Home / Cisco Security / Security Advisories

Cisco Security Advisory

Vulnerability in Java Deserialization Affecting Cisco Products

Summary

  • A vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code.

    The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by submitting crafted input to an application on a targeted system that uses the ACC library. After the vulnerable library on the affected system deserializes the content, the attacker could execute arbitrary code on the system, which could be used to conduct further attacks.

    On November 6, 2015, Foxglove Security Group published information about a remote code execution vulnerability that affects multiple releases of the ACC library. The report contains detailed proof-of-concept code for a number of applications, including WebSphere Application Server, JBoss, Jenkins, OpenNMS, and WebLogic. This is a remotely exploitable vulnerability that allows an attacker to inject any malicious code or execute any commands that exist on the server. A wide range of potential impacts includes allowing the attacker to obtain sensitive information.

    Object serialization is a technique that many programming languages use to convert an object into a sequence of bits for transfer purposes. Deserialization is a technique that reassembles those bits back to an object. This vulnerability occurs in Java object serialization for network transport and object deserialization on the receiving side.

    Many applications accept serialized objects from the network without performing input validation checks before deserializing it. Crafted serialized objects can therefore lead to execution of arbitrary attacker code.

    Although the problem itself is in the serialization and deserialization functionality of the Java programming language, the ACC library is known to be affected by this vulnerability. Any application or application framework could be vulnerable if it uses the ACC library and deserializes arbitrary, user-supplied Java serialized data.

    Additional details about the vulnerability are available at the following links:

    Official Vulnerability Note from CERT
    Foxglove Security
    Apache Commons Statement
    Oracle Security Alert

    Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization

Affected Products

  • Products Under Investigation

    The following products are under active investigation to determine whether they are affected by the vulnerability that is described in this advisory.

    Voice and Unified Communications Devices
    • Cisco Unified Integration for IBM Sametime
    • Cisco Unified Workforce Optimization

    Video, Streaming, TelePresence, and Transcoding Devices
    • Cisco TelePresence 1310
    • Cisco TelePresence System 1000
    • Cisco TelePresence System 1100
    • Cisco TelePresence System 1300
    • Cisco TelePresence System 3000 Series
    • Cisco TelePresence System 500-32
    • Cisco TelePresence System 500-37
    • Cisco TelePresence TX 9000 Series

    Vulnerable Products

    The following table lists Cisco products that are affected by the vulnerability that is described in this advisory.



    Product Defect Fixed releases availability
    Cable Modems
    Cisco WebEx Meetings Server versions 1.x CSCux17638
    Cisco WebEx Meetings Server versions 2.x CSCux17638
    Digital Life RMS 1.8.1.1 Cisco Broadband Access Center Telco Wireless 3.8.1 CSCux34660
    Collaboration and Social Media
    Cisco SocialMiner CSCux34833
    Cisco WebEx Meetings CSCux21425
    Network Application, Service, and Acceleration
    Cisco InTracer CSCux35041
    Cisco Network Admission Control (NAC) CSCux35101
    Cisco Visual Quality Experience Server CSCux34725
    Cisco Visual Quality Experience Tools Server CSCux34725
    Network and Content Security Devices
    Cisco ASA CX and Cisco Prime Security Manager CSCux34742
    Cisco Clean Access Manager CSCux34981
    Cisco Identity Services Engine (ISE) CSCux35116
    Cisco NAC Appliance (Clean Access Server) CSCux34982
    Cisco NAC Server CSCux34983
    Cisco Secure Access Control System (ACS) CSCux34781
    Network Management and Provisioning
    Cisco Access Registrar Appliance CSCux34652
    Cisco Cloupia Unified Infrastructure Controller CSCux35070
    Cisco Configuration Professional CSCux35040
    Cisco Digital Media Manager CSCux34692
    Cisco Insight Reporter CSCux34694
    Cisco Prime Access Registrar Appliance CSCux34652
    Cisco Prime Access Registrar CSCux34955
    Cisco Prime Central for SPs CSCux34667
    Cisco Prime Collaboration Provisioning CSCux34669
    Cisco Prime Home CSCux34666
    Cisco Prime Infrastructure CSCux34665
    Cisco Prime LAN Management Solution (LMS - Solaris) CSCux34647
    Cisco Prime License Manager CSCux34705
    Cisco Prime Network Services Controller CSCux34672
    Cisco Prime Optical for SPs CSCux34656
    Cisco Prime Performance Manager CSCux34953
    Cisco Prime Provisioning for SPs CSCux34664
    Cisco Prime Provisioning CSCux35084
    Cisco Prime Security Manager CSCux35106
    Cisco Prime Service Catalog Virtual Appliance CSCux34715
    Cisco Security Manager CSCux34671
    Cisco Unified Intelligent Center CSCux35044
    Local Collector Appliance (LCA) CSCux34812
    Unified Communications Deployment Tools CSCux34584
    Routing and Switching - Enterprise and Service Provider
    Cisco Broadband Access Center Telco Wireless CSCux34645
    Unified Computing
    Cisco UCS Director CSCux34942
    Voice and Unified Communications Devices
    Cisco Computer Telephony Integration Object Server (CTIOS) CSCux34589 A fix will be available May 6
    2016
    Cisco Emergency Responder CSCux34852
    Cisco Hosted Collaboration Mediation Fulfillment CSCux34859
    Cisco IM and Presence Service (CUPS) CSCux34855
    Cisco IP Interoperability and Collaboration System (IPICS) CSCux34720
    Cisco Management Heartbeat Server CSCux35009
    Cisco MediaSense CSCux34874 11.0
    10.5 (March 2016)
    11.5 (June 2016)
    Cisco MeetingPlace CSCux35147
    Cisco USC8088 CSCux35125
    Cisco Unified Attendant Console Advanced CSCux34827
    Cisco Unified Attendant Console Business Edition CSCux34827
    Cisco Unified Attendant Console Department Edition CSCux34827
    Cisco Unified Attendant Console Enterprise Edition CSCux34827
    Cisco Unified Attendant Console Premium Edition CSCux34827
    Cisco Unified Communications Domain Manager CSCux35022
    Cisco Unified Communications Manager (UCM) CSCux34835
    Cisco Unified Communications Manager Session Management Edition (SME) CSCux34835
    Cisco Unified Contact Center Enterprise CSCux34589 A fix will be available May 6
    2016
    Cisco Unified Contact Center Express CSCux34844
    Cisco Unified E-Mail Interaction Manager CSCux34853
    Cisco Unified Intelligent Contact Management Enterprise CSCux34589 A fix will be available May 6
    2016
    Cisco Unified Sip Proxy CSCux34567
    Cisco Unified Web Interaction Manager CSCux34853
    Cisco Unity Connection (UC) CSCux35135
    Cisco Voice Portal (CVP) CSCux35046
    Video, Streaming, TelePresence, and Transcoding Devices
    Cisco Digital Transport Adapter Control System (DTACS) CSCux34796
    Cisco Media Experience Engines (MXE) CSCux34968
    Cisco Show and Share CSCux34708
    Cisco TelePresence Exchange System (CTX) CSCux34690
    Cisco VDS Service Broker CSCux34804
    Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) CSCux34724
    Cisco Videoscape Conductor CSCux34792
    Cisco Videoscape Control Suite CSCux34974
    Explorer Controller (EC) system CSCux34795
    Wireless
    Cisco Mobility Services Engine (MSE) CSCux35085
    Cisco Hosted Services
    Business Video Services Automation Software (BV) CSCux34572
    Cisco Cloud Email Security CSCux34593
    Cisco Cloud Services CSCux34688
    Cisco Cloud Web Security CSCux35002
    Cisco Cloud and Systems Management CSCux34926
    Cisco Proactive Network Operations Center CSCux34582
    Cisco Registered Envelope Service (CRES) CSCux34591
    Cisco Services Provisioning Platform (SPP) CSCux34885 3.2.2 (Jan 2016)
    Cisco Smart Care CSCux34985
    Cisco Unified Services Delivery Platform (CUSDP) CSCux34779
    Communication/Collaboration Sizing Tool, Virtue Machine Placement Tool, Cisco Unified Communications Upgrade Readiness Assessment CSCux34881
    DCAF UCS Collector CSCux34924
    Data Center Analytics Framework (DCAF) CSCux34575
    Life Cycle Management Agent Manager (LCM) CSCux34927
    Network Change and Configuration Management CSCux34580
    Partner Supporting Service (PSS) 1.x CSCux34739
    SI component of Partner Supporting Service CSCux34738
    Serial Number Assessment Service (SNAS) CSCux34991
    Services Analytic Platform CSCux35043
    Smart Net Total Care (SNTC) CSCux34987
    Smart Net Total Care CSCux34730

    Products Confirmed Not Vulnerable

    The following products are not affected by the vulnerability that is described in this advisory.

    Cable Modems
    • Cisco 3G Femtocell Wireless
    • Cisco Unified IP Phone 6921

    Collaboration and Social Media
    • Cisco WebEx Node for MCS

    Endpoint Clients and Client Software
    • Cisco Agent for OpenFlow
    • Cisco AnyConnect Secure Mobility Client for Android
    • Cisco AnyConnect Secure Mobility Client for Linux
    • Cisco AnyConnect Secure Mobility Client for Windows
    • Cisco AnyConnect Secure Mobility Client for iOS
    • Cisco IP Communicator
    • Cisco Jabber Guest 10.0(2)
    • Cisco Jabber Software Development Kit
    • Cisco Jabber for Android
    • Cisco Jabber for Mac
    • Cisco Jabber for Windows
    • Cisco Jabber for iOS
    • Cisco MMP server
    • Cisco NAC Agent for Mac
    • Cisco NAC Agent for Web
    • Cisco NAC Agent for Windows
    • Cisco UC Integration for Microsoft Lync
    • Cisco Virtualization Experience Media Engine
    • Cisco WebEx Meetings Client - Hosted
    • Cisco WebEx Meetings Client - On Premises
    • Cisco WebEx Meetings for Android
    • Cisco WebEx Meetings for BlackBerry
    • Cisco WebEx Meetings for WP8
    • Cisco WebEx Productivity Tools
    • JCF components
    • WebEx Meetings Server - SSL Gateway
    • WebEx Recording Playback Client

    Network Application, Service, and Acceleration
    • Cisco ACE 30 Application Control Engine Module
    • Cisco ACE 4710 Application Control Engine (A5)
    • Cisco Adaptive Security Appliance (ASA) Software
    • Cisco Application Control Engine (ACE30/ ACE 4710)
    • Cisco Application and Content Networking System (ACNS)
    • Cisco Extensible Network Controller (XNC)
    • Cisco Nexus Data Broker (NDB)
    • Content Services Switch

    Network and Content Security Devices
    • Cisco ASA Content Security and Control (CSC) Security Services Module
    • Cisco ASA Next-Generation Firewall Services
    • Cisco Adaptive Security Appliance (ASA)
    • Cisco Adaptive Security Device Manager
    • Cisco Content Security Appliance Updater Servers
    • Cisco Content Security Management Appliance (SMA)
    • Cisco Email Security Appliance (ESA)
    • Cisco IPS
    • Cisco Intrusion Prevention System Solutions (IPS)
    • Cisco IronPort Encryption Appliance (IEA)
    • Cisco NAC Guest Server
    • Cisco Physical Access Control Gateway
    • Cisco Physical Access Manager
    • Cisco Security Management Appliance (SMA)
    • Cisco Virtual Security Gateway for Microsoft Hyper-V
    • Cisco Web Security Appliance (WSA)

    Network Management and Provisioning
    • Cisco Application Networking Manager
    • Cisco Connected Grid Device Manager
    • Cisco Connected Grid Network Management System
    • Cisco Linear Stream Manager
    • Cisco MGC Node Manager (CMNM)
    • Cisco Multicast Manager
    • Cisco Netflow Collection Agent
    • Cisco Network Analysis Module
    • Cisco Packet Tracer
    • Cisco Prime Analytics
    • Cisco Prime Cable Provisioning
    • Cisco Prime Collaboration Assurance
    • Cisco Prime Collaboration Deployment
    • Cisco Prime Collaboration Manager
    • Cisco Prime Data Center Network Manager (.ova and .iso installers)
    • Cisco Prime Data Center Network Manager (DCNM)
    • Cisco Prime IP Express
    • Cisco Prime Infrastructure Standalone Plug and Play Gateway
    • Cisco Prime Network Registrar (CPNR) virtual appliance
    • Cisco Prime Network Registrar (CPNR)
    • Cisco Prime Network Registrar IP Address Manager (IPAM)
    • Cisco Prime Network
    • Cisco UCS Central
    • Cisco Unified Provisioning Manager (CUPM)
    • Cisco Virtual Topology System (formally Virtual Systems Operations Center)
    • CiscoWorks Network Compliance Manager
    • Virtual Systems Operations Center for vPE project

