10-07-2014 10:56 AM - edited 03-10-2019 12:18 AM
Hi,
I have a few questions regarding the versions released in the Cisco security advisories.
I'm looking over the affected products here: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
The affected/fix releases for Nexus 7000 switches are here: https://tools.cisco.com/bugsearch/bug/CSCuq98748
My questions are outlined below:
Solved! Go to Solution.
10-08-2014 12:39 AM
Hi
unfortunately I have just one answer and some new questions...
The answer regards question #2, about the decimal.
The decimal is given to "interim" releases. These releases are internal on Cisco and are not usually published on CCO (unless they are requested via a Service Request or special file access). For the "official" fix one should always look for the release with the first integer that follows the interim number.
Now for my question.
On the Bug Notes I read "All current versions of NX-OS on this platform are affected unless otherwise stated". Then on the "Known Affected Releases" only 8 are shown. I see two options to decode this two pieces of info:
A. ALL releases older that the 8 listed are vulnerable
B. Only the 8 listed are vulnerable
C. Only the 15 "Known fixed" or others more recent than those 15 are non vulnerable.
By just reading the case notes I cannot conclude for sure if a given release (as 6.2(2) for example) is vulnerable or not. Can someone from Cisco clear this?
Thanks and Regards
10-08-2014 12:39 AM
Hi
unfortunately I have just one answer and some new questions...
The answer regards question #2, about the decimal.
The decimal is given to "interim" releases. These releases are internal on Cisco and are not usually published on CCO (unless they are requested via a Service Request or special file access). For the "official" fix one should always look for the release with the first integer that follows the interim number.
Now for my question.
On the Bug Notes I read "All current versions of NX-OS on this platform are affected unless otherwise stated". Then on the "Known Affected Releases" only 8 are shown. I see two options to decode this two pieces of info:
A. ALL releases older that the 8 listed are vulnerable
B. Only the 8 listed are vulnerable
C. Only the 15 "Known fixed" or others more recent than those 15 are non vulnerable.
By just reading the case notes I cannot conclude for sure if a given release (as 6.2(2) for example) is vulnerable or not. Can someone from Cisco clear this?
Thanks and Regards
10-08-2014 08:24 AM
I have those same questions. Also the "fixed" releases are not in the general download section for the Nexus so how do you download those versions? we are running 6.2.2 also for the 7000's. Do you have to open a TAC case just to get the "fixed" releases ? Also for Nexus 5000 there is "0" fixed versions as of right now , when will those be available ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide