Hi onslaught99,

onslaught99 · ‎08-25-2016

Hello,

I saw that they revised the security notice for the SNMP vulnerability and listed the fixed software. I saw that 9.6.1(11) fixes this vulnerability but I only see (10) listed in the software downloads. I also noticed that Cisco has 9.6(2) released as of 8/24 but was curious if that version remedies the SNMP vulnerability as well. I reviewed the release notes and there is no mention of the SNMP vulnerability, at least that I can find. Can someone confirm that 9.6(2) fixes the SNMP vulnerability?

Thanks

JP Miranda Z · ‎08-25-2016

Hi onslaught99,

Actually on the Cisco Security Advisory for Extrabacon the 9.6.2 shows up as fixed:

Fixed Releases

Cisco ASA Major Release	First Fixed Release
7.2	Affected; migrate to 9.1.7(9) or later
8.0	Affected; migrate to 9.1.7(9) or later
8.1	Affected; migrate to 9.1.7(9) or later
8.2	Affected; migrate to 9.1.7(9) or later
8.3	Affected; migrate to 9.1.7(9) or later
8.4	Affected; migrate to 9.1.7(9) or later
8.5	Affected; migrate to 9.1.7(9) or later
8.6	Affected; migrate to 9.1.7(9) or later
8.7	Affected; migrate to 9.1.7(9) or later
9.0	9.0.4(40)
9.1	9.1.7(9)
9.2	9.2.4(14)
9.3	9.3.3(10)
9.4	9.4.3(8) ETA 8/26/2016
9.5	9.5(3) ETA 8/30/2016
9.6 (FTD)	9.6.1(11) / FTD 6.0.1(2)
9.6 (ASA)	9.6.2

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp

Hope this info helps!!

Rate if helps you!!

-JP-

Marvin Rhoads · ‎08-25-2016

Good point JP - although to be fair, that was updated after onslaught99 posted this morning.

:)

Extrabacon Vulnerability

Fixed Releases