Hi Team,
We are looking to determine which Vulnerabilities(CVE) apply against an OS version: say IOS-XE 16.9.2
If we search via the software checker or the PSIRT API , we get the vulnerability Cisco IOS XE Software Arbitrary Code Execution Vulnerability as part of the result, but if we look into this vulnerability and its associated bugId BugId CSCvs58715 which only has 17.2 as its only known affected release.
Can you explain the logic behind this ?
Thanks
1. Cisco Security Software checker result for 16.9.2
2. Cisco vulnerability Result
3,. Cisco Bug's Known affected version