Today Cisco Security Intelligence Operations (SIO) has released its Semi-annual Cisco IOS Software Security Advisory Bundle, the second and final IOS bundle publication of 2012. Today’s release includes nine advisories, of which five have workarounds.
As in previous bundle publications, Cisco SIO has provided an array of security resources to help customers secure their networks. This collateral is not unique to bundle security advisories and instead is part of SIO’s response to current security events. Resources include:
- Event Responses: correlated security information related to events, such as the bundle, that link content, such as IntelliShield alerts, CVE IDs, and CVSS scores, to a particular security vulnerability
- IOS Software Checker Tool: a tool that enables customers to determine if Cisco IOS Software versions are affected by a security issue
- Security Advisories and Responses: detailed security vulnerability information related to Cisco products and networks
- Applied Mitigation Bulletins: techniques to detect and mitigate exploits on Cisco products.
- IPS Signatures: detect and block network threats.
We hope you find these resources helpful as you seek to determine whether your network is affected by today’s announcement.
Unique to this release is a newly implemented security automation capability for OVAL and CVRF. These capabilities will reduce the complexity in parsing technical data and enable customers to respond to security issues with greater efficiency.
For more information about SCAP/OVAL and CVRF, check out the following resources:
- Automating Cisco IOS Vulnerability Assessment Blog Post: an introduction to security automation and how Cisco is helping customers automate security vulnerability assessment
- Security Automation Using OVAL: a whitepaper that discusses security automation using OVAL and step-by-step instructions on how to use Cisco IOS OVAL content
- OVAL Frequently Asked Questions: a document where you can get answers to common questions about OVAL and Cisco IOS OVAL content
- The Missing Manual: CVRF 1.1: a white paper with detailed information about CVRF
The next Cisco IOS Software Security Advisory bundle is scheduled for release on the 27th of March 2013. Mark your calendar!