Symptom MGCP srtp-package option is not available in c platform. Conditions This occurs on Cisco only. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.
The Secure Shell server SSH implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities.
Symptom The following recurring kron schedule fails and gets removed after the first run. Conditions enter the following configuration commands: kron occurrence tcl in 1 recurring policy-list tcl!
Conditions Router needs to have dns server configured and listen to udp port 53 conf t ip dns server end. Symptom If a large name string is used when configuring the command "security crypto-profile" under the l2tp-class submode, we could have a buffer overflow which may crash the router.
Conditions This problem only occurs if a large name string is used in the "security crypto-profile" command. Workaround Disable the following configuration on the router: voice hpi capture buffer size voice hpi capture destination filename. The leak rate appears to be about 1. Workaround Administratively shut down the BRI interface. Symptom Routers that have the ability to use the optional Conditions Cisco routers that have the Wireless hosts cannot pass multicast traffic between each other, and multicast traffic from the wired network will not be transmitted out the wireless interface.
Symptom Multicast audio to the cuts out after a few seconds and will not resume. Symptom The caller id on the transfer-to is not updated with the transferee after the transferrer commits the transfer. Conditions When the transfer-to answers the call from the transferrer, the caller id on the transfer-to shows that the call is from transferrer.
After the transferrer commits the transfer, the caller id should be updated with the transferee. This caller id display issue can be observed if the transferrer DN is shared by the transfer-to. Conditions This issue is seen in Workaround No workaround. Symptom Wrong isdn cause code coming while making call to wrong destination.
Conditions While call made to wrong destination number. Symptom Modem calls fail to establish when 'isdn tei-negotiation firstcall' configured on ISDN interfaces. Since, the ISDN L2 is not activated until the first call is initiated which in turn means there is no signaling interface available, which results in call failure. Symptom UC crashed when system test was executed with debug logs enabled.
Conditions UC crashed when system test was executed with the below debug logs enabled. Symptom Cisco may crash when there is an incoming trunk call. Dialing a number which requires waiting for interdigit timeout to route such as a variable length international number. This is done by configuring "timeouts interdigit 16" under each voice port.
OR decrease the CallManager interdigit timeout to 9 seconds to be less than the VG port's 10 secs. This is done by changing the CallManager service parameter T Timer value to msec 9 seconds. Conditions Occurs when CME is enabled. Symptom CME 4. The facility is received and interpreted correctly however it doesn't show up on the IP phone display. Workaround IOS Symptom Error message Feb 28 Symptom Spurious memory access messages may be generated by a router.
Mar 28 This issue may be cosmetic in nature. Workaround There is no known workaround. A workaround that mitigates this vulnerability is available.
This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange. Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability. To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries.
Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected.
This security advisory is being published simultaneously with announcements from other affected organizations. Conditions Overlay button is configured on Cisco , and CFNA is configured from the first number to the second number. Symptom The router crashes when the maximum permissible number of session-servers are configured for a voice register dn with the command 'session-server 1 2 3 4 5 6 7 8'.
Conditions A voice register dn should be configured. Workaround This symptom can be worked around if one less than the number of maximum session-servers are configured. Transcoding is done between Gulaw and Gr8 codecs. This is seen only with a Fast Start call both with H Tunnel enabled and disabled , and the call passes with a slow start call. Conditions This symptom occurs only if the FLU variable is changed.
Workaround Do not change the FLU variable. Workaround Do not use ". Use only ". Symptom kron occurrences are not rescheduled properly when the clock is set near the end of a calendar year.
Conditions A kron occurrence is scheduled daily or hourly. The clock is reset near the end of the year such that the next occurrence of the kron policy would happen in the next year. Symptom Pressing a speeddial button on CME does nothing. Workaround Connect a normal call on the problematic phone.
Symptom When certain configuration changes, the running configuration might not be able to be displayed and the following error message might appear:. Symptom Spurious memory access is seen while executing call forward scenarios.
