Cisco Catalyst 6000, 6500 and Cisco 7600 Series MPLS Packet Vulnerability

Cisco Catalyst 6500 series systems that are running certain versions of Cisco Internetwork Operating System (IOS) are vulnerable to an attack from a Multi Protocol Label Switching (MPLS) packet. Only the systems that are running in Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the Multilayer Switch Feature Card (MSFC)) or running with Cisco IOS Software Modularity are affected.

MPLS packets can only be sent from the local network segment.

In Hybrid Mode, a CatOS image is used as the system software to run the Supervisor Engine on the Catalyst systems. If an MSFC is installed, a separate IOS Software image is used in order to run the MSFC. CatOS provides the Layer 2 (L2) switching functionality. The Cisco IOS on the MSFC provides the Layer 3 (L3) routing functionality. It differs from the Native Mode, in which a single Cisco IOS Software image is used as the system software to run both the Supervisor Engine and MSFC on the Catalyst systems. IOS software that runs on MSFC in Hybrid Mode is also affected by this vulnerability.