This vulnerability affects Cisco IOS XR Software version 4.3.1 installed on any supported hardware device.
If a UDP listening service is enabled on the device, it is vulnerable. Typical configurations that use UDP services (and their default UDP port numbers) are as follows:
- Simple Network Management Protocol (SNMP) - UDP Ports 161 and 162
- Network Time Protocol (NTP) - UDP port 123
- Label Distribution Protocol (LDP) - UDP port 646
- Syslog - UDP port 514
To determine potential features configured on the Cisco IOS XR device that use UDP as a transport mechanism, administrators can log in to the device and issue the show udp brief command-line interface (CLI) command. The local address port numbers are important. The local address port numbers are indicated by the final set of numbers in the Local Address column. For example :::123 and 0.0.0.0:123 specify the NTP feature. The following example shows a vulnerable device configured, with NTP, SNMP, Syslog and LDP:
RP/0/0/CPU0:example#show udp brief
Tue Aug 27 08:57:56.255 PST
PCB VRF-ID Recv-Q Send-Q Local Address Foreign Address
0x500f87c4 0x60000000 0 0 :::123 :::0
0x500f9af8 0x00000000 0 0 :::123 :::0
0x500fc28c 0x60000000 0 0 :::161 :::0
0x500fc074 0x00000000 0 0 :::161 :::0
0x500fc88c 0x60000000 0 0 :::162 :::0
0x500fc5fc 0x00000000 0 0 :::162 :::0
0x500f8404 0x60000000 0 0 0.0.0.0:514 0.0.0.0:0
0x500fa4d8 0x60000000 0 0 0.0.0.0:123 0.0.0.0:0
0x500fa338 0x00000000 0 0 0.0.0.0:123 0.0.0.0:0
0x500fce3c 0x60000000 0 0 0.0.0.0:646 0.0.0.0:0
0x500f9c98 0x60000000 0 0 0.0.0.0:161 0.0.0.0:0
0x500fb360 0x00000000 0 0 0.0.0.0:161 0.0.0.0:0
0x500fbbbc 0x60000000 0 0 0.0.0.0:162 0.0.0.0:0
0x500fa184 0x00000000 0 0 0.0.0.0:162 0.0.0.0:0
0x500f8f10 0x00000000 0 0 0.0.0.0:0 0.0.0.0:0
To determine the version of Cisco IOS XR Software installed on a Cisco device, administrators can log in to the device and issue the show version
command to display the system banner. The system banner confirms that the device is running Cisco IOS XR Software by displaying text similar to "Cisco IOS XR Software". The software version is displayed after the text "Cisco IOS XR Software".
The following example identifies a Cisco 12000 series device with Cisco IOS XR Software version 4.3.1 installed:
RP/0/0/CPU0:example#show version brief
Tue Aug 27 09:07:39.614 PST
Cisco IOS XR Software, Version 4.3.1[Default]
Copyright (c) 2013 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 12.00(20090302:133850) [rtauro-sw30346-33S 1.23dev(0.36)] DEVELOPMENT SOFTWARE
Copyright (c) 1994-2009 by cisco Systems, Inc.
Additional information about Cisco IOS XR Software release naming conventions is available in White Paper: Cisco IOS Reference Guide
Additional information about Cisco IOS XR Software time-based release model is available in White Paper: Guidelines for Cisco IOS XR Software
No other Cisco products are currently known to be affected by this vulnerability.