All Cisco Nexus 5000 NX-OS Software Releases 5.0(2) and 5.0(3) prior to
5.0(3)N2(1) are affected by this vulnerability.
Note: Cisco Nexus 5000 NX-OS Software Releases 4.x are not affected by this
All Cisco Nexus 3000 NX-OS Software Releases prior to
5.0(3)U1(2a) or 5.0(3)U2(1) are affected by this vulnerability.
The effects of this vulnerability are experienced when an ACL remark is
configured prior to any deny statement on the ACL. A remark is
a comment about the configured access control entry (ACE).
The following example shows how to create a remark in an IPv4 ACL and
display the results:
ip access-list acl-ipv4-01
remark this ACL denies the 10.1.1.0/24 access to the 10.1.2.0/24 network
deny ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
Note: All the ACEs after a remark are affected. This includes the default
implicit deny at the end of the ACL. IPv4, IPv6 and MAC ACLs are affected.
Quality of service (QoS) classification and route-map ACLs are not affected by
Determining Software Version
To determine the Cisco NX-OS Software release that is running on a
Cisco product, administrators can log in to the device and issue the
show version command to display the system banner. The
following example shows how to display the version information for the
kickstart and system image running on a device that runs Cisco NX-OS Release
switch# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
BIOS: version 1.3.0
loader: version N/A
kickstart: version 5.0(2)N2(1) [build 5.0(2)N2(1)]
system: version 5.0(2)N2(1) [build 5.0(2)N2(1)]
!--- output truncated
The following Cisco products are confirmed not to be affected by this
Cisco Nexus 7000 Series Switches
Cisco Nexus 4000 Series Switches
Cisco Nexus 2000 Series Switches
Cisco Nexus 1000V Series Switches
Cisco MDS 9000 Software
Cisco Unified Computing System
No other Cisco products are currently known to be affected by this