Vulnerable Products:

This vulnerability affects the following Cisco products if they are running Cisco NX-OS Software, the IS-IS protocol is enabled, and the IS-IS protocol is enabled on at least one interface.

Nexus 3000 Series Switches Nexus 9000 Series Switches in standalone NX-OS mode

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.

Determine Whether the IS-IS Protocol is Enabled

To determine the IS-IS protocol configuration on a switch, use the show running-config | include isis CLI command. If the configuration commands feature isis, router isis name, and at least one instance of ip router isis name are present, the IS-IS protocol is enabled on at least one interface, as shown in the following example:

show running-config | include isis

feature isis . . . ip router isis name router isis name

Note: This vulnerability can only be exploited by an adjacent IS-IS peer in the UP state. If IS-IS authentication is enabled, the IS-IS peer would need to use a valid key to exploit this vulnerability. To determine the IS-IS peers on a switch, use the show isis adjacency CLI command.

show isis adjacency

IS-IS process: cody VRF: default IS-IS adjacency database: Legend: '!': No AF level connectivity in given topology System ID SNPA Level State Hold Time Interface 2222.abcd.2002 6879.0913.5ed7 1 UP 00:00:09 Ethernet1/48 2222.abcd.2002 6879.0913.5ed7 2 UP 00:00:09 Ethernet1/48Products Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

Firepower 1000 Series Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances MDS 9000 Series Multilayer Switches Nexus 1000 Virtual Edge for VMware...