At the time of publication, this vulnerability affected Cisco IOS XE Software releases 16.3.1 and later if they were configured with the Cisco IOx application hosting infrastructure.
The Cisco IOx application hosting infrastructure is not enabled by default.
See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
Assess the Cisco IOx Application Hosting Environment
There are two methods for assessing the IOx application hosting environment:
Option 1: Use the show iox-service Command
To determine the status of IOx functionality, use the show iox-service command in privileged EXEC mode, as shown in the following example:
IOx Infrastructure Summary:
IOx service (CAF) : Running
IOx service (HA) : Running
IOx service (IOxman) : Running
Libvirtd : Running
The device is vulnerable if IOx service (CAF) is in the Running state. If any statement in the following list is true, the device is not affected by the vulnerability described in this advisory:
- IOx service (CAF) is in the Not Running state
- The show iox-service privileged EXEC mode command returns no output
- The show iox-service privileged EXEC mode command returns an error
Option 2: Use the iox Configuration Command
As an alternative, check the running configuration for the iox configuration command, as shown in the following example:
Router#sh run | include iox
The device is vulnerable if the output contains a line with only iox, as shown in the preceding example. If the iox configuration command does not return output or this command returns an error, the device is not affected by the vulnerability described in this advisory.
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following Cisco products:
- Other platforms that support Cisco IOx
- IOS Software
- IOS XR Software
- NX-OS Software