IOSISR XE4000 Series router must have IP source routing disabled.
Source routing is a feature of IP, whereby individual packets can specify routes. This feature is used in several different network attacks by bypassing perimeter and internal defense mechanisms.
Configure the Cisco
IOSISR XE4000 Series router to disable IP source routing, using the command below:
ISR4000(config)#no ip source-route
Review the configuration of the Cisco
IOSISR XE4000 Series router to determine if source routing is enabled.
If "ip source-routing" is in the configuration then it is enabled, this is a finding.