skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Atlanta, GA
edit:
May 18th, @11:45AM
| Cisco Field Notices and Security Advisories
In an effort to avoid overwhelming the forum with "Field Notices" and "Security Advisories", this thread has been created as a depository for all such postings. |
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| Cisco Field Notice: FN - 62798 - AIR-WLC2006 - Intermittent Low
Title: Cisco Field Notice: FN - 62798 - AIR-WLC2006 - Intermittent Low Level Power Supply Failure
URL:
»www.cisco.com/en/US/customer/pro···1e.shtml
(available to registered users)
Posted: May 18, 2007
Summary: The power supply (341-0175-03) associated with Product ID AIR-WLC2006-K9 has experienced some intermittent failures for failing to meet the requirements for minimum current flow.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Field Notice: FN - 62811 - GSR OC192E/POS-SR-SC or 4OC48E/
Title: Cisco Field Notice: FN - 62811 - GSR OC192E/POS-SR-SC or 4OC48E/POS-SR-SC Fails to Upgrade MBUS During Install - Replace Affected Hardware
URL:
»www.cisco.com/en/US/customer/pro···b4.shtml
(available to registered users)
Posted: May 21, 2007
Summary: Cards built with flash component ST M29F010B fail to upgrade MBUS due to software/hardware incompatibility. This causes problems on initial install and upgrade.
The affected cards need to be replaced.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Security Advisory: Vulnerability In Crypto Library
Title: Cisco Security Advisory: Vulnerability In Crypto Library
URL:
»www.cisco.com/en/US/customer/pro···5d.shtml
(available to registered users)
»www.cisco.com/en/US/products/pro···5d.shtml
(available to non-registered users)
Posted: May 22, 2007
Summary: A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previusly encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
Cisco IOS
Cisco IOS XR
Cisco PIX and ASA Security Appliances
Cisco Firewall Service Module (FWSM)
Cisco Unified CallManager
This vulnerability is assigned CVE ID CVE-2006-3894. It is externally coordinated and is tracked by the following external coordinators:
JPCERT/CC - tracked as JVNVU#754281
CPNI - tracked as NISCC-362917
CERT/CC - tracked as VU#754281
Cisco has made free software available to address this vulnerability for affected customers.
There are no workarounds available to mitigate the effects of the vulnerability.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS W
Title: Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets
URL:
»www.cisco.com/en/US/customer/pro···49.shtml
(available to registered users)
»www.cisco.com/en/US/products/pro···49.shtml
(available to non-registered users)
Posted: May 22, 2007
Summary: Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previusly encrypted information.
Cisco IOS is affected by the following vulnerabilities:
* Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
* Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
* Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers.
There are workarounds available to mitigate the effects of these vulnerabilities.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Security Response: Cisco CallManager Input Validation Vuln
Title: Cisco Security Response: Cisco CallManager Input Validation Vulnerability
URL:
»www.cisco.com/en/US/customer/pro···272.html
(available to registered users)
»www.cisco.com/en/US/products/pro···272.html
(available to non-registered users)
Posted: May 23, 2007
Summary: This is Cisco PSIRT's response to the statements made by Marc Ruef and Stefan Friedi from scip AG in their message "Cisco CallManager 4.1 Input Validation Vulnerability," posted on 2007 May 23 at 1600 UTC (GMT).
The original emails were posted to BugTraq and Full-Disclosure.
In their postings, Marc Ruef and Stefan Friedi illustrate how to bypass the web application firewall used in Cisco CallManager. This means of bypass can be used to display graphics, scripts, or other information downloaded from an external web site. This technique may also be used to conduct cross-site scripting attacks.
Cisco confirms that the example the authors Ruef and Friedi provided bypasses the web application firewall and that there may be other methods for bypassing the web application firewall.
Cisco has made improvements to the input validation mechanisms in CallManager that may mitigate the risks associated with this security vulnerability. These improvements have been incorporated into 4.2(3)sr2. Future releases, 3.3(5)sr3, 4.1(3)sr5 and 4.3(1)sr1, will also include the improvements made to address this bug.
This issue is being tracked by the following Cisco Bug ID:
CSCsi12374 (registered customers only) —Improvements in User Input Validation
Service releases of CallManager software are available at the following link:
»www.cisco.com/kobayashi/sw-cente···ce.shtml (registered customers only)
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Field Notice: FN - 62818 - DS-C9140-K9 Switches with SAN-O
Title: Cisco Field Notice: FN - 62818 - DS-C9140-K9 Switches with SAN-OS Release 3.0.x May Reload After Running for About 233 Days - Software Upgrade Required
URL:
»www.cisco.com/en/US/customer/pro···31.shtml
(available to registered users)
Posted: May 24, 2007
Summary: Cisco has identified that customers with DS-C9140-K9 switches running with SAN-OS releases 3.0.x - that is 3.0(1), 3.0(2), 3.0(2a), 3.0(2b), 3.0(3) and 3.0(3b)
- may see the switch reload in about 233 days from uptime.
