CSCvd48893 - Cisco IOS and IOS XE Software CMP Remote Code Execution Vulnerability - CSCvd48893
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2017 05:07 PM - edited 03-20-2019 09:21 PM
Hello all, refer to captioned bug note, it shows the known affected release is 15.0(2)SE10 only.
However, according to the advisory,
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
when I use the IOS checker to check other release (e.g.15.0(2)SE8, 15.0(2)SE4, etc), it says the release I entered is also affected by the captioned vulnerability.
So, which one is true? Thanks!
- Labels:
-
Cisco Bugs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2019 01:30 PM
Hi,
I was told by Cisco TAC that the software checker is "the law" and the bug check articles are the initial findings based on opened cases.
The security advisory you linked shows a revision history (towards the bottom) that seems is kept up to date long after the bug is discovered and that references the software checker. The software checker is updated by PSIRT is what I was told and not the bug articles or advisories (other than the revision history).
Hope this helps.
