CISCO-SA-XRSIG-UY4ZRUCG

Vulnerable Products:

This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IOS XR Software, regardless of device configuration:

ASR 9000 Series Aggregation Services Routers (64-bit) IOS XR White box (IOSXRWBD) IOS XRv 9000 Routers Network Convergence System (NCS) 540 Series Routers that are running an NCS 540-iosxr base image NCS 560 Series Routers NCS 1000 Series (NCS 1001, NCS 1002, and NCS 1004) NCS 5000 Series Routers NCS 5500 Series Routers NCS 5700 Series Line Cards and Routers that are running an NCS 5500 base image NCS 6000 Series Routers

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.Products Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

IOS Software IOS XE Software NX-OS Software

This vulnerability also does not affect Cisco IOS XR Software if it is running on the following Cisco devices:

8000 Series Routers NCS 540 Series Routers that are running an NCS 540L-iosxr base image NCS 1010 Platforms NCS 1014 Platforms NCS 5700 Series devices that are running an NCS 5700 base imageDetails:

To exploit this vulnerability, an attacker with root-system privileges on an affected device must install a modified .iso image and then activate the source. The fix to this vulnerability introduces additional checks of files in the .iso image to prevent unsigned files from being installed.

Customers should monitor their devices for unexpected downgrades from a fixed release because the fix is not applicable to older versions.

Cisco recommends validating software image integrity by comparing the MD5 or SHA512 checksum that is calculated for the image on the device to which it is destined to be installed with...