Re: CSCvg39082 - Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability

james.gilson · ‎11-26-2019

Good morning,

For this bulletin, why is firmware version IOS 15.2(4)E6 not listed under Affected Releases, or Fixed Releases?

Did Cisco forget to add this firmware version to this bulletin?

Thank you

Leo Laohoo · ‎12-01-2019

Read Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability and scroll down to the bottom of the page where one can check if the IOS/IOS-XE is affected by this bug (or not).

james.gilson · ‎12-02-2019

Hi Leo,

That is the point of me posting this, it is not listed at the "bottom of the page where one can check if the IOS/IOS-XE is affected by this bug (or not)." The firmware version I mentioned in my post is skipped. It does not say if it is affected or not affected because it is not listed.

Leo Laohoo · ‎12-02-2019

I'd say raise a TAC Case and get TAC to provide a definitive answer.

I punched 15.2(4)E6 and it spat out a long list of vulnerabilities.

Very different output if, say, I entered 15.2(7)E.

james.gilson · ‎12-10-2019

Hi Leo,

I too punched in 15.2(4)E6 and the list of vulnerabilities did not include the one that I wrote this original post about, so I can only assume it is not affected by this specific vulnerability.

Prior to creating this post I tried to initiate a TAC case but since the product in question is EOL they would not let me create a case.

Just want someone at Cisco to acknowledge/explain why 15.2(4)E6 is not listed on the security advisory.

Thank you