Cisco devices that are running Cisco IOS Software are vulnerable when they are configured with the mace enable
or waas enable
interface configuration commands on one or more interfaces. Additional configuration is required for WAAS Express or MACE to be configured; more details follow.
Note: Cisco IOS Software is vulnerable only when configured for WAAS Express or MACE. Cisco IOS Software configured for WAAS, not WAAS Express, is not vulnerable.
For more information on WAAS Express, see http://www.cisco.com/en/US/products/ps11211/index.html
For more information about MACE, see http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps11709/ps11671/guide_c07-664643.html
To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.
The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS and NX-OS Software Reference Guide" at http://www.cisco.com/web/about/security/intelligence/ios-ref.html.
No other Cisco products are currently known to be affected by these vulnerabilities.