The issue is only present in the DS-C9140-K9 platform running any SAN-OS 3.0.x release.
The issue is not present in any SAN-OS release prior to 3.0.x.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Field Notice: FN - 62805 - Cisco Unified IP Conference Sta
Title: Cisco Field Notice: FN - 62805 - Cisco Unified IP Conference Station 7936 Fails to Upgrade - Upgrade Hangs at 50 Percent Done
URL:
»www.cisco.com/en/US/customer/pro···47.shtml
(available to registered users)
Posted: May 25, 2007
Summary: Cisco Unified IP Conference Station 7936 (CP-7936) fails to upgrade - the upgrade hangs at 50 percent done - under specific conditions to a different IP Phone firmware (FW) load. Specific conditions include a Cisco CallManager (CCM) upgrade that includes a different firmware load than what is on the CP-7936.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Updated Cisco Field Notice: FN - 62545 - TCC and Fan Tray (FTA3-
Title: Updated Cisco Field Notice: FN - 62545 - TCC and Fan Tray (FTA3-T) Have Communications Problem That Can be Caused by Internal Noise Causing TCC Resets
URL:
»www.cisco.com/en/US/customer/pro···a6.shtml
(available to registered users)
Update Posted: May 25, 2007
Summary of Updates:
Added software version information to Problem Description and Workaround/Solution sections.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Updated Cisco Field Notice: FN - 62573 - Routers (AS5350XM, AS54
Title: Updated Cisco Field Notice: FN - 62573 - Routers (AS5350XM, AS5400XM, C180X, C181X, C1841, IAD2400, C2691, C2800NM, C2801, C3725, C3745, C3800, VG224) Unable to Read Compact Flash - ROMMON Upgrade Available
URL:
»www.cisco.com/en/US/customer/pro···01.shtml
(available to registered users)
Update Posted: May 25, 2007
Summary of Updates: Added Special instructions for downloading ROMmon image to the How to Upgrade Software section.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
FN - 62761 - Windows 2003 Service Pack 2 Install and CSA Compati
Title: Cisco Field Notice: FN - 62761 - Windows 2003 Service Pack 2 Install and CSA Compatibility with Unity on Certain Servers
URL:
»www.cisco.com/en/US/customer/pro···21.shtml
(available to registered users)
Posted: May 31, 2007
Summary: The system freezes with a blue screen displayed with Cisco Security Agent (CSA)and Windows 2003 Service Pack 2. This anomaly may manifest with either the standalone CSA or the managed CSA.
This defect was discovered with CSA 5.0.0.201 with patched csatdi.sys per the associated software defect.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Field Notice: FN - 62827 - Cisco DME-1000/2000 Encoder Pro
Title: Cisco Field Notice: FN - 62827 - Cisco DME-1000/2000 Encoder Properties Not Saved - Recommended Software Fix is Available
URL:
»www.cisco.com/en/US/customer/pro···bc.shtml
(available to registered users)
Posted: May 31, 2007
Summary: One of the features of the Stream Control Extension (SCX) application enables the user to provide a live video stream while also saving a Windows Media VOD file. An issue was recently discovered that prevented the Windows Media VOD file from being created. The SCX
application will allow you to configure the setting and save the setting. However, the setting will disappear if the operator chooses to edit or examine the encoder settings. The end result of this issue is that the user cannot create a VOD file from an incoming signal. The live stream would be produced as expected. No serial number or date range has been identified.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Field Notice: FN - 62808 - GSR 12000-SIP Cards With SPAs M
Title: Cisco Field Notice: FN - 62808 - GSR 12000-SIP Cards With SPAs May Fail to load Due to Incorrect IOS Clock Setting - Software Upgrade Required
URL:
»www.cisco.com/en/US/customer/pro···f1.shtml
(available to registered users)
Posted: June 4, 2007
Summary: The listed SPAs may fail to load on the GSR platform, showing the SPA slot as empty. The problem is specific to SPAs running 12.0.32SY on the GSR 12000 platform.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Field Notice: FN - 62625 - MGX - SES-PXM-CNTL2T3E3 - New M
Title: Cisco Field Notice: FN - 62625 - MGX - SES-PXM-CNTL2T3E3 - New Minimum Software Release Needed to Ensure Forward Compatibility of SES-PXM - Software Upgrade Available
URL:
»www.cisco.com/en/US/customer/pro···9f.shtml
(available to registered users)
Posted: June 4, 2007
Summary: The SES-PXM-CNTL2TE3 card went end-of-sale (EOS) on January 31st, 2006. From this date onward, replacement spares were no longer manufactured. Cisco converted a number of PXM-1 cards into SES-PXM-CNTL2T3E3 cards. In order for these cards to function correctly, a minimum version 4.0(15.207) of software is required. Cisco recommends that customers that are not presently running
this minimum version of code upgrade.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Title: Cisco Field Notice: FN - 62625 - MGX - SES-PXM-CNTL2T3E3 - New Minimum Software Release Needed to Ensure Forward Compatibility of SES-PXM - Software Upgrade Available
URL:
»www.cisco.com/en/US/customer/pro···9f.shtml
(available to registered users)
Posted: June 4, 2007
Summary: The SES-PXM-CNTL2TE3 card went end-of-sale (EOS) on January 31st, 2006. From this date onward, replacement spares were no longer manufactured. Cisco converted a number of PXM-1 cards into SES-PXM-CNTL2T3E3 cards. In order for these cards to function correctly, a minimum version 4.0(15.207) of software is required. Cisco recommends that customers that are not presently running
this minimum version of code upgrade. |
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Field Notice: Field Notice: FN - 62812 - MWR1941-DC Fan Fa
Title: Cisco Field Notice: Field Notice: FN - 62812 - MWR1941-DC Fan Failures - Replace Unit
URL:
»www.cisco.com/en/US/customer/pro···25.shtml
(available to registered users)
Posted: June 5, 2007
Summary: The content of this field notice is specific to the fans designed for use in the MWR-1941-DC router. No other platforms are covered by this field notice.
The MWR-1941 router fans could contain a defect causing one or more of the system fans to stop spinning or slow to the point prematurely where the system reports a fan failure.
The router should perform as configured providing it has not exceeded the maximum operating temperature. However, system fan failures will reduce the overall airflow and cooling within the box and can result in higher overall operating temperatures.
If the router's internal temperature rises above the maximum operating range, service (network connectivity or application usage) may be impacted depending on environmental conditions. Sustained use of the router beyond the maximum operating temperature could result in permanent damage to the internal components.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Updated Cisco Field Notice: FN - 62822 - Cisco Security Manager
Title: Updated Cisco Field Notice: FN - 62822 - Cisco Security Manager 3.1 - Software Removed from Cisco.com Due to Upgrade Issue - Updated Software Re-posted
URL:
»www.cisco.com/en/US/customer/pro···e7.shtml
(available to registered users)
Update Posted: June 5, 2007
Summary of Updates:
Update Title and Workaround/Solution sections to indicate that updated software has been re-posted.
Added link to software download in Workaround/Solution section.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Field Notice: FN - 62488 - WS-C4948-10GE May Reset Due to
Title: Cisco Field Notice: FN - 62488 - WS-C4948-10GE May Reset Due to Multibit ECC Error
URL:
»www.cisco.com/en/US/customer/pro···64.shtml
(available to registered users)
Posted: June 5, 2007
Summary: The WS-C4948-10GE fixed configuration switch models may reset due to a multibit ECC error on the SDRAM memory.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Cisco Field Notice: FN - 62830 - CRS16 - Grille Has Loose Louvre
Title: Cisco Field Notice: FN - 62830 - CRS16 - Grille Has Loose Louvres Which May Rattle When CRS Fans Are Operating - Procedure to Fix the Louvres is Available
URL:
»www.cisco.com/en/US/customer/pro···e2.shtml
(available to registered users)
Posted: June 6, 2007
Summary: The CRS-1 16 slot line card chassis rear grill shipped between December 21, 2006 and April 30, 2007 may have loose louvres on the grille.
There can be a rattling noise when the router is powered on, yet this does not affect the product functionality.
|
|
tdoran
Premium
join:2003-09-27
Ridge, NY
| reply to skj
Updated Cisco Field Notice: FN - 61703 - NPE-G1, uBR7200-NPE-G1,
Title: Updated Cisco Field Notice: FN - 61703 - NPE-G1, uBR7200-NPE-G1, C7301 and 7304-NPE-G100 May Experience a Software Error Resulting in an Unexpected Reload Due
to Watchdog Timeout (WDT)
URL:
»www.cisco.com/en/US/customer/pro···b8.shtml
(available to registered users)
Update Posted: June 6, 2007
Summary of Updates:
Added a note to the Problem Symptoms section.
Removed all the older DDTS versions shown in the DDTS section and added two new DDTS entries.
Changed the software versions in the Workaround/Solution section.
|
|
