Cisco NCS 6000 running an affected version of Cisco IOS XR is vulnerable when configured to process SSH, SCP, and SFTP management connections to the device. For information about which Cisco IOS XR Software releases for Cisco NCS 6000 are vulnerable, see the "Fixed Software" section of this advisory.
This vulnerability can be exploited using both IPv4 and IPv6 packets. The vulnerability can be triggered by SSH, SCP, or SFTP management connections destined to TCP listening port 22 or other TCP ports configured for those services, and using an IPv4 or IPv6 unicast address of any interface configured on a device. An attacker must establish a TCP three-way handshake, but the management connection to a vulnerable device does not have to be authenticated.
This vulnerability can be triggered only by traffic destined to an affected device and cannot be exploited with traffic transiting an affected device.
To determine whether SSH, SCP, or SFTP is configured for management access, use the show running-config | include ssh server
command and verify that the ssh server v2
command is present.
The following example shows a Cisco IOS XR router with an SSHv2 server enabled:
Determining the Cisco IOS XR Software Release
RP/0/RP0/CPU0:router#sho run | in ssh server
Thu Jun 16 06:44:34.256 CEST
ssh server v2
ssh server vrf default
To determine which Cisco IOS XR Software release is running on a device and the name of the device on which it is running, administrators can log in to the device and use the show version
command in the command-line interface (CLI). If the device is running Cisco IOS XR Software, Cisco IOS XR Software
or similar text appears in the system banner. The name of the hardware product appears on the line after the location of the system image file.
The following example shows the output of the show version
command on a device that is running Cisco IOS XR Software Release 5.2.5:
Wed Jun 15 16:08:37.966 UTC
Cisco IOS XR Software, Version 5.2.5
Copyright (c) 2013-2014 by Cisco Systems, Inc.
Built By : ahoang
Built On : Thu Mar 17 19:26:37 PDT 2016
Build Host : iox-lnx-006
Workspace : /auto/srcarchive16/production/5.2.5/all/workspace
Version : 5.2.5
Location : /opt/cisco/XR/packages/
cisco NCS-6000 () processor
System uptime is 6 weeks, 6 days, 19 hours, 32 minutes
Cisco 12000 Series Routers, Cisco ASR 9000 Series Aggregation Services Routers, Cisco Carrier Routing System, and Cisco Network Convergence System 4000 Series running Cisco IOS XR are not affected by this vulnerability.
No other Cisco products are currently known to be affected by this vulnerability.