Symptom When attempting to use the Corporate Directory Lookup feature on a Cisco or Conference IP Phone, an attempt to search for matching records using a First Name or Last Name query results in the message "Server not found" being returned. If the phone unregisters from the SRST router and later re-registers to the router possibly due to an intermittent connectivity to the CUCM , the ephone-dn number may be different since the ephone-dn numbers are assigned sequentially in a first-come-first-served fashion.
The MWI state, however, is remembered from the previous registration that used the ephone-dn number so the MWI status could be incorrect. Symptom Removing voice xlate profile from a voice register dn results in the same xlate profile being removed from a dial-peer. Conditions Have the same xlate profile name under a voice register dn and dial-peer and using IOS Symptom Under the show controller output for the Dot11 interface, the carrier set field is empty. This should say Americas. This does not affect functionality, all of the correct channels are present.
This is just the labeling and does not affect functionality. Conditions This is seen with the B models of the wireless routers running This issue does not affect functionality. Conditions CME running On the with IOS This can occur if there is an ISDN Facility message received after the call connects that does not contain display name information; for example an inbound facility message for Advice of Charge AOC may trigger this problem.
These messages can be seen on the gateway through the use of debug isdn q Make sure as a minimum to disable console logging on the IOS device before enabling any debug. This issue does not have an impact to the operation or performance of the gateway nor phone.
Workaround Contact the ISDN service provider to determine if the facility messages causing this problem can be disabled. Symptom Modem connection is still active on exit. Conditions After "exit" from modem session. Symptom dtmf stop working if using connection plar opx immediate on fxo port. Conditions Cu is running XW on uc Workaround Don't use "immediate" option for the "connection plar opx". Symptom System crashes when there are clients trying to associate with AP.
Conditions When AAA authentication fails with mis-configuration in the system or the wireless client's password is given wrong to try to associate. Workaround Make sure the AAA configuration is setup correctly and the client password is configured correctly.
Conditions Phone call has to be from remote phone. Symptom Call is disconnected when another ephone is reset or unregisters. Conditions The call on the ephone-dn shared by other phone as non monitor button is disconnected if it is reset or unregisters from the CCME.
Symptom After a reboot of the router, or sometimes during normal operation, an IPsec tunnel fails to initiate. Conditions The router is running Workaround A short term workaround consists of removing the access-list used in the crypto map, and then adding it again. This will bring up the tunnel as soon as there is an interesting traffic, but the problem may occur again later.
Remove the crypto map name local-address interface statement, if possible. Downgrade to a release earlier then Instead it sends a BYE and the call gets disconnected.
Workaround To work around this problem, reload the device manually after restoring the configuration file. This vulnerability affects several Cisco products that have support for wired or wireless EAP implementations.
Disable MOH from flash that implies tone on hold or beep on hold. Debug ephone detail will show the following error:. Workaround Reboot the phone. Symptom DTMF levels are 0. Conditions This causes under normal conditions. Workaround Setting the cptone on the voice port to Singapore cures the problem.
When this problem occurs, the tone remote control functionality does not work and voice becomes distorted due to the codec mismatch. Conditions A SIP call consistently uses the incorrect codec type from the "voice class codec" configuration. It should use the value that is configured for "codec preference 1," instead it uses the value that is configured for the "codec preference 2" setting. This issue occurs when the following configuration is used:. Conditions The problem can be seen for every call.
Symptom SCCP messages are delayed by a few seconds for secure calls, this could effect secure dspfarm secure analog endpoints. Conditions Using secure dspfarm or analog endpoints. Workaround Resetting VC resolve issue. Symptom Router might crash when Extended ACL is applied with mixed of tcp permit statements with host and networks and this acl is applied in the class-map.
Workaround Configure permitted host statements successively and do the same for permitted networks. Symptom A Cisco router may crash due to a bus error. The crash can occur if an access-list linked to a service-policy is removed, or if a service-policy is removed on an interface. Symptom Directory numbers that are configured in local directory of CME are not being shown in received calls directory.
The number and name shows while call in ringing state but is not showing during connected state. Conditions This is seen in Inbound call. Symptom Cisco IP Phone placed on hold hears fast busy instead of tone-on-hold. Workaround This behavior was introduced in If the call is not answered, the caller is placed in the queue and hears an announcement with "all agents busy please hold " and so on.
