A Cisco CRS-3 Carrier Routing System device is affected by this vulnerability when all the following conditions are met:
1) Any of the following line cards are installed on the chassis:
- CRS-MSC-140G: Cisco CRS-3 Modular Services Card (140G)
- CRS-FP140: Cisco CRS-3 Forwarding Processor Card (140 Gbps)
- CRS-LSP: Cisco CRS-3 Label Switch Processor
2) The Cisco CRS-3 Carrier Routing System device is running a Cisco IOS XR release affected by this vulnerability. See the "Software Versions and Fixes" section of this advisory for information about affected releases. Note:
Cisco IOS XR Software Releases 4.2.1 and later are not affected by this vulnerability.
3) Any previously listed line card is configured to process IPv6 traffic.
Administrators can use the show diag
command to determine whether any of the affected line cards are installed on a Cisco CRS-3 Carrier Routing System device. The following output shows a Cisco CRS-3 Carrier Routing System device with a CRS-MSC-140G line card installed:
Thu Jun 4 14:53:25.229 EDT
CARD 0/0/* : Cisco CRS Series Modular Services Card 140G
MAIN: board type 500064
800-32942-06 rev B0
PCA: 73-12720-06 rev A0
Administrators can use the show version
command to determine the Cisco IOS XR release running on the device. A device running Cisco IOS XR will include the string "Cisco IOS XR" in the output of the show version
command. The following example shows a device running Cisco IOS XR Release 4.1.2:
Thu Jun 4 14:56:06.484 EDT
Cisco IOS XR Software, Version 4.1.2[Default]
Copyright (c) 2012 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 2.05(20110622:151317) [CRS ROMMON],
router uptime is 2 years, 11 weeks, 5 days, 10 hours, 22 minutes
System image file is "disk0:hfr-os-mbi-4.1.2.CSCtw71819-1.0.0/0x100008/mbihfr-rp-x86e.vm"
cisco CRS-16/S (Intel 686 F6M14S4) processor with 12582912K bytes of memory.
Intel 686 F6M14S4 processor at 2130Mhz, Revision 2.174
Cisco CRS Series 16 Slots Line Card Chassis
Administrators can use the show ipv6 interface brief
command to determine if an interface is enabled for IPv6 traffic processing. The following example shows an interface configured for IPv6 processing:
RP/0/RP0/CPU0:router# show ipv6 interface brief
The show ipv6 interface brief
command will produce an
error message if the running version of Cisco IOS XR Software does not
support IPv6. The output will not show any interfaces with IPv6 addresses if
IPv6 is disabled.
An interface may be configured for IPv6 processing but may not
appear on the output of the show ipv6 interface brief
command if the interface is part of a bundle or a virtual routing and forwarding (VRF) instance. The show ipv6 vrf all interface
command can be used to determine whether any interface has been configured in this way. The following is the output of the show ipv6 vrf all interface
command showing an interface configured for IPv6 processing as part of a bundle and assigned to a VRF instance:
RP/0/RP0/CPU0:router#sh ipv6 vrf all interface
Thu Jun 4 15:12:11.170 EDT
Bundle-Ether4.765 is Up, ipv6 protocol is Up, Vrfid is FDA (0x60000001)
IPv6 is enabled, link-local address is fe80::21d:a2ff:aabb:ccdd
Global unicast address(es):
2001:db8:1:1::1, subnet is 2001:db8:1:1::/64
Joined group address(es): ff02::1:ff00:0 ff02::1:aabb:ccdd ff02::2
MTU is 1518 (1500 is available to IPv6)
ICMP redirects are disabled
ICMP unreachables are enabled
ND DAD is enabled, number of DAD attempts 1
ND reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
Hosts use stateless autoconfig for addresses.
Outgoing access list is not set
Inbound access list is not set
Table Id is 0xe0800001
Cisco 12000 Series Routers, Cisco ASR 9000 Series Aggregation Services
Routers, Cisco Carrier Routing System 1 (CRS-1), Cisco CRS-X Carrier Routing System, and Cisco Network Convergence System 6000 Series Routers running Cisco IOS XR Software are not affected by this
vulnerability. Only Cisco CRS-3 Carrier Routing System devices that meet all the conditions in the "Vulnerable Products" section of this advisory are affected by this vulnerability.
No other Cisco products are currently known to be affected by this vulnerability.