Vulnerabilities and Firmware version
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2017 09:27 AM - edited 03-10-2019 12:48 AM
I'm posting here as Cisco Support hasn't been of much use to me, i'm hoping someone in the wider world will. One of my clients has to comply with PCI regulations for credit card purchases. Due to a very long story that I won't bore you with they decided to get a Cisco C899 LTE router. After getting it to the latest recommended version, 15.6(3)M1, we scanned our PCI Compliance and we are supposed to for any network change. It came back failed due to two vulnerabilities supposedly present in our versions of the software. Bug Ids for the Vulns are below
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb16274
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz59223
According to the Scan we need to update to 15.6(3.0p)M for one and 15.6(3.0q)M for another. Cisco Support has informed me that 15.6(3)M1 is a later update to those versions, but cannot provide proof or documentation to that effect. Without that documentation the PCI Scanning company won't pass us for compliance which is a financial issue for that client.
I'm really hoping someone out there can help me track down the necessary Change Log or update documentation. I apologize if i'm posting this in the wrong place, it wasn't plainly obvious to me.
- Labels:
-
Other Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2017 01:56 PM
15.6(3.0q)M
This is a beta version.
Ask TAC if they know when th fix to the two vulnerabilities will be released.
