Vulnerable Products:
At the time of publication, this vulnerability affected the following products if they were running a vulnerable release of Cisco IOS XR Software and had a hybrid IPv4 ACL configured with compress level 3 that matches specific characteristics:
IOS XR White box (IOSXRWBD) Network Convergence Series (NCS) 540 Series Routers NCS 560 Series Routers NCS 5500 Series NCS 5700 Series
For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software ["#fs"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
Determine Whether a Hybrid IPv4 ACL is Vulnerable
To determine whether a hybrid IPv4 ACL is configured, use the show running-config | include ipv4 access-group .* compress level 3 CLI command. If the command returns output, a hybrid IPv4 ACL is configured, as shown in the following example:
RP/0/RP0/CPU0:Router#show running-config | include ipv4 access-group .* compress level 3 Wed Mar 12 16:00:00.000 UTC Building configuration... ipv4 access-group IngressACL ingress compress level 3 RP/0/RP0/CPU0:Router#
If it is not configured, the device is not affected by this vulnerability.
If it is configured, proceed to Step 2.
To examine the contents of each hybrid ACL that was identified in the previous step, use the show access-list <Name of ACL> CLI command. If the number of different source network object groups is 32 or more or if the number of different destination network object groups is 32 or more, proceed to Step 3. If the number is less than 32, the ACL is not affected by this vulnerability.
The following example shows 33 access control entries (ACEs) with 33 unique source network object groups and 33 unique destination network object groups:
RP/0/RP0/CPU0:Router#show...
6.5.16.5.26.5.36.5.926.5.936.6.16.6.26.6.256.6.36.6.4+33 moreExploitability
AV:NAC:HPR:NUI:NScope
S:CImpact
C:NI:LA:N4.0/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N