Check your ASR 1000s...

deanwebb · July 30, 2015, 12:12:55 PM

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k

Not a bad vulnerability, but still a vulnerability.

netspork · July 31, 2015, 01:37:25 PM

I'll save you a click, here's the list. I was so happy to see 3.x wasn't affected that I thought I'd do share by table-ifying this info.

This vulnerability has been fixed in the following Cisco IOS XE Software versions:

Cisco IOS XE Software Train	First Fixed Release
2.1	Vulnerable; migrate to 2.5.1 or later.
2.2	Vulnerable; migrate to 2.5.1 or later.
2.3	Vulnerable; migrate to 2.5.1 or later.
2.4	2.4.3
2.5	2.5.1
2.6	Not vulnerable
Any 3.x train.	Not vulnerable

icecream-guy · July 31, 2015, 02:10:40 PM

How do you verify that you are running IOS XE ? my bin file is

asr1000rp1-adventerprisek9.03.07.06.S.152-4.S6.bin

show ver says not much, but

ROM: IOS-XE ROMMON

commands are very IOS like.

netspork · July 31, 2015, 03:24:56 PM

Mine shows in the first line of output:

l3-1002x#sh ver
Cisco IOS XE Software, Version 03.10.02.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(3)S1, RELEASE SOFTWARE (fc3)

srg · July 31, 2015, 03:28:15 PM

Quote from: ristau5741 on July 31, 2015, 02:10:40 PM
How do you verify that you are running IOS XE ? my bin file is

asr1000rp1-adventerprisek9.03.07.06.S.152-4.S6.bin

show ver says not much, but

ROM: IOS-XE ROMMON

commands are very IOS like.

asr1000rp1-adventerprisek9.03.07.06.S.152-4.S6.bin

Check your ASR 1000s...

deanwebb

netspork

icecream-guy

netspork

srg