security advisories

December 17, 2019

NETWORKING

Do You Know Where Your Network is Vulnerable?

1 min read

Cisco DNA Automation can make security more effective and easier to manage. Through Cisco DNA Center, you can get up-to-date advisories that can help identify potential vulnerabilities in your network.

September 27, 2017

SECURITY

September 2017 Cisco IOS & IOS XE Software Bundled Publication

2 min read

Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2017. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year).  Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]

September 21, 2017

SECURITY

CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 is Now Available

1 min read

I am pleased to announce that the OASIS CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 committee specification is now available. As covered in our previous blog posts, the purpose of the OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC) is to standardize the practices for structured machine-readable security vulnerability-related advisories. The CSAF TC is focusing […]

March 22, 2017

SECURITY

March 2017 Cisco IOS & IOS XE Software Bundled Publication

2 min read

Today, we released the first Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2017. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year).  Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]

January 24, 2017

SECURITY

Keeping Up with Security Vulnerability Disclosures with the Cisco PSIRT openVuln API

3 min read

The Cisco PSIRT openVuln API is a RESTful API that allows customers to obtain Cisco security vulnerability information in different machine-consumable formats. It supports industrywide security standards such as the Common Vulnerability Reporting Framework (CVRF), Open Vulnerability and Assessment Language (OVAL), Common Vulnerability and Exposure (CVE) identifiers, Common Weakness Enumeration (CWE), and the Common Vulnerability Scoring System (CVSS). This API […]

October 31, 2016

SECURITY

The Evolution of Scoring Security Vulnerabilities: The Sequel

3 min read

Back in April, I wrote a blog post about the new version of the Common Vulnerability Scoring System (CVSS). The changes made for CVSSv3 addressed some of the challenges that existed in CVSSv2. For example, CVSSv3 analyzes the scope of a vulnerability and identifies the privileges an attacker needs to exploit it. The CVSSv3 enhancements […]

September 28, 2016

SECURITY

September 2016 Cisco IOS & IOS XE Software Bundled Publication

1 min read

Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2016. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year).  Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]

March 23, 2016

SECURITY

Cisco IOS & IOS XE Bundled Publication and IOS Software Checker Updates

2 min read

Today, we released the first of two semiannual Cisco IOS & XE Software Security Advisory Bundled Publications of 2016. (As a reminder, Cisco discloses IOS & XE vulnerabilities on a predictable schedule—the fourth Wednesday of March and September in each calendar year).   Today’s edition of the Cisco IOS & XE Software Security Advisory Bundled Publication includes […]

October 5, 2015

SECURITY

Improvements to Cisco’s Security Vulnerability Disclosures

5 min read

Cisco is committed to protecting customers by sharing critical security-related information in different formats. Guided by customer feedback, Cisco’s Product Security Incident Response Team (PSIRT) is seeking ways to improve how we communicate information about Cisco product vulnerabilities to our Customers and Partners.  As John Stewart mentioned on his blog post, the Cisco PSIRT has launched a […]