Hello mubangaclinton,
I want to thank you for purchasing our products and trust in our technology to support your network.
While at a first glance your inquiry has some backwards, We understand our customers and potential customers want the best value of our products and it is our mission to work in the security and stability of them.
Having said that, your current IOS-XE 16.6.6 is affected by the following major CVEs:
1. Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
2. Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
3. Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-anidos
Based on our Security Vulnerability Policy which you can find below, you can bypass the SLA and received support from Cisco TAC to address these 3 security flaws, that includes a software upgrade to our latest stable IOS-XE code for your ISR-4k.
https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#ire
We look forward to make business with you in the future and empower your Cisco products with the assistance of our global engineers around the world.
Regards,
Eduardo
PD: This post does not support software piracy. I do not support any type of ilegal actions that attempt to damage any company or person.
