Cisco devices that are running Cisco IOS Software are vulnerable when
they are configured for NAT and contain support for
NAT for Session Initiation Protocol.
There are two methods to determine if a device is configured for NAT:
- Determine if NAT is active on a running device.
- Determine if NAT commands are included in the device configuration.
Determine if NAT is Active on a Running Device
The preferred method to verify whether NAT is enabled on a Cisco IOS
device is to log in to the device and issue the show ip nat
statistics command. If NAT is active, the sections Outside
interfaces and Inside interfaces will each include at
least one interface. The following example shows a device on which the NAT
feature is active:
Router#show ip nat statistics
Total translations: 2 (0 static, 2 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: Ethernet1
Hits: 135 Misses: 5
Expired translations: 2
-- Inside Source
access-list 1 pool mypool refcount 2
pool mypool: netmask 255.255.255.0
start 192.168.10.1 end 192.168.10.254
type generic, total addresses 14, allocated 2 (14%), misses 0
Depending on the Cisco IOS Software release, the interface lists can be
in the lines following the Outside interfaces and
Inside interfaces. In releases that support the section filter on show commands, the
administrator can determine whether NAT is active by using the show ip
nat statistics | section interfaces command, as illustrated in the following example:
Router> show ip nat statistics | section interfaces
Determine if NAT Commands are Included in the Device Configuration
Alternatively, to determine whether NAT has been enabled in the Cisco
IOS Software configuration, either the ip nat inside or ip nat outside commands must be present in different
interfaces, or in the case of the NAT
Virtual Interface, the ip nat enable interface command
will be present.
Determine the Cisco IOS Software Release
To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.
The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team
!--- output truncated
Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS and NX-OS Software Reference Guide" at http://www.cisco.com/web/about/security/intelligence/ios-ref.html.
No other Cisco products are currently known to be affected by this vulnerability.