![cisco ios version ipv6 support cisco ios version ipv6 support](https://ipcisco.com/wp-content/uploads/2018/10/ipv6-static-route-ipcisco.jpg)
Identification of potentially hitting this vulnerability would be via small amounts of I/O memory being available as shown in the following example via the show memory summary CLI command: Transit IPv6 traffic will not trigger this vulnerability. The vulnerability is triggered when an affected device processes a malformed IPv6 packet. This vulnerability has been documented in Cisco bug ID CSCui59540 ( registered customers only), and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2014-2113 An exploit could allow the attacker to trigger I/O memory depletion, causing device instability and could cause a device to reload. An attacker could exploit this vulnerability by sending specially crafted IPv6 packets to the affected device. The vulnerability is due to incorrect processing of crafted IPv6 packets.
Cisco ios version ipv6 support software#
The following example identifies a Cisco product that is running Cisco IOS Software Release 15.2(4)M5 with an installed image name of C3900-UNIVERSALK9-M: Router> show versionĬisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), 15.2(4)M5, RELEASE SOFTWARE (fc2)Ĭopyright (c) 1986-2013 by Cisco Systems, Inc.Ĭompiled Fri 13-Sep-13 16:44 by prod_rel_team !- output truncatedĪdditional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide.ĭesigned by the Internet Engineering Task Force (IETF), IPv6 is intended to replace the current IP version (IPv4).Ī vulnerability in the implementation of the IPv6 protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on the affected device. Other Cisco devices do not have the show version command or may provide different output. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The following examples shows a vulnerable configuration with both present:Ī device running Cisco IOS Software or Cisco IOS XE Software with IPv6 enabled on a physical or logical interface is vulnerable even if ipv6 unicast-routing is globally disabled (that is, the device is not routing IPv6 packets). The IPv6 protocol is enabled if the interface configuration command ipv6 address or ipv6 enable is present in the configuration however, both may be present. The following example shows the output from the show ipv6 interface brief command issued on a device running Cisco IOS Software enabled for IPv6: The system is not vulnerable in either scenario. The show ipv6 interface brief command will produce an error message if the running version of Cisco IOS Software or Cisco IOS XE Software release does not support IPv6, or will not show any interfaces with IPv6 addresses if IPv6 is disabled. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:Ī Cisco device running an affected version of Cisco IOS Software or Cisco IOS XE Software release and has IPv6 enabled will show interfaces with assigned IPv6 addresses when the show ipv6 interface brief command is issued. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. All advisories address vulnerabilities in Cisco IOS Software. Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. This advisory is available at the following link: There are no workarounds to mitigate this vulnerability. The vulnerability is triggered when an affected device processes a malformed IPv6 packet.Ĭisco has released software updates that address this vulnerability. A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled.