Thanks!

omprakash.palakuru · ‎03-28-2017

HI All,

I want to check on my network for CMP vulnerability on IOS/IOS XE devices. I'm having more than 4000 switches installed and running in my production environment.

Could you please give me any suggestion to check all the devices, without logging into each and every device?

Thanks in Advance!

Prakash.

Mark Malone · ‎03-28-2017

Hi

You only need to check the ios-xe for vulnerability and turn it off in IOS completely as per doc

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp

Do you have management software that you can run commands from to your devices if you have that many switches , Prime can do it , just run the below it will rule out the known vulnerability for ios and you could also run a report for the show commands there suggesting to check the ios-xe and have it report back if a device is effected

line vty 0 15

no transport input telnet

no transport input all

transport input ssh

omprakash.palakuru · ‎03-28-2017

Hi Mark,

Appreciate your response!

I'm using solarwinds tool. can I do from this?

Thanks!

Mark Malone · ‎03-28-2017

I dont use solar winds personally just Prime and Live action for pushing configs and running reporting but I would think you can solarwinds is a powerful app

quick google says the NCM section can do it

https://support.solarwinds.com/Success_Center/Network_Configuration_Manager_(NCM)/How_to_use_NCM_to_make_config_changes_on_multiple_nodes

omprakash.palakuru · ‎03-28-2017

Thanks!

Will check with the tool.

How to check CMP telnet vulnerability