Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System X (CRS-X) running an affected version of Cisco IOS XR Software are affected by this vulnerability.
All flavors of Cisco CRS-X line cards are affected by this vulnerability, including Cisco CRS-X 400-Gbps Modular Services Card (MSC-X) and Cisco CRS-X 400-Gbps Forwarding Processor Cards (FP-X).
Consult the "Software Versions and Fixes" section of this advisory for the details of affected releases.
A device running an affected version of Cisco IOS XR Software release that has IPv6 enabled will display interfaces with assigned IPv6 addresses when the show ipv6 interface brief
command is issued.
The show ipv6 interface brief
command will produce an error message if the running version of Cisco IOS XR Software does not support IPv6, or will not show any interfaces with IPv6 addresses if IPv6 is disabled. The system is not vulnerable in either scenario.
The following example shows the output from the show ipv6 interface brief
command issued on a device running Cisco IOS XR Software with IPv6 enabled:
RP/0/RP0/CPU0:router# show ipv6 interface brief
The IPv6 protocol is enabled if the interface configuration command ipv6 enable
is present in the configuration. The following examples show a vulnerable configuration:
RP/0/RP0/CPU0:router(config)# interface GigabitEthernet0/2/0/0
RP/0/RP0/CPU0:router(config-if)# ipv6 enable
To determine the Cisco IOS XR Software release and the exact name of the product on which it runs, administrators can log in to the device and issue the show version
command to display the system banner. The system banner confirms that the device is running Cisco IOS XR Software by displaying "Cisco IOS XR Software" or similar text.
The location and name of the system image file currently running on the router are displayed under the "System image file is" text.
The hardware product is indicated in the line following the name of the system image file.
The following example identifies a Cisco product that is running Cisco IOS XR Software Release 4.1.0 with an installed image name of mbihfr-rp.vm
RP/0/RP0/CPU0:router# show version
Mon May 31 02:14:12.722 DST
Cisco IOS XR Software, Version 4.1.0
Copyright (c) 2010 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 2.100(20100129:213223) [CRS-1 ROMMON],
router uptime is 1 week, 6 days, 4 hours, 22 minutes
System image file is "bootflash:disk0/hfr-os-mbi-4.1.0/mbihfr-rp.vm"
cisco CRS-8/S (7457) processor with 4194304K bytes of memory.
7457 processor at 1197Mhz, Revision 1.2
Only the following products are affected by this vulnerability:
- Cisco NCS 6000
- All flavors of Cisco CRS-X line cards, including Cisco CRS-X Modular Services Card (MSC-X) and Cisco CRS-X 400-Gbps Forwarding Processor Cards (FP-X).
Cisco 12000 Series Routers, Cisco ASR 9000 Series Aggregation Services Routers, Cisco Carrier Routing System 1 (CRS-1) or Cisco Carrier Routing System 3 (CRS-3) running Cisco IOS XR Software are not affected by this vulnerability.
No other Cisco products are currently known to be affected by this vulnerability.