Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
551
Views
0
Helpful
1
Replies

Mismatch in the logic for Vulnerability vs Bugs against an OS version

SDIRnDGroup12151
Level 1
Level 1

‎04-19-2021 08:12 PM

Hi Team,

          We are looking to determine which Vulnerabilities(CVE) apply against an OS version: say IOS-XE 16.9.2

If we search via the software checker or the PSIRT API , we get the vulnerability Cisco IOS XE Software Arbitrary Code Execution Vulnerability as part of the result, but if we look into this vulnerability and its associated bugId BugId CSCvs58715 which only has 17.2 as its only known affected release.

 

Can you explain the logic behind this ?

Thanks

 

1. Cisco Security Software checker result for 16.9.2

image.png

2. Cisco vulnerability Result

image.png

3,. Cisco Bug's Known affected version

image.png

Labels:
0 Helpful
1 Reply 1

Leo Laohoo
Hall of Fame
Hall of Fame

‎04-19-2021 09:28 PM

Never (ever) trust information in the Bug ID

If you have a valid Service Contract, then raise a TAC Case to get the most updated information.  

0 Helpful
Customers Also Viewed These Support Documents