Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1535
Views
20
Helpful
4
Replies

CSCvg41950 - Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability

mikel63221
Level 1
Level 1

‎03-01-2018 12:21 PM - edited ‎03-20-2019 09:57 PM

So does this affect only the 16.7 code train or every IOS XE version (16.x and 3.16.x) before 16.8?

28 people had this problem
Labels:
4 Replies 4

akilla21
Level 1
Level 1

‎03-23-2018 05:48 AM

Has anyone confirmed the affected IOX XE train?

BrianRoberson
Level 1
Level 1

‎04-04-2018 08:28 AM

Nessus scans are showing it on 3.x and 16.x for us - is this why you are asking?  I don't see it being addressed or patched in the March 16.3.5 release either.

0 Helpful

akilla21
Level 1
Level 1
In response to BrianRoberson

‎04-04-2018 08:40 AM

Yes and No, I'm asking because my systems are not running the 16.3 train code. I'm using 15.xx, IOS XE train. But commonly, Cisco newly discovered bugs impacts older code, they just did express that when the code was released. Like Microsoft, we don't always push the latest version because of the new findings. I allow everyone else to experience the pain first.

sxnguyen
Cisco Employee
Cisco Employee
In response to akilla21

‎05-16-2018 12:45 PM

Hello:

 

according to CSCvg41950 release notes:

 

As of March 13th, 2017, all Cisco IOS XE software releases are affected by this vulnerability. 

 

As of today, the following trains have the fix or will have the fix when it releases.

 

16.8.1 

16.7(2) 

16.6(4)

16.5(2) 

16.3(7) 

next rebuild 3.16.8S should have fix to address the issue in 3.x trains.  

 

0 Helpful
Customers Also Viewed These Support Documents