Hi,

Yermander · ‎02-01-2017

I am often looking to remdiate vulnerabilties across our cisco estate. One vulnerabilty I am working with at the moment is trying to address machines on our network that are running telnet.

To remediate this I am looking to enable ssh and disable telnet but often when I log on to a device I can check its IOS version or what software it is running then use the cisco feature navigator tool to determine whether that version of code supports ssh, or I can also run a 'sh ip ssh' and wait for the 'invalid input ^...' response

What I would really like would be a tool that would match up what versions of code are supported on what box. So for a 2950 switch I could enter in Hardware Platform: Cisco 2950 and get versions of code which will run on this platform then I could hopefully determine from the software version name what feature sets are supported and whether I can upgrade the code to remediate the vulnerability.

Is such a tool or similar available anywhere? Any help or a push in the right direction appreciated. TIA!

konstantinoschiotakis · ‎02-01-2017

Hi,

I believe cisco feature navigator can do that for you based on the platform (if i understood what you need).

For example on the page you get when you click the link below, you get a page where you can specify "software type" and select platform from the radio buttons. After you choose platform, major release, release and featset you get a list of all supported features for the release.

http://cfn.cloudapps.cisco.com/ITDIT/CFN/jsp/SearchBySoftware.jsp

I hope this is what you need.

Cheers,

Anyway way to determine what software versions will run on which Cisco hardware platforms