Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3046
Views
5
Helpful
1
Replies

CSCvd48893 - Cisco IOS and IOS XE Software CMP Remote Code Execution Vulnerability - CSCvd48893

3alee
Level 1
Level 1

‎05-15-2017 05:07 PM - edited ‎03-20-2019 09:21 PM

Hello all, refer to captioned bug note, it shows the known affected release is 15.0(2)SE10 only.

However, according to the advisory,

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp

when I use the IOS checker to check other release (e.g.15.0(2)SE8, 15.0(2)SE4, etc), it says the release I entered is also affected by the captioned vulnerability. 

So, which one is true?  Thanks!

8 people had this problem
Labels:
0 Helpful
1 Reply 1

FNet
Level 1
Level 1

‎07-01-2019 01:30 PM

Hi,

 

I was told by Cisco TAC that the software checker is "the law" and the bug check articles are the initial findings based on opened cases.  

 

The security advisory you linked shows a revision history (towards the bottom) that seems is kept up to date long after the bug is discovered and that references the software checker.  The software checker is updated by PSIRT is what I was told and not the bug articles or advisories (other than the revision history).

 

Hope this helps.

Customers Also Viewed These Support Documents