Blog IndexPosts by TagHome

Obtaining free Cisco IOS Updates

Posted <2017-01-26 Thu 21:00> by Aaron S. Jackson.

Came across a post the other day describing a method of obtaining free software updates for Cisco devices. I have a C2950 24port 100Mbps ethernet switch, which has been end-of-life since 2009. It was £20 on eBay, fun to mess about with, and very reliable.

I tested out the method described in the linked post and it worked. Here was the email I sent:

From: Aaron Jackson
To: tac@cisco.com
Subject: Security updates for Cisco 2950-24
Flags: seen
Date: Sun 22 Jan 2017 22:40:44 GMT
Maildir: /personal/Sent

Hi,

I would like to enquire about obtaining a security software update for
my WS-C2950-24 switch, as mentioned may be possible in the Cisco
security vulnerability policy:

> As a special customer service, and to improve the overall security of
> the Internet, Cisco may offer customers free software updates to
> address high-severity security problems. The decision to provide free
> software updates is made on a case-by-case basis.

I see from the online software checker that the version I am currently
running is vulnerable to the following:

| Advisories That Affect This Release                                                 | First Fixed  |
|-------------------------------------------------------------------------------------+--------------|
| Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability         | 12.2(55)SE11 |
| Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products              | 15.0(2)SE9   |
| Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability         | 12.2(55)SE11 |
| Cisco IOS Software Network Address Translation Vulnerabilities                      | 12.2(40)SE1  |
| Cisco IOS Software DHCP Denial of Service Vulnerability                             | 12.2(55)SE8  |
| Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability  | 12.2(55)SE8  |
| OSPF LSA Manipulation Vulnerability in Multiple Cisco Products                      | 12.1(22)EA6a |
| Cisco IOS Software Multicast Source Discovery Protocol Vulnerability                | 12.1(22)EA6a |
| Cisco IOS Software Tunnels Vulnerability                                            | 12.1(22)EA6a |
| TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products | 12.1(22)EA13 |
| Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability               | 12.1(22)EA13 |
| Cisco IOS Software Multiple Features IP Sockets Vulnerability                       | 12.1(22)EA13 |
| Cisco IOS HTTP Server Ping Parameter Cross-Site Scripting Vulnerability             | 12.1(22)EA13 |
| Multiple Multicast Vulnerabilities in Cisco IOS Software                            | 12.1(22)EA6a |
| SNMP Version 3 Authentication Vulnerabilities                                       | 12.1(22)EA10 |
| Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets                  | 12.1(22)EA9  |
| Crafted IP Option Vulnerability                                                     | 12.1(22)EA8  |
| Crafted TCP Packet Can Cause Denial of Service                                      | 12.1(22)EA8  |
| IOS HTTP Server Command Injection Vulnerability                                     | 12.1(22)EA7  |

I include the output from "show version" here:

> Cisco Internetwork Operating System Software
> IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA6, RELEASE SOFTWARE (fc1)
> Copyright (c) 1986-2005 by cisco Systems, Inc.
> Compiled Fri 21-Oct-05 01:59 by yenanh
> Image text-base: 0x80010000, data-base: 0x80568000
>
> ROM: Bootstrap program is C2950 boot loader
>
> lana uptime is 4 days, 11 hours, 15 minutes
> System returned to ROM by power-on
> System image file is "flash:/c2950-i6q4l2-mz.121-22.EA6.bin"
>
> cisco WS-C2950-24 (RC32300) processor (revision R0) with 21013K bytes of memory.
> Processor board ID FCZ1010W0BA
> Last reset from system-reset
> Running Standard Image
> 24 FastEthernet/IEEE 802.3 interface(s)
>
> 32K bytes of flash-simulated non-volatile configuration memory.
> Base ethernet MAC Address: 00:17:59:24:5F:80
> Motherboard assembly number: 73-5781-13
> Power supply part number: 34-0965-01
> Motherboard serial number: FOC10073SCQ
> Power supply serial number: DAB0949KN50
> Model revision number: R0
> Motherboard revision number: A0
> Model number: WS-C2950-24
> System serial number: FCZ1010W0BA
> Configuration register is 0xF

I would greatly appreciate any software update that would fix some of
the aforementioned security issues.

Kind regards,

Aaron Jackson

Someone from Cisco replied very rapidly, and a few emails back and forth (one of which actively encouraging me to update my switch), and a link to the latest compatible IOS was sent to me. Still quite an old version, but if it can fix a few security issues and perhaps even offer some additional features, I am happy. I haven't updated it yet, but I will be taking a dump of the current IOS in case something goes wrong.

Related posts:

Tags: networking

Blog IndexPosts by TagHome

Copyright 2007-2017 Aaron S. Jackson (modified: Sun 23 Jul 14:30:46 BST 2017)