Obtaining free Cisco IOS Updates
Came across a post the other day describing a method of obtaining free software updates for Cisco devices. I have a C2950 24port 100Mbps ethernet switch, which has been end-of-life since 2009. It was £20 on eBay, fun to mess about with, and very reliable.
I tested out the method described in the linked post and it worked. Here was the email I sent:
From: Aaron Jackson To: email@example.com Subject: Security updates for Cisco 2950-24 Flags: seen Date: Sun 22 Jan 2017 22:40:44 GMT Maildir: /personal/Sent Hi, I would like to enquire about obtaining a security software update for my WS-C2950-24 switch, as mentioned may be possible in the Cisco security vulnerability policy: > As a special customer service, and to improve the overall security of > the Internet, Cisco may offer customers free software updates to > address high-severity security problems. The decision to provide free > software updates is made on a case-by-case basis. I see from the online software checker that the version I am currently running is vulnerable to the following: | Advisories That Affect This Release | First Fixed | |-------------------------------------------------------------------------------------+--------------| | Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability | 12.2(55)SE11 | | Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products | 15.0(2)SE9 | | Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability | 12.2(55)SE11 | | Cisco IOS Software Network Address Translation Vulnerabilities | 12.2(40)SE1 | | Cisco IOS Software DHCP Denial of Service Vulnerability | 12.2(55)SE8 | | Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability | 12.2(55)SE8 | | OSPF LSA Manipulation Vulnerability in Multiple Cisco Products | 12.1(22)EA6a | | Cisco IOS Software Multicast Source Discovery Protocol Vulnerability | 12.1(22)EA6a | | Cisco IOS Software Tunnels Vulnerability | 12.1(22)EA6a | | TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products | 12.1(22)EA13 | | Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability | 12.1(22)EA13 | | Cisco IOS Software Multiple Features IP Sockets Vulnerability | 12.1(22)EA13 | | Cisco IOS HTTP Server Ping Parameter Cross-Site Scripting Vulnerability | 12.1(22)EA13 | | Multiple Multicast Vulnerabilities in Cisco IOS Software | 12.1(22)EA6a | | SNMP Version 3 Authentication Vulnerabilities | 12.1(22)EA10 | | Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets | 12.1(22)EA9 | | Crafted IP Option Vulnerability | 12.1(22)EA8 | | Crafted TCP Packet Can Cause Denial of Service | 12.1(22)EA8 | | IOS HTTP Server Command Injection Vulnerability | 12.1(22)EA7 | I include the output from "show version" here: > Cisco Internetwork Operating System Software > IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA6, RELEASE SOFTWARE (fc1) > Copyright (c) 1986-2005 by cisco Systems, Inc. > Compiled Fri 21-Oct-05 01:59 by yenanh > Image text-base: 0x80010000, data-base: 0x80568000 > > ROM: Bootstrap program is C2950 boot loader > > lana uptime is 4 days, 11 hours, 15 minutes > System returned to ROM by power-on > System image file is "flash:/c2950-i6q4l2-mz.121-22.EA6.bin" > > cisco WS-C2950-24 (RC32300) processor (revision R0) with 21013K bytes of memory. > Processor board ID FCZ1010W0BA > Last reset from system-reset > Running Standard Image > 24 FastEthernet/IEEE 802.3 interface(s) > > 32K bytes of flash-simulated non-volatile configuration memory. > Base ethernet MAC Address: 00:17:59:24:5F:80 > Motherboard assembly number: 73-5781-13 > Power supply part number: 34-0965-01 > Motherboard serial number: FOC10073SCQ > Power supply serial number: DAB0949KN50 > Model revision number: R0 > Motherboard revision number: A0 > Model number: WS-C2950-24 > System serial number: FCZ1010W0BA > Configuration register is 0xF I would greatly appreciate any software update that would fix some of the aforementioned security issues. Kind regards, Aaron Jackson
Someone from Cisco replied very rapidly, and a few emails back and forth (one of which actively encouraging me to update my switch), and a link to the latest compatible IOS was sent to me. Still quite an old version, but if it can fix a few security issues and perhaps even offer some additional features, I am happy. I haven't updated it yet, but I will be taking a dump of the current IOS in case something goes wrong.