This security advisory applies to all Cisco products that run Cisco IOS
Software configured for NAT and that support the NAT SCCP Fragmentation Support
feature. This feature was first introduced in Cisco IOS version 12.4(6)T.
To verify if NAT is enabled on a Cisco IOS device log into
the device and issue the command show ip nat
statistics. The following example shows a device configured with
Router# show ip nat statistics
Total translations: 2 (0 static, 2 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: Ethernet1
Hits: 135 Misses: 5
Expired translations: 2
-- Inside Source
access-list 1 pool mypool refcount 2
pool mypool: netmask 255.255.255.0
start 192.168.10.1 end 192.168.10.254
type generic, total addresses 14, allocated 2 (14%), misses 0
Alternatively, you can use the show running-config |
include ip nat command to verify if NAT has been enabled on the
Note: With reference to NAT, the term "inside" refers to those networks
that will be translated. Inside this domain, hosts will have addresses in one
address space, while on the "outside", they will appear to have addresses in
another address space when NAT is configured. The first address space is
referred to as the local address space and the second is referred to as the
global address space. The ip nat inside and
ip nat outside interface commands must be present on
the corresponding router interfaces in order for NAT to be enabled.
In order to determine the software that runs on a Cisco IOS product,
log in to the device and issue the show version command to display the system
banner. Cisco IOS software identifies itself as "Internetwork Operating System
Software" or simply "IOS." On the next line of output, the image name displays
between parentheses, followed by "Version" and the Cisco IOS release name.
Other Cisco devices do not have the show version command or give different
The following example shows output from a device that runs an IOS
Cisco IOS Software, 7200 Software (C7200-ADVSECURITYK9-M), Version 12.4(6)T2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Tue 16-May-06 16:09 by kellythw
<more output removed for brevity>
Cisco IOS XR and IOS XE are not affected by this vulnerability.
Cisco IOS devices not explicitly configured for NAT are not
No other Cisco products are currently known to be affected
by these vulnerabilities.