In the case of the NAT Virtual Interface, the ip nat enable interface command will be present. If NAT is active on the device, the output will include the ip nat inside and ip nat outside interface commands. To determine whether NAT commands are present in the device configuration, issue the show running-config command in the CLI. If the output of the show ip nat statistics command does not list any interfaces, NAT is not active on the device.ĭetermine Whether NAT Commands are Present Total active translations: 1 (0 static, 1 dynamic 0 extended) The following example shows the output of the show ip nat statistics command for a device on which NAT is active: Router# show ip nat statistics If NAT is active, the Outside interfaces and Inside interfaces sections of the command output will include at least one interface. To determine whether NAT is active on a device, log in to the device and issue the show ip nat statistics command in the CLI.
Determine Whether a Device is Configured to Perform NATĪdministrators can determine whether NAT is active on the device (preferred) or whether NAT commands are present in the device configuration.
WHAT IS CISCO IOS XE SOFTWARE
The H.323 ALG is enabled by default when NAT is configured.įor information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. For a complete list of the advisories and links to them, see Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.Īt the time of publication, this vulnerability affected Cisco devices if they were running a vulnerable release of Cisco IOS XE Software, were configured for NAT, and had the H.323 ALG enabled. This advisory is part of the September 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. This advisory is available at the following link: There are no workarounds that address this vulnerability. Note: This vulnerability has been publicly discussed as NAT Slipstreaming.Ĭisco has released software updates that address this vulnerability. A successful exploit could allow the attacker to bypass the ALG and open connections that should not be allowed to a remote device located behind the ALG. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device. This vulnerability is due to insufficient data validation of traffic that is traversing the ALG. A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG.
0 kommentar(er)
