Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
1
Replies

CSCuz84773 - Unauthenticated HTTP Header Injection in CAF

petr.harth
Level 1
Level 1

‎09-22-2016 07:04 AM - edited ‎03-20-2019 09:04 PM

Dear Cisco,

Can you please explain exactly what devices and versions are vulnerable and what are the fixes?

In https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf1 there is written:

"Vulnerable Products

Cisco IOS and IOS XE Software with the IOx feature set are affected by this vulnerability."
-> does it mean that all IOS versions are vulnerable or only IOS with IOx is vulnerable?
In https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz84773 affected releases say only this:
Known Affected Releases:
(1)
1.0(0)
What type of IOS is that version?
There are no fixed releases exposed.
Thank you in advance for your answer.
Petr Harth, email: petr.harth@cz.ibm.com
Network Service Delivery team IBM, Brno, Czech Republic

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Chirag Vinchhi
Level 1
Level 1

‎10-24-2016 05:35 AM

Affects IOS products where Ox(Linux guest operating system [GOS]) is enabled by configuring the iox subsystem of IOS XE.
To see if IOx is configured use the show run | inc iox command.

That’s going to show you the version and if the version’s 1.0.0, then the product is affected.

The output does not yield output, IOx is not enabled, therefore not affected.

Hope that clarifies.

0 Helpful
Customers Also Viewed These Support Documents