When the script hunts again after a timeout and this time, the call is answered, it drops the call completely. All phones in the hunt group will see a display of 1 call in queue for a few seconds before clearing. Conditions Call drops only after the 1st round of hunting.
If the call is answered in the initial hunting, the call connects. Once the caller is in the queue and hears MOH, if the agent hunt member answers the call after that the call will drop. Symptom The Cisco Embedded Event Manager may hang and tie up virtual terminal vty lines if the devices host name is longer than 20 characters. Conditions The device has a hostname configured that is longer than 20 characters. Workaround Use a hostname less than 20 characters.
These vulnerabilities pertain to the following protocols or features:. Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself. Conditions This happens under any normal conditions. If the phones are configured as SCCP endpoints, the phones will not register. Workaround This issue has been resolved. The solution is available in the release of CME 4. Conditions This symptom is observed on a Cisco router that is "fresh out of the box" and affects the following routers:.
Workaround For extensive information and a workaround, see the following Field Notice:. Overall performance of the device can deteriorate to some extent. Solution The only way to rectify this situation is to reboot the device. Cisco recommends upgrading to a fixed software release.
Symptom IP phone trying to create an ad-hoc conference is dropped when pressing "Conf" softkey the second time. Conditions Must be using hardware conferencing in CME 4. The IP phone must receive a call first on on overlaid button. This initial call must come in on any DN besides the first DN configured in the "button" command in ephone configuration. A caller call a person "A". Person "A" answer the call. Person "A" is monitored by the person "B". The person "B" see on his phone that the person "A" has received a call.
Also person "B" calls person "A" using the monitor button. Person "A" answers the call, putting the first caller on hold. Person "A" uses the conference softkey "Confirm". The message "Select Line" appears without any effect. Devices running Cisco IOS versions This issue is triggered by a logic error when processing extended communities on the PE device.
Workarounds that mitigate this vulnerability are available. Conditions If another call is dropped during trunk dialing, the DN for this terminated call would move to seized state. To work around the one-way audio issue, the call needs to be transferred out and then transferred back. This workaround is not acceptable. Symptom Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions This symptom is observed on a Cisco router that has the ip http secure server command enabled. Workaround Disable the ip http secure server command. Symptom When a user configures the no telephony-service command, router crashes at running configuration generation.
Conditions This symptom is highly unreproducible, but there is a potential race condition between the running configuration generation and the no telephony-service command. Symptom Non phones will not register securely to CME. A null value in this field will allow the phones to register securely. Workaround Remove the processNodeName parameter in the capf server of the phone's cnf file.
Symptom No audio heard on Caller IP phone. Workaround Yes Fallback image available. Symptom In case the platform supported number of BSSIDs is 8 then configuring any ssid which comes in the 9th to 16th order in "sh run" as "guest-mode" results in a software crash.
Conditions Voice calls should invoke a transcoder in order to see this crash. Workaround Disable "authenticate register" under "voice register global". If "authenticate register" is configured under "voice register global". GW Stack is not processing this Request and is dropping it. Conditions CME could crash if 1 call monitoring is turned AND 2 an incoming call gets routed to any application scripts other than the Default Session.
Workaround The work around is to manually disable callmon before running any non-default applications. Symptom Change CME product version from 4. Conditions This problem happens when this call requires transcoding on the IPIPGW and media transcoder high-density is configured for use.
It should find the image and boot up. RTR del flash:cnm-advipservicesk9-mz. RTR Now, using your favorite FTP server, copy the image to flash: Notice the error about "not a valid executable", I've seen this many times, it's usually safe to ignore, so long as you've got the right model chassis in the image name. RTR copy usbflash0:cnm-advipservicesk9-mz. Copy in progress Verify the checksum once you've copied the new image to flash: This should match the md5sum value from Cisco's download site.
I highly recommend staying connected to the console to watch as the router reloads. This way you'll see any errors or warnings that may occur. Also, you should see your new image in the version information. RTR reload Proceed with reload? Reload Reason: Reload Command. May 17
0コメント