Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
1
Replies

Vulnerabilities and Firmware version

jwoodward
Level 1
Level 1

‎04-11-2017 09:27 AM - edited ‎03-10-2019 12:48 AM

I'm posting here as Cisco Support hasn't been of much use to me, i'm hoping someone in the wider world will.  One of my clients has to comply with PCI regulations for credit card purchases.  Due to a very long story that I won't bore you with they decided to get a Cisco C899 LTE router. After getting it to the latest recommended version, 15.6(3)M1, we scanned our PCI Compliance and we are supposed to for any network change.  It came back failed due to two vulnerabilities supposedly present in our versions of the software.  Bug Ids for the Vulns are below

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb16274

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz59223

According to the Scan we need to update to 15.6(3.0p)M for one and 15.6(3.0q)M for another.  Cisco Support has informed me that 15.6(3)M1 is a later update to those versions, but cannot provide proof or documentation to that effect.  Without that documentation the PCI Scanning company won't pass us for compliance which is a financial issue for that client.

I'm really hoping someone out there can help me track down the necessary Change Log or update documentation. I apologize if i'm posting this in the wrong place, it wasn't plainly obvious to me.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Leo Laohoo
Hall of Fame
Hall of Fame

‎04-11-2017 01:56 PM

15.6(3.0q)M

This is a beta version. 

Ask TAC if they know when th fix to the two vulnerabilities will be released.

0 Helpful
Customers Also Viewed These Support Documents