Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2523
Views
0
Helpful
2
Replies

Cisco Router Patching

Jamie Behl
Level 1
Level 1

‎07-17-2015 10:22 AM - edited ‎03-08-2019 01:00 AM

We had an Audit of our system last week and the auditors requested the configuration of our routers.  We currently have an 1841 router at our location that is maintained by our ISP.  The configuration shows that it is running version 12.4 on its firmware.  The Auditors informed us that this version is from 2009.  I contacted our ISP Company (I removed their name below) to determine why they haven't been patched and received this response:

 

"Firmware and software updates are applied on an as needed basis, or upon request if there is a customer affecting issue.  ISP Company actively updates customer premise equipment firmware and software versions when recommended by the hardware vendors to resolve known issues.  ISP Company also reviews all customer requests for firmware and software updates, to ensure interoperability with existing systems. Before any changes are made, lab testing and regression testing must occur to ensure that one vendors updates will not conflict with another vendors hardware or software.   Once interoperability is confirmed, ISP Company will schedule a time to perform the necessary updates."

 

This seems like a security vulnerability would be covered as part of this statement.  Does Cisco have any documentation that states anything I could send to my ISP that states known issues would be fixed with particular update? Or anything that might help.  Thanks for any help!

 

Jamie

Labels:
0 Helpful
2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

‎07-19-2015 12:01 PM

Jamie,

It is not uncommon to see security vulnerability in IOS images special when there are a few years old.

Just identify the security vulnerabilities the auditors have found, send them to your ISP and have them upgrade to a version that does not contain the vulnerabilities.

HTH

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-20-2015 06:38 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Cisco will recommend updating IOS for some security issues, so those would seem to be covered by your ISP's statement.  (If fact, Cisco did [still does?] provide "free" IOS upgrades, for those without a current support contract, for really critical security issues.)

Understand, as auditors often don't, that software doesn't wear out, so just being "old" doesn't mean the software needs "patching".  Further, current software might be full of yet to be discovered flaws.

What your auditors should do, is identify the specific 12.4 release and review release notes and security advisories for "known" issues and determine if any are unacceptable.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card