Today, we released the first Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan ahead and ensure resources are available to analyze, test, and remediate vulnerabilities in your environments.
Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes six advisories that affect the following technologies:
- Session Initiation Protocol
- Network Address Translation
- Internet Key Exchange Version 2
- SSL VPN
- Cisco 7600 RSP720 with 10GE Uplinks
Make sure you take also take a look at the Cisco Event Response—our go-to document that correlates the full array of Cisco Security Intelligence Operations (SIO) resources for this bundle (including links to the advisories, mitigations, Cisco IntelliShield Alerts, CVSS scores, and OVAL content). As the project manager who oversees the management and delivery of these bundled disclosures, I’m always impressed at the level of effort and collaboration involved. A dedicated team of incident managers, a variety of partner organizations, special tooling, months of preparation, thousands of communications—these all come together on the fourth Wednesday of March and September.
The next Cisco IOS Software Security Advisory Bundled Publication is scheduled for September 24, 2014. Why don’t you mark your calendar now? And don’t forget—for all things security, visit the SIO portal, the primary outlet for Cisco’s security intelligence and the public home to all of our security-related content.