10-28-2019 11:01 AM
Hello Team,
We have identified Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities on our cisco Devices switch 3750. (Refer CVE ID: CVE-2017-3862 for more information)
The current version we have on our Cisco Switch 3750 Device is Cisco IOS 12.2(55)SE12, RELEASE SOFTWARE (fc2).
As per our previous discussion, the exact model of the switch 3750 cannot load anything higher than 12.2(58) SE because it is a train wreck. However, 12.2(55) SE train is a very, very well-known version because it is very stable and reliable.
Kindly let us know is there any upgrade version is available to remediate this vulnerability: Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities on cisco devices.
As per workaround we already disable the EnergyWise vulnerable on our device, but still, it is flagging on our devices because we are using this IOS version: Cisco IOS 12.2(55)SE12, RELEASE SOFTWARE (fc2). (Refer Attachment)
As per Qualys support team update:
(After reviewing the scan data, your host being flagged for QID 316111 is showing in the result section: OS obtained: Cisco IOS 12.2(55)SE12, RELEASE SOFTWARE (fc2.) Using the Cisco IOS Software Checker I did see that this version of Cisco IOS is vulnerable to the Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities associated with QID 316111. Please provide screenshots showing the host has a different version of Cisco IOS 12.2(55)SE12 if the detection logic for the QID is incorrect.)
10-28-2019 01:55 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide