When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
At the time of publication, Cisco IOx Application Framework releases 1.9.0 and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
The following table indicates the first fixed software release that supports Cisco IOx Application Framework Release 1.9.0 or later.
||Release That Introduced Support for Cisco IOx Application Framework Release 1.9.0 or Later
|800 Series Industrial ISRs
||Cisco IOS Software Release 15.9(3)M
|800 Series ISRs
||Not fixed; IOx has reached end of life on the Cisco 800 Series ISRs.
|CGR1000 Compute Module
||IOx image for CGR1000 Release 22.214.171.124
|IC3000 Industrial Compute Gateway
||Industrial Compute Gateway Software Release 1.2.1
|IE 4000 Series Switches
||Cisco IOS Software Release 15.2.(7a)E0b
|IOS XE devices:
- 1000 Series ISRs
- 4000 Series ISRs
- ASR 1000 Series Aggregation Services Routers
- Catalyst 9x00 Series Switches
- Catalyst IE3400 Rugged Series Switches
- Embedded Services 3300 Series Switches
|Cisco IOS XE Software Release 17.2(1)
|IR510 WPAN Industrial Routers
||IR510 Operating System Release 6.1.27