Re: CSCvd48893 - Cisco IOS and IOS XE Software CMP Remote Code Execution Vulnerability - CSCvd48893

3alee · ‎05-15-2017

Hello all, refer to captioned bug note, it shows the known affected release is 15.0(2)SE10 only.

However, according to the advisory,

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp

when I use the IOS checker to check other release (e.g.15.0(2)SE8, 15.0(2)SE4, etc), it says the release I entered is also affected by the captioned vulnerability.

So, which one is true? Thanks!

FNet · ‎07-01-2019

Hi,

I was told by Cisco TAC that the software checker is "the law" and the bug check articles are the initial findings based on opened cases.

The security advisory you linked shows a revision history (towards the bottom) that seems is kept up to date long after the bug is discovered and that references the software checker. The software checker is updated by PSIRT is what I was told and not the bug articles or advisories (other than the revision history).

Hope this helps.

CSCvd48893 - Cisco IOS and IOS XE Software CMP Remote Code Execution Vulnerability - CSCvd48893

回复： Cisco 3850: IOS-XE/Firmware Upgrade

CSCwo99449 - ISE Unauthenticated Remote Code Execution Vulnerability

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE

Cisco IOS XE Certificates Install/Regeneration

IOS-XE: Bug Trend IOS-XE CY2025 Q2 (4-6月)