Cisco Blogs


Cisco Blog > Security

Improvements to Cisco’s Security Vulnerability Disclosures

Cisco is committed to protecting customers by sharing critical security-related information in different formats. Guided by customer feedback, Cisco’s Product Security Incident Response Team (PSIRT) is seeking ways to improve how we communicate information about Cisco product vulnerabilities to our Customers and Partners.  As John Stewart mentioned on his blog post, the Cisco PSIRT has launched a new and improved security vulnerability disclosure format. The new Cisco Security Advisories can be accessed at http://www.cisco.com/go/psirt and at http://cisco.com/security

The intent is to make it easier for Customers and Partners to access information about all security vulnerabilities in Cisco products. Each vulnerability disclosed through our new security advisories are assigned a Common Vulnerability and Exposures (CVE) identifier to aid in identification. Additionally, Cisco will continue to assess all vulnerabilities using the Common Vulnerability Scoring System (CVSS). Check out the sites for CVE, CVSS, and this CVSS scoring calculator if these terms are relatively new to you or you simply need a refresher.

Read More »

Tags: , , , , , , , , ,

It’s That Time Again—Announcing the Cisco IOS & XE Software Security Advisory Bundled Publication

Today, we released the last Cisco IOS & XE Software Security Advisory Bundled Publication of 2015. As a reminder, Cisco discloses IOS vulnerabilities on a predictable schedule (the fourth Wednesday of March and September each calendar year).  Last cycle, we began including Cisco Security Advisories addressing vulnerabilities in Cisco IOS XE Software in this publication.  This change was a direct result of your feedback, and we hope the timeline and additional “bundling” continues to allow organizations to plan and ensure resources are available to analyze, test, and remediate vulnerabilities in their environments.

Today’s edition of the Cisco IOS & XE Software Security Advisory Bundled Publication includes three advisories that affect the following technologies:

  • IPv6 First-Hop Security
  • SSH Version 2 (SSHv2)
  • Cisco IOS XE Software

You may recall that Cisco announced enhancements to the Cisco IOS Software Checker last year. As my colleague Kevin Saling shared, the tool can display first-fixed software release data based on the combination of Cisco IOS Software releases and Cisco Security Advisories selected. Users can now quickly identify the first release that addresses all vulnerabilities disclosed in the selected advisories.   Read More »

Tags: , , , ,

Announcing the First Cisco IOS Software and IOS XE Software Security Advisory Bundled Publication

Today, we released the first ever Cisco IOS Software and IOS XE Software Security Advisory Bundled Publication. As a reminder, Cisco discloses IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year). In direct response to your feedback, we have also included a Cisco Security Advisory addressing vulnerabilities in Cisco IOS XE Software in this publication. We hope this timeline and additional “bundling” continues to allow your organization to plan and ensure resources are available to analyze, test, and remediate vulnerabilities in your environments.

Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes seven advisories that affect the following technologies:
Read More »

Tags: , , , ,

Announcing the Cisco IOS Software Security Advisory Bundled Publication

Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan and help ensure resources are available to analyze, test, and remediate vulnerabilities in your environments.

Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes six advisories that affect the following technologies:

  • Resource Reservation Protocol (RSVP)
  • Metadata
  • Multicast Domain Name System (mDNS)
  • Session Initiation Protocol (SIP)
  • DHCP version 6 (DHCPv6)
  • Network Address Translation (NAT)

Read More »

Tags: , , , , , ,

T-7 Days to Improved Cisco IOS Security

The Cisco IOS Software Security Advisory Bundled Publication will go live in seven days and this time we will have an important update to the Cisco IOS Software Checker to go along with it.

As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our advisories, vulnerabilities scheduled for disclosure in these upcoming Security Advisories will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0 Read More »

Tags: , , , , , ,