All users of classic Cisco IOS software, versions 9.1 and later, but
earlier than the repaired versions listed in the "Details" section of this
notice, whose devices can be connected to interactively by untrusted users, are
affected by this vulnerability. Note that all of the repaired versions are
quite recent as of the date of this notice, and that it is unlikely that most
Cisco users have installed them. The vulnerability affects the vast majority of
systems running Cisco IOS software as of this date.
The vulnerability can be exploited using direct console or asynchronous
serial connections (including dialup connections), TELNET connections, UNIX "r"
command connections, local-area transport (LAT) connections, Maintenance
Operation Protocol (MOP) connections, X.29 connections, V.120 connections, and
possibly others. Except in extraordinary security environments, administrators
are strongly encouraged to assume that hostile users can find ways to make
interactive connections to their Cisco IOS devices. It is not necessary to be
able to actually log in to exploit this vulnerability; simply establishing a
terminal connection is sufficient.
It is impossible to list all Cisco products in this notice; the lists
below included only the most commonly used or most asked-about products.
If you are unsure whether your device is running classic Cisco IOS
software, log into the device and issue the command show
version. Classic Cisco IOS software will identify itself simply
as "IOS" or "Internetwork Operating System Software". Other Cisco devices
either will not have the show version command, or
will give different output.
Cisco devices that run classic Cisco IOS software include:
Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 8xx, 1xxx, 25xx,
26xx, 30xx, 36xx, 40xx, 45xx, 47xx, AS52xx, AS53xx, 70xx, 72xx (including the
ubr72xx), 75xx, and 12xxx series
Most recent versions of the LS1010 ATM switch
Some versions of the Catalyst 2900XL LAN switch
The Cisco DistributedDirector
If you are not running classic Cisco IOS software, then you are not
affected by this vulnerability. Cisco devices which do not
run classic Cisco IOS software, and are not affected by
this vulnerability, include the following:
7xx dialup routers (750, 760, and 770 series) are
Catalyst 19xx, 28xx, 29xx, 3xxx, and 5xxx LAN switches are
not affected, except for some versions of the Catalyst
2900XL. However, optional router modules running Cisco IOS software in switch
backplanes, such as the RSM module for the Catalyst 5000 and 5500,
WAN switching products in the IGX and BPX lines are
The MGX (formerly known as the AXIS shelf) is not
No host-based software is affected.
The Cisco PIX Firewall is not affected.
The Cisco LocalDirector is not affected.
The Cisco Cache Engine is not affected.
No other Cisco products are currently known to be affected by these