Cisco has
released free software updates that address the vulnerability described
in this advisory. Customers may only install and expect support for
software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they
have a valid license, procured from Cisco directly, or through a Cisco
authorized reseller or partner. In most cases this will be a maintenance
upgrade to software that was previously purchased. Free security
software updates do not entitle customers to a new software license,
additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to
regularly consult the advisories for Cisco products, which are available
from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and
software configurations will continue to be supported properly by the
new release. If the information is not clear, customers are advised to
contact the Cisco Technical Assistance Center (TAC) or their contracted
maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco
service contract and customers who make purchases through third-party
vendors but are unsuccessful in obtaining fixed software through their
point of sale should obtain upgrades by contacting the Cisco TAC:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be
prepared to provide the URL of this advisory as evidence of entitlement
to a free upgrade.
Cisco IOS Software
To help customers determine their exposure to vulnerabilities in Cisco IOS Software, Cisco provides a tool, the Cisco IOS Software Checker,
that identifies any Cisco Security Advisories that impact a specific
Cisco IOS Software release and the earliest release that fixes the
vulnerabilities described in each advisory (“First Fixed”). If
applicable, the tool also returns the earliest release that fixes all
the vulnerabilities described in all the advisories identified
(“Combined First Fixed”).
Customers can use this tool to perform the following tasks:
- Initiate a search by choosing one or more releases from a
drop-down menu or uploading a file from a local system for the tool to
parse
- Enter the output of the show version command for the tool to parse
- Create a custom search by including all previously
published Cisco Security Advisories, a specific advisory, or all
advisories in the most recent bundled publication
To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com or enter a Cisco IOS Software release—for example, 15.1(4)M2—in the following field: