CISCO-SA-SB-LKM-ZNERZJBZ

Vulnerable Products:

This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IOS XR Software, regardless of device configuration:

ASR 9000 Series Aggregation Services Routers (64-bit) IOS XRv 9000 Routers Network Convergence System (NCS) 540 Series Routers that are running an NCS540-iosxr base image NCS 560 Series Routers NCS 1000 Series NCS 5000 Series Routers NCS 5500 Series Routers

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.Products Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

IOS Software IOS XE Software NX-OS SoftwareWorkarounds:

There are no workarounds that address this vulnerability.Fixed Software:

Cisco has released free software updates ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu"] that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.

Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"]

Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously...