I am often looking to remdiate vulnerabilties across our cisco estate. One vulnerabilty I am working with at the moment is trying to address machines on our network that are running telnet.
To remediate this I am looking to enable ssh and disable telnet but often when I log on to a device I can check its IOS version or what software it is running then use the cisco feature navigator tool to determine whether that version of code supports ssh, or I can also run a 'sh ip ssh' and wait for the 'invalid input ^...' response
What I would really like would be a tool that would match up what versions of code are supported on what box. So for a 2950 switch I could enter in Hardware Platform: Cisco 2950 and get versions of code which will run on this platform then I could hopefully determine from the software version name what feature sets are supported and whether I can upgrade the code to remediate the vulnerability.
Is such a tool or similar available anywhere? Any help or a push in the right direction appreciated. TIA!