Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
5
Helpful
1
Replies

Vulnerabilities affecting device versus release

Go to solution
CatsAndIT
Level 1
Level 1

‎04-28-2021 06:17 AM

Hello!

 

Just trying to better understand the Cisco Bug reports found with the Bug Search Tool.

 

At the bottom under "Details", each bug report shows "Product:" as well as a column for "Known Affected Releases".

 

My question is: If I am using a product that is NOT listed under "Product:", but IS using an IOS/IOS XE/IOS XR listed under "Known Affected Releases:", is the device considered vulnerable, or do both conditions under "Product:" AND "Known Affected Releases:" need to be met in order to be considered vulnerable?

 

Thank you!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎04-28-2021 06:35 PM - edited ‎04-28-2021 06:35 PM

@CatsAndIT wrote:

At the bottom under "Details", each bug report shows "Product:" as well as a column for "Known Affected Releases".

My question is: If I am using a product that is NOT listed under "Product:", but IS using an IOS/IOS XE/IOS XR listed under "Known Affected Releases:", is the device considered vulnerable, or do both conditions under "Product:" AND "Known Affected Releases:" need to be met in order to be considered vulnerable?

Cisco has just shamelessly demonstrated how "useless" information in Bug IDs are.   This is why I never, ever, "trust" information found in Bug IDs because they tend to be incorrect and unreliable.  

Go to the Cisco Security Advisory page for more up-to-date information.

View solution in original post

1 Reply 1

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎04-28-2021 06:35 PM - edited ‎04-28-2021 06:35 PM

@CatsAndIT wrote:

At the bottom under "Details", each bug report shows "Product:" as well as a column for "Known Affected Releases".

My question is: If I am using a product that is NOT listed under "Product:", but IS using an IOS/IOS XE/IOS XR listed under "Known Affected Releases:", is the device considered vulnerable, or do both conditions under "Product:" AND "Known Affected Releases:" need to be met in order to be considered vulnerable?

Cisco has just shamelessly demonstrated how "useless" information in Bug IDs are.   This is why I never, ever, "trust" information found in Bug IDs because they tend to be incorrect and unreliable.  

Go to the Cisco Security Advisory page for more up-to-date information.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents