Today Cisco Security Intelligence Operations (SIO) has released its Semi-annual Cisco IOS Software Security Advisory Bundle, the second and final IOS bundle publication of 2012. Today’s release includes nine advisories, of which five have workarounds.
As in previous bundle publications, Cisco SIO has provided an array of security resources to help customers secure their networks. This collateral is not unique to bundle security advisories and instead is part of SIO’s response to current security events. Resources include: Read More »
Tags: Cisco, IOS, ios bundle, psirt, security, vulnerability
As previously discussed here on the Cisco Security blog, the Cisco Product Security Incident Response Team (PSIRT) follows a twice-per-year schedule for disclosing high-severity security vulnerabilities in Cisco IOS Software. The next Cisco IOS Software Security Advisory Bundle will be released on the 26th of September at 16:00 GMT. Our Security Vulnerability Policy describes the schedule best:
In direct response to customer feedback, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday 16:00 GMT of the month in March and September of each calendar year. This schedule applies to the disclosure of Cisco IOS Software vulnerabilities and does not apply to the disclosure of vulnerabilities in other Cisco products.
We offer several convenient and timely ways to learn of new
Cisco Security Advisories and Cisco Security Advisory Bundles.
Read More »
Tags: Cisco, Cisco Security, IOS, psirt, security, security advisories
Product security covers quite a broad spectrum of knowledge areas within the realm of technologies applied to enable communications in this highly connected world. However, there is a natural tendency to first focus on the basic capabilities of the product itself. But later, questions arise such as “Is the product in operation vulnerable and if yes, what are the next steps to protecting against the vulnerability?” or “What can I do if I suspect a security issue with a product?” As much as one would like to sustain 100% immunity against any vulnerability or issue, events happen, inherent product weaknesses are discovered or new attack vectors and methods arise to expose ways to compromise a product’s operation or behavior. At Cisco, the people that rapidly converge on such occurrences or the potential for such occurrences are the Incident Managers (IM) who reside at the core of the Product Security Incident Response Team (PSIRT) within Security Intelligence Operations (SIO). I think it is fascinating how well this team seamlessly executes with the precision, efficacy, and timeliness on a day-in-day-out basis covering a large array of complex hardware, software, and technologies. The IM focuses on driving the underlying processes around the discovery of security disclosures and issues related to Cisco products and networks. I hope you will find that this article provides you with an informative and personal perspective on the IM role that is integral to the ongoing efforts essential to protecting the Cisco customer.
Read More »
Tags: incident, incident response, psirt
Once again it’s time for Cisco’s semi-annual Cisco IOS Software Security Advisory Bundled Publication. Today’s edition of the bundle contains a total of nine IOS-related advisories and one non-IOS advisory for the Cisco Unified Communications Manager (CUCM) family of products. Included in the 10 Security Advisories are a total of 19 Cisco Bug IDs, each one representing an individual vulnerability.
Read More »
Tags: IOS, psirt, security, vulnerability
A new tool called the Cisco IOS Software Checker is now available on the Cisco Security Intelligence Operations (SIO) portal. This tool introduces a feature that has been long-requested from our customers and will make Cisco product security information much easier to consume and digest.
Security Advisories that are published by the Cisco Product Security Incident Response Team (PSIRT) provide detailed information about security vulnerabilities in Cisco products, including mitigations, affected products and vulnerable and fixed versions of software. Security Advisories affecting Cisco IOS include a table that provides a list of affected Cisco IOS release trains and fixed versions for those trains. Our customers have long asked us for ways to simplify identification of affected software in this table, and so we have developed the Cisco IOS Software Checker for this very purpose. This tool leverages our internal databases to easily provide affected software information without requiring you to manually process the fixed software table.
Read More »
Tags: psirt, security