Hi Guys, I hope this is the right place to ask this question.

I have been asked to review our small Cisco Router, Firewall and Switch environment with a view to finding software that have existing CVE / vulnerabilities. My question is for instance, I have a 2811 router running 15.1(4)M. If I look in the CVE database https://www.cvedetails.com/vulnerability-list/vendor_id-16/product_id-19/version_id-115683/Cisco-IOS-15.1-4-m.html  there are verious issues with this software.

My problem in this situation is that i cant seem to even find a place to go and get an updated IOS, I aggree that the device is EOL/EOS but should i not still be able to get fixed software?