Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1125
Views
0
Helpful
1
Replies

Cisco Carecerts & Bug Reports

paultrenter
Level 1
Level 1

‎08-13-2019 01:51 AM

A general question here.  Our customers often fire over these reports that they have been sent and ask us to see if they are vulnerable.

 

These reports list an affected version of the software, and a fixed release version.

 

My question is, most of the time the version we are running falls after the affected version, but before the fixed(as fixed is usually always the most recent patch).  So are vulnerable in this case?

 

For example, if a bug states that the affected version is CUCM 9x, and we are running 11x, are we ok to assume no action is required?

Labels:
0 Helpful
1 Reply 1

rickgardner
Level 4
Level 4

‎09-23-2020 09:41 PM

The bug will usually have the affected versions as well as the fixed versions if there is a fix.  You have to be running at least the fixed version or newer or you have the bug.

 

Ex if you have 7.1.2 and a bug comes out for 7.1.1 and is fixed in 7.1.4 then you have the bug.

0 Helpful
Customers Also Viewed These Support Documents