Only systems configured with one or more of the following features are affected by this vulnerability: SSL VPN, SSH, or Internet Key Exchange (IKE) encrypted nonces. Additional information about determining if a device is vulnerable is available in the vendor advisory.
Exploitation of this vulnerability requires a three-way TCP handshake for the TCP ports. For this reason, attackers will not be able to spoof the source address of the malicious packets, making it harder for the attacker to conceal the source of their attacks. However, for the IKE encrypted nonces service which uses UDP, source address spoofing will be possible.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.