A vulnerability in the IP Version 6 (IPv6) packet processing functions of multiple Cisco products could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted IPv6 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 Neighbor Discovery (ND) packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to stop processing IPv6 traffic, leading to a DoS condition on the device. This vulnerability is not Cisco specific: any IPv6 processing unit not capable of dropping such packets early in the processing path or in hardware is affected by this vulnerability. Cisco will release software updates that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
Cisco is currently investigating its product line to determine which products may be affected by this vulnerability and the impact of the vulnerability on each affected product. As the investigation progresses, Cisco will update this advisory with information about affected products, including the ID of the Cisco bug for each affected product. The bugs will be accessible through the Cisco Bug Search Tool and will contain additional platform-specific information, including any available workarounds and fixed software releases.
In addition, if IPv6 is enabled, the ipv6 enable interface configuration command is present in the configuration. The following example shows the output of a vulnerable configuration:RP/0/RP0/CPU0:router# show ipv6 interface brief
GigabitEthernet0/2/0/0 [Up/Up]
fe80::212:daff:fe62:c150
202::1
If IPv6 is not supported by the Cisco IOS XR Software release that is running on a device, use of the show ipv6 interface brief command produces an error message. If IPv6 is not enabled on the device, use of the show ipv6 interface brief command does not show any interfaces with IPv6 addresses. In either scenario, the device is not affected by this vulnerability.RP/0/RP0/CPU0:router(config)# interface GigabitEthernet0/2/0/0
RP/0/RP0/CPU0:router(config-if)# ipv6 enable
Router# show running-config | include ipv6.(enable|address)
ipv6 enable ipv6 address dhcp rapid-commit
ipv6 address autoconfig ipv6 address MANAGEMENT ::1FFF:0:0:0:3560/128
ipv6 address 2001:DB8::1/64
Router# show running-config | include ipv6.(enable|address)
ipv6 enable ipv6 address dhcp rapid-commit
ipv6 address autoconfig ipv6 address MANAGEMENT ::1FFF:0:0:0:3560/128
ipv6 address 2001:DB8::1/64
Router# show running-config | include ipv6.address
ipv6 address 2001:DB8::1/64
ciscoasa# show ipv6 interface outside is up, line protocol is up IPv6 is enabled, link-local address is fe80::219:2fff:fe83:4f42 No global unicast address is configured Joined group address(es): ff02::1 ff02::1:ff83:4f42 ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses. inside is up, line protocol is up IPv6 is enabled, link-local address is fe80::219:2fff:fe83:4f43 No global unicast address is configured Joined group address(es): ff02::1 ff02::1:ff83:4f43 ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses.
[local]router# show ipv6 interface summary
Friday February 21 09:00:07 UTC 2014
Interface Name Address/Mask Port Status
============================== =================== ================== ======
int1_test_v6 2001:db8::1/64 20/1 vlan 122 UP
int2_test_v6 2001:db8::2/64 21/1 vlan 122 UP
int3_test_v6 2001:db8::3/64 22/1 vlan 122 UP
int4_test_v6 2001:db8::4/64 23/1 vlan 130 UP
RP/0/RP0/CPU0:router# show version
Mon May 31 02:14:12.722 DST
Cisco IOS XR Software, Version 4.1.0
Copyright (c) 2010 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 2.100(20100129:213223) [CRS-1 ROMMON],
router uptime is 1 week, 6 days, 4 hours, 22 minutes
System image file is "bootflash:disk0/hfr-os-mbi-4.1.0/mbihfr-rp.vm"
cisco CRS-8/S (7457) processor with 4194304K bytes of memory.
7457 processor at 1197Mhz, Revision 1.2
Router> show version
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Mon 22-Jun-15 09:32 by prod_rel_team
.
.
.
Determining the Cisco NX-OS Software ReleaseRouter# show version
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 07-Aug-12 13:40 by mcpre
# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
BIOS: version 3.6.0
loader: version N/A
kickstart: version 7.1(1)N1(1)
system: version 7.1(1)N1(1)
Customers who use Cisco ASDM to manage devices can locate the software release in the table that appears in the login window or the upper-left corner of the Cisco ASDM window.ciscoasa#show version | include Version
Cisco Adaptive Security Appliance Software Version 8.4(1)
Device Manager Version 6.4(1)
[local# show version
Active Software:
Image Version: 15.0 (49328)
Image Branch Version: 015.000(001)
Image Description: Production_Build
Image Date: Tue Apr 23 00:45:12 EDT 2013
Boot Image: Unknown
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Version | Description | Section | Status | Date |
---|---|---|---|---|
1.16 | Added Cisco bugs CSCvb19057 and CSCva17794. Changed status to Final. | Cisco Bug IDs, Status of this Notice | Final | 2019-September-16 |
1.15 | Added Cisco bugs CSCva94139, CSCva61877 | Cisco Bug IDs | Interim | 2016-September-14 |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.