CISCO-SA-MODULAR-ACL-U5MEPXMM

Vulnerable Products:

At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco IOS XR Software and had egress IPv4 or IPv6 packet filtering enabled:

8000 Series Modular Platforms – the following models only: 8608 Routers 8804 Routers 8808 Routers 8812 Routers 8818 Routers

IOSXRWBD modular variant (distributed disaggregated chassis) Network Convergence System (NCS) 5500 Modular Platforms – the following models only: NCS S5504 NCS S5508 NCS S5516

For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software ["#fs"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

Determine Whether IP Packet Filtering on the Egress Direction Is Enabled

To determine whether an egress IPv4 or IPv6 ACL is configured, use the show running-config | include ipv4 access-group .* egress or the show running-config | include ipv6 access-group .* egress CLI command. If the command returns output, the feature is configured, as shown in the following examples:

RP/0/RP0/CPU0:NCS-5508-A#show running-config | include ipv4 access-group .* egress Wed Mar 12 16:00:00.000 UTC Building configuration... ipv4 access-group EgressACL egress RP/0/RP0/CPU0:NCS-5508-A#

RP/0/RP0/CPU0:NCS-5508-A#show running-config | include ipv6 access-group .* egress Wed Mar 12 16:00:00.000 UTC Building configuration... ipv6 access-group EgressACL egress RP/0/RP0/CPU0:NCS-5508-A#

Note: All interface egress types are affected except a bridged virtual interface (BVI).Products Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

IOS Software IOS XE Software...