cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
580
Views
5
Helpful
1
Replies
CatsAndIT
Beginner

Vulnerabilities affecting device versus release

Hello!

 

Just trying to better understand the Cisco Bug reports found with the Bug Search Tool.

 

At the bottom under "Details", each bug report shows "Product:" as well as a column for "Known Affected Releases".

 

My question is: If I am using a product that is NOT listed under "Product:", but IS using an IOS/IOS XE/IOS XR listed under "Known Affected Releases:", is the device considered vulnerable, or do both conditions under "Product:" AND "Known Affected Releases:" need to be met in order to be considered vulnerable?

 

Thank you!

1 ACCEPTED SOLUTION

Accepted Solutions
Leo Laohoo
VIP Community Legend


@CatsAndIT wrote:

At the bottom under "Details", each bug report shows "Product:" as well as a column for "Known Affected Releases".

My question is: If I am using a product that is NOT listed under "Product:", but IS using an IOS/IOS XE/IOS XR listed under "Known Affected Releases:", is the device considered vulnerable, or do both conditions under "Product:" AND "Known Affected Releases:" need to be met in order to be considered vulnerable?


Cisco has just shamelessly demonstrated how "useless" information in Bug IDs are.   This is why I never, ever, "trust" information found in Bug IDs because they tend to be incorrect and unreliable.  

Go to the Cisco Security Advisory page for more up-to-date information.

View solution in original post

1 REPLY 1
Leo Laohoo
VIP Community Legend


@CatsAndIT wrote:

At the bottom under "Details", each bug report shows "Product:" as well as a column for "Known Affected Releases".

My question is: If I am using a product that is NOT listed under "Product:", but IS using an IOS/IOS XE/IOS XR listed under "Known Affected Releases:", is the device considered vulnerable, or do both conditions under "Product:" AND "Known Affected Releases:" need to be met in order to be considered vulnerable?


Cisco has just shamelessly demonstrated how "useless" information in Bug IDs are.   This is why I never, ever, "trust" information found in Bug IDs because they tend to be incorrect and unreliable.  

Go to the Cisco Security Advisory page for more up-to-date information.

View solution in original post