10-26-2021 12:49 PM
Hi, i ran a system diagnostic on a few devices and the vulnerabilities that came up did not align with what i found on on the Cisco Security Cisco Software Checker. Then to complicate things even more the bug lookup tool only is showing IOS-XE data. So now i don't know what to believe if my device is vulnerable or not.
10-27-2021 10:13 AM
Hello @grambo1980
The data shared through the CLI Analyzer is determined by your device configuration rather than just a generic SW version or device PID. The system diagnostics should be the most current data regarding your device.
Thank you
10-27-2021 10:35 AM
Hi, i agree it /should/ be. But the results i'm seeing look unreliable.
Take the DHCP one for example. Bug CSCuw77959 & CSCsm45390. This is a security bulletin from 2017. In the CSCsm45390 bug details you see that it is fix in 15.5(1)SY1. We are running SY4.
Then the second output cscvy28508 || Enable speed command for 1G SFP on C9400. This is a 6880, why is it identifying a bug that affects a cat9k?
Then it doesn't detail the arp exhaustion issue, which is pretty light on technical details to be honest. But that sounds like it's a pretty basic feature set.
On top of the bug tool only reporting IOS-XE data for almost 95% of the bugs i've looked at. So yes, it should be the most reliable, but i'm questioning it's accuracy as it does not look right.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide