CISCO-SA-SISF-DOS-ZGWT4DDY

Vulnerable Products:

This vulnerability affects Cisco products if they are running a vulnerable release of the following Cisco Software and have SISF enabled:

IOS Software (CSCwk04230 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk04230"]) IOS XE Software (CSCvq14413 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq14413"]) IOS XE Software for WLCs (CSCvo13585 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo13585"])1 WLC AireOS Software (CSCwj88828 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj88828"])

1. For Cisco IOS XE Software for WLCs, releases 16.11 and earlier are the only vulnerable releases, and they have reached End of Support. See the Fixed Software ["#fs"] section of this advisory for more information.

This vulnerability also affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have SISF enabled:

Nexus 3000 Series Switches (CSCwk02672 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk02672"]) Nexus 7000 Series Switches (CSCwk02785 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk02785"]) Nexus 9000 Series Switches in standalone NX-OS mode (CSCwk02672 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk02672"])

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine the Device Configuration Cisco IOS and IOS XE Software

In Cisco IOS Software and Cisco IOS XE Software, SISF is not enabled by default. To determine whether a device has SISF enabled, use the show device-tracking policies or show ipv6 snooping policies CLI command (it may vary depending on the software release). If there are any policies listed in the output, SISF is enabled. The following examples show samples of the output when these commands are issued on an affected device:

switch# show device-tracking policies Target Type Policy Feature Target range vlan...