01-06-2019 11:22 PM - edited 03-08-2019 04:57 PM
Running image cat4500-ipbasek9-mz.150-2.SG11.bin we have faced vulnerabilities
CVE-2015-6375 |
CVE-2015-0204 |
CVE-2017-3881 |
cisco-sa-20170419 |
cisco-sa-20170629 |
CVE-2017-6770 |
CVE-2017-12240 |
CVE-2018-0174 |
CVE-2018-0175 |
CVE-2018-0172 |
CVE-2018-0173 |
CVE-2018-0167 |
CVE-2018-15369 |
CVE-2018-15373 |
CVE-2018-0197 |
CVE-2018-0475 |
i had checked all CVE ids there is no work around. also installed image latest only. how can i fix this issue any one help this bug fix?
Solved! Go to Solution.
01-08-2019 01:08 AM
Thank you for updating. I agree with your reports. May i know is there any option without replacement of hardware.
01-08-2019 01:35 AM
Your only option would be to remove some of the offending features. TACACS could be swapped for RADIUS, DHCP relay implemented on another device.
Beyond that, you need to evaluate how exposed you are to malicious actors who could attack you. If you are routing guest traffic through the switch, then you have no control the devices. However if all your traffic is fro enterprise devices, (ie locked down, unable to install unauthorised software) then it is unlikely you could be attacked.
If your organisation values data security, flag these issues with the to show you have evaluated the situation, make a hardware upgrade recommendation and leave it in managements hands. If a security breach occurs as a result of these flagged vulnerabilities, you have done all you can, it will be their head that rolls.
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide