Advisories do not compare affected software versions of a security advisory with the ones used in the environment. A recent example is CVE-2024-6387, which just affects IOS XE 17.14, and is fixed in 17.15.1 Devices running IOS XE 17.9.x are flagged as potentially affected, but clearly cannot be affected at all. The platform (which we pay for) should reduce manual work, not just present the same things differently. The expectation is that the manual work to compare security advisories with the environment is no longer needed, especially for such basic things like software versions. This is the promise of the service, where it currently lacks real benefit. I even expect it to verify if I am using affected features in my environment based on the information DNAC/CCC has. I also would like to see that acknowledgements made in the CX portal are automatically reflected in the Security Advisories section of DNAC/CCC and vice versa. I was told in SR 697979885 that the current state is not a bug, but that everything works as designed, and asked to share my feedback in this portal.
... View more