Tax packages must contain the port number that could be used by another configured feature. A successful exploit could allow the attacker to use a port used from the IP-SLA responder, which affects the functionality that uses the port and leads to a DoS condition. Cisco has released free software updates that address the security vulnerability described in this recommendation. Customers can only install software versions and functional games and expect media for which they have obtained a license. By installing, downloading, accessing, or using these software upgrades, customers agree to abide by the terms of the Cisco Software License: www.cisco.com/c/en/us/products/end-user-license-agreement.html This vulnerability affects routers running vulnerable versions of Cisco IOS and IOS XE software and configured for IP-SLA response operations. Cisco has released software updates that address this security vulnerability. There is no workaround that addresses this vulnerability. Tenable calculates a dynamic VPR for each weak point. VPR combines vulnerability intelligence with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited during attacks. Learn more about what VPR is and how it is different from CVSS.
To help customers identify their vulnerability to Vulnerabilities in Cisco IOS and XE software, Cisco makes available a tool, the Cisco IOS Software Checker, which identifies all Cisco security consultants who impact a specific version of the software and the earliest version that addresses the vulnerabilities described in each Advisory (First Fixed). If necessary, the tool also returns the earliest version that fixes all vulnerabilities described in all identified advisories (“Combined First Fixed”). In addition, customers may only download software for which they have a valid license purchased directly by Cisco or through an authorized Cisco reseller or partner. In most cases, this is a maintenance upgrade to software that was purchased before. Free security software updates do not entitle customers to a new software license, additional software feature kits, or major revision upgrades. There is no workaround that addresses this vulnerability. Entries related to this vulnerability are available at 161880, 161878, 161877, and 161875. This recommendation is available at: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ipsla-dos information about Cisco`s policies and disclosure publications are available in the Security Vulnerability Directive. .