The following products are affected:
Content Engine 507, 560, 590, and 7320 running Cache Software 3.1.1
or Application and Content Networking Software 4.0.x or 4.1.1
Content Router 4430 and Content Distribution Manager 4630 and 4650
running Application and Content Networking Software 4.0.x or
This product reached the end-of-life state in 2001. This product is no
longer supported, and customers are strongly advised to migrate to a recent
Cisco Intrusion Detection System
Cisco IDS sensor appliances (part numbers IDS-4210, IDS-4220-E and
IDS-4230-xx) are vulnerable if the sensor version as reported by nrvers is in
the range 3.0(1) through 3.0(5) inclusive. The C6000 IDSM (part number
WS-X6381-IDS) is not vulnerable.
Metro 1500 DWDM
All releases prior to software release 3.3b are affected.
Hosting Solution Engine (HSE)
HSE releases 1.0 and 1.3 are vulnerable.
We are still evaluating the rest of Cisco products against this
We have verified that the following products are not vulnerable or that
exposure is negligible. Note that this is not an exhaustive list.
Cisco SN 5420 Storage Routers
VPN 3000, 3500
User Registration Tool (URT)
Some products, such as Cisco IOS, use compressed images. In order to
utilize this attack vector, an attacker would have to prepare a tampered
distribution image and try to load it onto a device. That implies either
physical or administrative access to the device. By having such access, an
attacker is in a position to execute many other attacks, some of which are much
easier to accomplish. Although Cisco will incorporate the fixed version of zlib
in the subsequent software releases for products that belong to this category,
that fact will not be reflected in this advisory.
No other Cisco products are currently known to be affected by these