We have two 4351 ISRs that were running Everest 16.6.5 IOS that a security scan showed had this vulnerability even without the REST API being installed and activated. We upgraded to the referenced fixed IOS 16.6.6 however our scans still show this vulnerability active. Any thoughts?
Solved! Go to Solution.
We never installed/configured the REST API so the command isn't available. However Nessus is still being triggered on this vulnerability. Unfortunately Nessus doesn't show an output for what criteria is matching for this vulnerability. It even shows the IOS version 16.6.6 which in the Bug Report is listed as a fixed version.
vasi version vlan vlan-autoconfig
vlan-range vlans vmi vnet
vpdn vrf vrrp vrrs
% Unrecognized command