If you’re looking to update the software running on a Cisco IOS device, typically a SMARTnet contract is required. One option people often overlook is CISCO’s security vulnerability policy, which offers free updates for devices affected by one or more security vulnerabilities.
As of April 2012, the policy states that (emphasis mine):
As a special customer service, and to improve the overall security of the Internet, Cisco may offer customers free of charge software updates to address security problems. If Cisco has offered a free software update to address a specific issue, noncontract customers who are eligible for the update may obtain it by contacting the Cisco TAC using any of the means described in the Contact Summary section of this document. To verify their entitlement, individuals who contact the TAC should have available the URL of the Cisco document that is offering the update.
Cisco provides an interactive online tool to help you identify whether your device is affected by one or more issues. Paste the output of the “show ver” command and you’ll be provided with a list of vulnerabilities.
Contact Cisco TAC, including the output of the “show ver” command and the list of vulnerabilities. They’ll respond with a one-time link to obtain the latest IOS image for your device, free of charge.