Embedded Linux OS

chels pann — Mon, 13 Oct 2025 05:46:23 GMT

Hi.

Will my Cisco products (those that are under support) be solely responsible by Cisco on the CVEs patches if Cisco is using end of support embedded Linux OS?

Re: Embedded Linux OS

Devaa — Mon, 13 Oct 2025 06:13:45 GMT

Hi @chels pann

Yes, Cisco will take care of security fix as long as the Hardware / Software has active support and contract. They may not guarantee to upgrade the EoL/EoS Linux OS as they may be using some customised version of it, but they will help to patch the security issue in it.

If you have any CVEs, review the Cisco security advisories if they have any fix or patch for that. If not, reach out Cisco TAC or PSIRT for solution.

As per below doc, All customers, regardless of support contract status, may be eligible to receive reasonable support for security incidents that impact them that involve Cisco products or services.

Customers with support contracts should follow their normal support process to engage Cisco. Any customer who does not hold a support contract must contact Cisco by telephone and request that a support case be opened on an exception basis. The customer should be prepared to share serial number(s), the software release, and a detailed description of the concern and request that the Cisco PSIRT be engaged.

Read below Cisco Security Vulnerability policy for more info.

Security Vulnerability Policy by Cisco PSIRT

https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html

Cisco Security Advisories

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

topic Re: Embedded Linux OS in Network Security

Embedded Linux OS

Re: Embedded Linux OS

Security Vulnerability Policy by Cisco PSIRT

Cisco Security Advisories