Security vulnerability Matrix?

mortonjes · ‎10-25-2010

Hello.

Is there a tool/matrix that lists the security vulnerabilities for any given version of code? i..e..I enter the code I'd like to look up and the vulnerabilities are listed?

Much thanks.

jm

Panos Kampanakis · ‎10-25-2010

http://www.cisco.com/en/US/products/products_security_advisories_listing.html has all the advisories.

But we don't have a per product version matrix. You can use the page above and search for ASA and then look in the version field of each vulnerability. But I am afraid there is no matric that summarizes all that information.

Regards,

PK

mortonjes · ‎10-25-2010

Thank you for your reply. The link you provided will be helpfu but I may have phrased my question wrong. I was looking for vulnerabilities for any type of IOS code. Not specific to ASA. (I apologize for any confusion.)

The problem is, last Friday I had stumbled upon a page on Cisco site but can't seem to find it today. This was the output from that page:

Affected 12.2-Based Releases	First Fixed Release	Recommended Release
12.2SXF	12.2(18)SXF16	12.2(18)SXF17; Available on 30-SEP-2009

Unfortunately, I didn't bookmark the page.

Thank you.

jm

Panos Kampanakis · ‎10-25-2010

You probably saw that in a vulnerability release itself. So, for example click on the top vulnerability "Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerabilities" on the page I mentioned. The go under the "Software Versions and Fixes" and you will see the matrix you mentioned. There is one in each vulnerability notice.

I hope it makes sense.

PK

mortonjes · ‎10-25-2010

Thank you for your quick response and assistance.

This was helpful.

Thank you.

jm

Panos Kampanakis · ‎10-25-2010

No problem.

If this is answered, please mark it for future reference for other users.

Take care,

PK