    Routing and Switching - Enterprise and Service Provider
    • CRS-CGSE-PLIM
    • CRS-CGSE-PLUS
    • Cisco ASR 5000 Series
    • Cisco ASR 9000 Series Integrated Service Module
    • Cisco Application Policy Infrastructure Controller (APIC)
    • Cisco Connected Grid Router - CGOS
    • Cisco Connected Grid Router
    • Cisco IOS Software
    • Cisco IOS-XE for ASR1k, ASR903, ISR4400, CSR1000v
    • Cisco IOS-XE for Catalyst 3k, 4k, AIR-CT5760, and Cisco RF Gateway 10 (RFGW-10)
    • Cisco IOS-XR
    • Cisco MDS 9000 Series Multilayer Switches
    • Cisco Metro Ethernet 1200 Series Access Devices
    • Cisco Nexus 1000V Series Switches (ESX)
    • Cisco Nexus 1010
    • Cisco Nexus 3000 Series Switches
    • Cisco Nexus 4000 Series
    • Cisco Nexus 5000 Series Switches
    • Cisco Nexus 6000 Series Switches
    • Cisco Nexus 7000 Series Switches
    • Cisco Nexus 9000 (ACI/Fabric Switch)
    • Cisco Nexus 9000 Series (standalone, running NxOS)
    • Cisco Nexus 9000 Series Switches
    • Cisco ONS 15454 Series Multiservice Provisioning Platforms
    • Cisco OnePK All-in-One VM
    • Cisco Service Control Application for Broadband
    • Cisco Service Control Collection Manager
    • Cisco Service Control Operating System
    • Cisco Service Control Subscriber Manager
    • Cisco VPN Acceleration Engine
    • IOS-XR for Cisco Network Convergence System (NCS) 6000

    Routing and Switching - Small Business
    • Cisco Small Business AP500 Series Wireless Access Points
    • Cisco Small Business RV 120W Wireless-N VPN Firewall
    • Cisco Small Business RV Series Routers 0xxv3
    • Cisco Small Business RV Series Routers RV110W
    • Cisco Small Business RV Series Routers RV130x
    • Cisco Small Business RV Series Routers RV215W
    • Cisco Small Business RV Series Routers RV220W
    • Cisco Small Business RV Series Routers RV315W
    • Cisco Small Business RV Series Routers RV320
    • Cisco Sx220 switches
    • Cisco Sx300 switches
    • Cisco Sx500 switches
    • Cisco WAP4410N Wireless-N Access Point

    Unified Computing
    • Cisco Common Services Platform Collector
    • Cisco Standalone rack server CIMC
    • Cisco UCS ADA
    • Cisco UCS Invicta Series Solid State Systems
    • Cisco UCS Invicta Series
    • Cisco UCS Manager
    • Cisco Unified Computing System B-Series (Blade) Servers
    • Cisco Unified Computing System E-Series Blade Server
    • Cisco Virtual Security Gateway
    • UCS IO Modules

