Cisco iOS content

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Cisco iOS content

Evgeniy Pavlov
Dear Community!

We've found that the Cisco iOS content in the repository is not completed. I am going to create the missed part, but have a problem with determining the vulnerable versions. Information from Cisco Bugs Database is not completed. For example, 
https://tools.cisco.com/bugsearch/bug/CSCul46586 tells that only 15.4(0.3)T is vulnerable, but definition from Cisco Official Repository http://tools.cisco.com/security/center/ovalListing.x describes 55 vulnerable versions. So what is the source for vulnerable software versions? Could anyone help me?

-------
Evgeniy Pavlov,
SCAP-developer
Phone: +7(495)543-31-01 ext. 20
http://www.altex-soft.com/

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Evgeniy Pavlov ALTEX-SOFT
Reply | Threaded
Open this post in threaded view
|

Re: Cisco iOS content

Panos Kampanakis (pkampana)

Hi Evgeniy,

http://tools.cisco.com/security/center/ovalListing.x has the IOS vulnerable versions for each SA. The individual bugs from the Bug Toolkit do not include all the versions. If you want to check multiple versions and see Advisories they are susceptible to use the Software checker http://tools.cisco.com/security/center/selectIOSVersion.x

Panos

 

 

From: Evgeniy Pavlov [mailto:[hidden email]]
Sent: Thursday, December 04, 2014 2:59 AM
To: [hidden email]
Subject: [OVAL-DISCUSSION-LIST] Cisco iOS content

 

Dear Community!

 

We've found that the Cisco iOS content in the repository is not completed. I am going to create the missed part, but have a problem with determining the vulnerable versions. Information from Cisco Bugs Database is not completed. For example, 
https://tools.cisco.com/bugsearch/bug/CSCul46586 tells that only 15.4(0.3)T is vulnerable, but definition from Cisco Official Repository http://tools.cisco.com/security/center/ovalListing.x describes 55 vulnerable versions. So what is the source for vulnerable software versions? Could anyone help me?

 

-------
Evgeniy Pavlov,
SCAP-developer
Phone: +7(495)543-31-01 ext. 20

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

PGP.sig (487 bytes) Download Attachment