Solved: Re: WS-C4507R+E vulnerability issue - Page 2

sankardevarajan1986 · ‎01-06-2019

Running image cat4500-ipbasek9-mz.150-2.SG11.bin we have faced vulnerabilities

CVE-2015-6375

CVE-2015-0204

CVE-2017-3881

cisco-sa-20170419

cisco-sa-20170629

CVE-2017-6770

CVE-2017-12240

CVE-2018-0174

CVE-2018-0175

CVE-2018-0172

CVE-2018-0173

CVE-2018-0167

CVE-2018-15369

CVE-2018-15373

CVE-2018-0197

CVE-2018-0475

i had checked all CVE ids there is no work around. also installed image latest only. how can i fix this issue any one help this bug fix?

sankardevarajan1986 · ‎01-08-2019

Thank you for updating. I agree with your reports. May i know is there any option without replacement of hardware.

Seb Rupik · ‎01-08-2019

Your only option would be to remove some of the offending features. TACACS could be swapped for RADIUS, DHCP relay implemented on another device.

Beyond that, you need to evaluate how exposed you are to malicious actors who could attack you. If you are routing guest traffic through the switch, then you have no control the devices. However if all your traffic is fro enterprise devices, (ie locked down, unable to install unauthorised software) then it is unlikely you could be attacked.

If your organisation values data security, flag these issues with the to show you have evaluated the situation, make a hardware upgrade recommendation and leave it in managements hands. If a security breach occurs as a result of these flagged vulnerabilities, you have done all you can, it will be their head that rolls.

cheers,

Seb.