    Voice and Unified Communications Devices
    • Cisco 190 ATA Series Analog Terminal Adaptor
    • Cisco 7937 IP Phone
    • Cisco 8800 Series IP Phones - VPN Feature
    • Cisco ATA 187 Analog Telephone Adaptor
    • Cisco Agent Desktop for Cisco Unified Contact Center Express
    • Cisco Agent Desktop
    • Cisco Billing and Measurements Server
    • Cisco Broadband Access Center for Cable Tools Suite 4.1
    • Cisco Broadband Access Center for Cable Tools Suite 4.2
    • Cisco DX Series IP Phones
    • Cisco Desktop Collaboration Experience DX70 and DX80
    • Cisco H.323 Signaling Interface
    • Cisco Paging Server (Informacast)
    • Cisco Paging Server
    • Cisco Prime Cable Provisioning Tools Suite 5.0
    • Cisco Prime Cable Provisioning Tools Suite 5.1
    • Cisco Quantum Virtualized Packet Core
    • Cisco Remote Silent Monitoring
    • Cisco SPA112 2-Port Phone Adapter
    • Cisco SPA122 ATA with Router
    • Cisco SPA232D Multi-Line DECT ATA
    • Cisco SPA30X Series IP Phones
    • Cisco SPA50X Series IP Phones
    • Cisco SPA51X Series IP Phones
    • Cisco SPA525G
    • Cisco SPA8000 8-port IP Telephony Gateway
    • Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
    • Cisco TAPI Service Provider (TSP)
    • Cisco Unified 3900 series IP Phones
    • Cisco Unified 6901 IP Phones
    • Cisco Unified 6945 IP Phones
    • Cisco Unified 7800 Series IP Phones
    • Cisco Unified 8831 series IP Conference Phone
    • Cisco Unified 8961 IP Phone
    • Cisco Unified 9951 IP Phone
    • Cisco Unified 9971 IP Phone
    • Cisco Unified Attendant Console Standard
    • Cisco Unified Client Services Framework
    • Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
    • Cisco Unified IP Phone 7900 Series
    • Cisco Unified IP Phone 8941 and 8945 (SIP)
    • Cisco Unified Operations Manager (CUOM)
    • Cisco Unified Wireless IP Phone
    • Cisco Unity Express
    • Cisco Universal Small Cell RAN Management System Wireless
    • Cisco Virtual PGW 2200 Softswitch
    • xony VIM/CCDM/CCMP

    Video, Streaming, TelePresence, and Transcoding Devices
    • Cisco 910 Industrial Router
    • Cisco AnyRes Live (CAL)
    • Cisco AnyRes VOD (CAL)
    • Cisco Command 2000 Server (cmd2k) (RH Based)
    • Cisco D9824 Advanced Multi Decryption Receiver
    • Cisco D9854/D9854-I Advanced Program Receiver
    • Cisco D9858 Advanced Receiver Transcoder
    • Cisco D9859 Advanced Receiver Transcoder
    • Cisco D9865 Satellite Receiver
    • Cisco DCM Series 9900-Digital Content Manager
    • Cisco DNCS Application Server (AppServer)
    • Cisco Digital Media Players (DMP) 4300 Series
    • Cisco Digital Media Players (DMP) 4400 Series
    • Cisco Download Server (DLS) (Solaris)
    • Cisco Edge 300 Digital Media Player
    • Cisco Edge 340 Digital Media Player
    • Cisco Enterprise Content Delivery System (ECDS)
    • Cisco Expressway Series
    • Cisco Headend System Release
    • Cisco IPTV Service Delivery System (ISDS)
    • Cisco International Digital Network Control System (iDNCS)
    • Cisco Media Services Interface
    • Cisco Model D9485 DAVIC QPSK
    • Cisco Powerkey CAS Gateway (PCG)
    • Cisco Powerkey Encryption Server (PKES)
    • Cisco TelePresence Advanced Media Gateway Series
    • Cisco TelePresence Conductor
    • Cisco TelePresence Content Server (TCS)
    • Cisco TelePresence EX Series
    • Cisco TelePresence ISDN GW 3241
    • Cisco TelePresence ISDN GW MSE 8321
    • Cisco TelePresence ISDN Link
    • Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300)
    • Cisco TelePresence MX Series
    • Cisco TelePresence Management Suite (TMS)
    • Cisco TelePresence Management Suite Analytics Extension (TMSAE)
    • Cisco TelePresence Management Suite Extension (TMSXE)
    • Cisco TelePresence Management Suite Extension for IBM
    • Cisco TelePresence Management Suite Provisioning Extension
    • Cisco TelePresence Profile Series
    • Cisco TelePresence SX Series
    • Cisco TelePresence Serial Gateway Series
    • Cisco TelePresence Server 8710, 7010
    • Cisco TelePresence Server on Multiparty Media 310, 320
    • Cisco TelePresence Server on Virtual Machine
    • Cisco TelePresence Supervisor MSE 8050
    • Cisco TelePresence Video Communication Server (VCS)
    • Cisco Telepresence Integrator C Series
    • Cisco Transaction Encryption Device (TED)
    • Cisco VEN501 Wireless Access Point
    • Cisco Video Delivery System Recorder
    • Cisco Video Surveillance 3000 Series IP Cameras
    • Cisco Video Surveillance 4000 Series High-Definition IP Cameras
    • Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras
    • Cisco Video Surveillance 6000 Series IP Cameras
    • Cisco Video Surveillance 7000 Series IP Cameras
    • Cisco Video Surveillance Media Server
    • Cisco Video Surveillance PTZ IP Cameras
    • Cisco Videoscape Distribution Suite Transparent Caching
    • Cloud Object Store (COS)
    • Tandberg Codian ISDN GW 3210/3220/3240
    • Tandberg Codian MSE 8320 model
    • VDS-Recorder
    • VDS-TV Caching GW
    • VDS-TV Streamer
    • VDS-TV Vault

    Wireless
    • Cisco IOS Access Points
    • Cisco RF Gateway 1 (RFGW-1)
    • Cisco Small Business 121 Series Wireless Access Points
    • Cisco Small Business 321 Series Wireless Access Points
    • Cisco Small Business 500 Series Wireless Access Points
    • Cisco WAP371 wireless access point
    • Cisco Wireless Control System (WCS)
    • Cisco Wireless LAN Controller (WLC)
    • Cisco Wireless Security Gateway Application (WSG)

    Cisco Hosted Services
    • Cisco Connected Analytics For Collaboration
    • Cisco DC Health Check
    • Cisco Intelligent Automation for Cloud
    • Cisco Partner Supporting Service
    • Cisco SmartConnection
    • Cisco SmartReports
    • Cisco UCS Invicta Series Autosupport Portal
    • Cisco Universal Small Cell 5000 Series running V3.4.2.x software
    • Cisco Universal Small Cell 7000 Series running V3.4.2.x software
    • Cisco Universal Small Cell CloudBase
    • Cisco WebEx Messenger Service
    • Cisco WebEx Node
    • Cisco WebEx11 Application Server
    • IMS
    • MACD Process Controller (MPC)
    • Network Device Security Assessment
    • Network Performance Analytics (NPA)
    • Partner Supporting Service (PSS) 2.x
    • Sentinel
    • Small Cell factory recovery root filesystem V2.99.4 or later
    • Web Element Manager

Indicators of Compromise

  • An attacker could cause a Java application or library that has the Apache Commons Collections library in its classpath to execute arbitrary Java functions or bytecode.

Workarounds

  • There are no workarounds that address this vulnerability.

Fixed Software

  • When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

  • January 2015: Researchers Gabriel Lawrence and Chris Frohoff disclosed a potential data deserialization vulnerability that could lead to arbitrary code execution. The vulnerability is in the Java Object Serialization used in Java applications and libraries.

    November 2015: Stephen Breen of Foxglove Security identified the ACC Java library as being vulnerable to insecure data deserialization.

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

URL

Revision History

  • Version Description Section Status Date
    1.10 Updated the affected products. Affected Products Interim 2016-February-25
    1.9 Updated the affected products. Affected Products Interim 2016-February-02
    1.8 Updated the affected products. Affected Products Interim 2016-January-12
    1.7 Updated the affected products. Affected Products Interim 2016-January-05
    1.6 Updated the affected products. Affected Products Interim 2015-December-23
    1.5 Updated the affected products. Affected Products Interim 2015-December-22
    1.4 Updated the affected products. Affected Products Interim 2015-December-18
    1.3 Updated the affected products. Affected Products Interim 2015-December-17
    1.2 Updated the affected products. Affected Products Interim 2015-December-15
    1.1 Assigned a unique CVE ID for Cisco products and updated the affected products. CVE; Affected Products Interim 2015-December-10
    1.0 Initial public release. - Interim 2015-December-09
    Show Less

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications