Hi Rik,
The following Cisco IOS features may invoke the affected code and may be vulnerable:
- SSLVPN feature (for any platform running IOS) ("webvpn gateway")
- SSLVPN feature (for CSR1000V running IOS-XE) ("crypto ssl profile")
- HTTPS client feature ("copy https://..<https://../>. ...", DynDNS client, ...)
- Voice-XML HTTPS client feature
- HTTPS server feature ("ip http secure-server")
- CNS feature
- Settlement for Packet Telephony feature
- LDAPv3 client feature
- CMTS billing feature
So all versions can be affected but this is only applicable if one of the following features is activated on the device as listed above.
So you would need to migrate to a fix in the 15.x base to overcome this vulnerability.
Regards,
Aditya