Cisco Releases Security Updates

Original release date: March 23, 2016

Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities could allow a remote attacker to create a denial-of-service condition.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • cisco-sa-20160323-sip: Cisco IOS, IOS XE, Unified Communications Manager software session initiation protocol memory leak vulnerability 
  • cisco-sa-20160323-lisp: Cisco IOS and NX-OS software locator/ID separation protocol packet denial-of-service vulnerability   
  • cisco-sa-20160323-ios-ikev2: Cisco IOS and IOS XE software Internet Key Exchange v2 fragmentation denial-of-service vulnerability
  • cisco-sa-20160323-dhcpv6: Cisco IOS and IOS XE software DHCPv6 relay denial-of-service vulnerability
  • cisco-sa-20160323-smi: Cisco IOS and IOS XE software Smart Install denial-of-service vulnerability
  • cisco-sa-20160323-l4f: Cisco IOS software wide area application services express denial-of-service vulnerability

This product is provided subject to this Notification and this Privacy & Use policy.