Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2013. We committed to these predictable disclosures back in 2008 because your feedback was clear—they allow you to plan ahead and ensure resources are available to analyze, test, and remediate vulnerabilities in your environments. (For more information on the history of this evolution, take a look at my colleague John Stuppi’s post this past March.) If you haven’t had the opportunity to review my earlier posts on preparing for bundled disclosures or leveraging the Cisco IOS Software Checker tool, I’d encourage you to do so now. Hopefully, the guidance will help lessen the impact of evaluating the recently published Cisco Security Advisories.

Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes eight advisories that affect the following technologies:

  • Network Address Translation
  • Resource Reservation Protocol
  • Internet Key Exchange
  • DHCP
  • IPv6 Virtual Fragmentation Reassembly
  • Network Time Protocol
  • T1/E1 Interface Module Signalization
  • Zone-Based Firewall

We’ve also released the following video that summarizes this disclosure:

Cisco IOS Security Bundle

Make sure you also take a look at the Cisco Event Response—our “go to” document that correlates the full array of Cisco Security Intelligence Operations (SIO) resources for this bundle (including links to the advisories, mitigations, Cisco IntelliShield Alerts, CVSS scores, and OVAL content). As the project manager who oversees the management and delivery of these bundled disclosures, I’m always impressed at the level of effort and collaboration involved. A dedicated team of incident managers, a variety of partner organizations, special tooling, months of preparation, thousands of communications—these all come together on the fourth Wednesday of March and September.

The next Cisco IOS Software Security Advisory Bundled Publication is scheduled for March 26, 2014. Why don’t you mark your calendars now? And don’t forget—for all things security, visit the SIO portal, the primary outlet for Cisco’s security intelligence and the public home to all of our security-related content.


Erin Float

Project Manager

Security Research and Operations Group