CISCO-SA-CAT9K-PTMD7BGY

Vulnerable Products:

This vulnerability affects the following Cisco Catalyst 9000 switching family platforms if they are running a vulnerable release of Cisco IOS XE Software and have a trunk port, or a Cisco TrustSec-enabled port, or a MACSec-enabled port enabled:

Catalyst 9200 Series Switches Catalyst 9300 Series Switches Catalyst 9400 Series Switches Catalyst 9500 Series Switches Catalyst 9600 Series Switches

Meraki MS390 and Cisco Catalyst 9300 Series Switches that are running software earlier than Meraki CS 17.2.2 are affected. Cloud-Managed Hybrid Operating Mode for Catalyst Wireless LAN Controllers that are running Cisco IOS XE Software releases earlier than Release 17.15.4 are also affected. This is fixed in Cisco IOS XE Software Release 17.15.4.

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine the Device Configuration Determine Whether a Trunk Port is Enabled on a Device

To determine whether a device has a trunk port enabled, use Administrator privileges to connect to the device CLI and use the show running-config | include switchport mode trunk|dynamic|dot1q-tunnel command. If output is returned, the device is affected, as shown in the following example:

Switch#show running-config | include switchport mode trunk|dynamic|dot1q-tunnel switchport mode trunk Switch#

Determine Whether a Device Has a Cisco TrustSec-Enabled Port

To determine whether a device has a Cisco TrustSec-enabled port, use Administrator privileges to connect the device CLI and use the show running-config | include cts manual command. If output is returned, the device is affected, as shown in the following example:

Switch#show running-config | include cts manual cts manual Switch#

Determine Whether a Device Has a MACsec-Enabled Port

To determine whether a device has a MACsec-enabled port, use Administrator privileges to connect to the device CLI and use the...