)SE3
12.2(52)SE; Available on 13-OCT-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(33)IRC
Vulnerable; migrate to any release in 12.2IXH
Vulnerable; migrate to any release in 12.2IXH
Vulnerable; migrate to any release in 12.2IXH
Vulnerable; migrate to any release in 12.2IXH
Vulnerable; migrate to any release in 12.2IXH
Vulnerable; migrate to any release in 12.2IXH
Vulnerable; migrate to any release in 12.2IXH
12.2(18)IXH
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
12.2(15)MC2m
12.4(25b)
12.4(23b)
Vulnerable; first fixed in 12.2SB
12.2(28)SB14; Available on 20-OCT-2009
12.2(28)SB13
12.2(31)SB14
12.2(33)SB1b
12.2(34)SB2
12.2(31)SB16
12.2(28)SB14; Available on 20-OCT-2009
12.2(33)SB7
Vulnerable; first fixed in 12.2SB
12.2(28)SB14; Available on 20-OCT-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(33)SCB1
12.2(33)SCB4
12.2(44)SE5
12.2(46)SE2
12.2(50)SE
12.2(50)SE3
12.2(52)SE; Available on 13-OCT-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(50)SG
12.2(53)SG1
12.2(31)SGA9
12.2(31)SGA11; Available on 04-DEC-2009
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Releases prior to 12.2(29)SM5 are vulnerable, release 12.2(29)SM5 and later are not vulnerable
12.2(29)SM5
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(44)SQ2
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(33)SRB5a
12.2(33)SRD3
12.2(33)SRC5; Available on 29-OCT-2009
12.2(33)SRC3
12.2(33)SRC5; Available on 29-OCT-2009
12.2(33)SRD1
12.2(33)SRD3
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(29)SVE1
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(18)SXF17; Available on 30-SEP-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(18)SXF17; Available on 30-SEP-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(18)SXF17; Available on 30-SEP-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(18)SXF17; Available on 30-SEP-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(18)SXF17; Available on 30-SEP-2009
12.2(18)SXF16
12.2(18)SXF17; Available on 30-SEP-2009
12.2(33)SXH5
12.2(33)SXH6; Available on 30-OCT-2009
12.2(33)SXI1
12.2SXI2a
Vulnerable; first fixed in 12.2SB
12.2(28)SB14; Available on 20-OCT-2009
Vulnerable; first fixed in 12.2SB
12.2(28)SB14; Available on 20-OCT-2009
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(25b)
12.4(23b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Please see Cisco IOS-XE Software Availability
Please see Cisco IOS-XE Software Availability
Please see Cisco IOS-XE Software Availability
Please see Cisco IOS-XE Software Availability
12.2(52)XO
12.2(50)SG5; Available on 28-SEP-2009
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(18)SXF17; Available on 30-SEP-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.2SB
12.2(28)SB14; Available on 20-OCT-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.2(18)ZYA1
12.2(18)ZYA2
Affected 12.3-Based Releases
First Fixed Release
Recommended Release
Vulnerable; first fixed in 12.4
12.4(25b)
12.4(23b)
Vulnerable; first fixed in 12.4
12.4(25b)
12.4(23b)
12.3(21a)BC9
12.3(23)BC6
12.3(21a)BC9
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.3(8)JEC3
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.2SB
12.2(33)SB7
12.2(31)SB16
Vulnerable; first fixed in 12.4XR
12.4(15)XR7
12.4(22)XR
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4XR
12.4(15)XR7
12.4(22)XR
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4XR
12.4(15)XR7
12.4(22)XR
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.3(14)YM13
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4T
12.4(23b)
12.4(25b)
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.3(14)YX14
12.4(15)XR7
12.4(22)XR
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Affected 12.4-Based Releases
First Fixed Release
Recommended Release
12.4(18d)
12.4(23a)
12.4(25)
12.4(25b)
12.4(23b)
12.4(22)GC1
12.4(24)GC1
12.4(24)GC1
12.4(16b)JA1
12.4(21a)JA
12.4(10b)JDA3
12.4(10b)JDC
12.4(10b)JDD
12.4(3)JK4
12.4(3)JL1
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.4(21a)JX
12.4(11)MD7
12.4(15)MD2
12.4(22)MD
12.4(11)MD9
12.4(15)MD3
12.4(22)MD1
12.4(22)MDA
12.4(22)MDA1
12.4(19)MR2
12.4(19)MR3
12.4(15)SW3
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.4(5)T5e
12.4(15)T6a
12.4(22)T1
12.4(20)T2
12.4(24)T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.4(4)XD12
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.4(6)XE4
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.4(9)XG4
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.4(15)XL4
12.4(15)XM3
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.4(15)XQ2
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.4(15)XR4
12.4(22)XR
12.4(15)XR7
Vulnerable; first fixed in 12.4T
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
Vulnerable; Contact your support organization per the instructions in Obtaining Fixed Software section of this advisory
12.4(11)XW10
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.4(15)XY4
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.4(15)XZ2
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.4(20)YA2
12.4(15)T10
12.4(20)T4
12.4(22)T3
12.4(24)T2; Available on 23-OCT-2009
12.4(22)YB
12.4(22)YB4
12.4(22)YD
12.4(22)YD1
12.4(22)YE
12.4(22)YE1
Cisco IOS-XE Software
IOS-XE Release
First Fixed Release
2.1.x
2.2.3
2.2.x
2.2.3
2.3.x
Not Vulnerable
2.4.x
Not Vulnerable
Cisco CatOS Software
Affected Releases
First Fixed Release
7.x
7.6(24a)
8.x
8.7(2a)
Cisco ASA and Cisco PIX Software
Affected Releases
First Fixed Release
7.1
7.1(2.79)
7.2
7.2(4.18)
8.0
8.0(4.9)
8.1
8.1(2.3)
8.2
Not Vulnerable
Cisco NX-OS Software
Affected Releases
First Fixed Release
Cisco Nexus 5000
4.0(1a)N2(1)
Cisco Nexus 7000
4.1(4)
-
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
The TCP state manipulation vulnerability was coordinated by CERT-FI based on research referenced in their public advisory. To view their advisory and credited references, please refer to:
https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html
The TCP proof-of-concept tool, known as Sockstress, was provided to Cisco by Robert E. Lee and Jack Louis of Outpost24. The Cisco Nexus vulnerability was discovered by Cisco.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Show LessRevision 1.3
2009-September-28
Added to Products Confirmed Not Vulnerable list; updated software table.
Revision 1.2
2009-September-16
Revised the Affected Products section for Linksys products and the Exploitation and Public Announcements section
Revision 1.1
2009-September-11
Updated vulnerable software
Revision 1.0
2009-September-08
Initial public release
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.