CISCO-SA-IOX-CRLF-NVGKTKJZ

Vulnerable Products:

At the time of publication, this vulnerability affected Cisco devices if they were running a vulnerable release of Cisco IOS XE Software that was configured for the Cisco IOx application hosting environment. The Cisco IOx application hosting environment is not configured by default.

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine the IOx Application Hosting Configuration To determine whether the Cisco IOx application hosting environment is configured in Cisco IOS XE Software, use the show run | include iox command in privileged EXEC mode, as shown in the following example:

Switch#show run | include iox iox

If the output contains a line with iox only, as shown in the preceding example, the device is affected by this vulnerability.Products Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed the following Cisco products that support Cisco IOx application hosting environment are not affected by this vulnerability:

800 Series Industrial Integrated Services Routers (ISRs) Catalyst 3650 Series Switches Catalyst 3850 Series Switches Catalyst 9100 Family of Access Points (COS-APs) CGR1000 Compute Modules IC3000 Industrial Compute Gateways IR510 WPAN Industrial Routers IOS Software NX-OS Software

Cisco has also confirmed that this vulnerability does not affect Cisco IOS XR Software.Workarounds:

There are no workarounds that address this vulnerability.Fixed Software:

Cisco considers any workarounds and mitigations (if applicable) to be temporary solutions until an upgrade to a fixed software release is available. To fully remediate this vulnerability and avoid future exposure as described in this advisory, Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory....