T-7 Days to Improved Cisco IOS Security
The Cisco IOS Software Security Advisory Bundled Publication will go live in seven days and this time we will have an important update to the Cisco IOS Software Checker to go along with it.
As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our advisories, vulnerabilities scheduled for disclosure in these upcoming Security Advisories will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0
Cisco IOS Software Checker Updates!
As Erin mentioned, probably the most important resource for determining your exposure is the Cisco IOS Software Checker. As you know, this tool is the quickest method to determine exposure to vulnerabilities in Cisco IOS Software. Just initiate a search by selecting releases from the drop-down menu or uploading a file from your local system. Results can be customized by searching against all the advisories in the September 2014 Bundled Publication, a specific publication, or all previously published Cisco Security Advisories.
It gets better… By popular demand, the updated Cisco IOS Software Checker will now provide information regarding “First Fixed Release” for each advisory, making it crystal clear the minimum release required to eliminate your exposure. If applicable, the tool will also return the earliest possible release that corrects all vulnerabilities in all displayed advisories – we’re calling it “Combined First Fixed”. It will help you quickly identify the first IOS release that addresses all issues disclosed in the selected advisories.
We will also be adding CSV file downloads to Cisco IOS Software Checker, making it even easier to import the data into your own tools.
Paul Oxman, Cisco PSIRT Incident Manager, created this detailed video tour of the Cisco IOS Software Checker. Be sure to watch this informative video and spend some time practicing with the tool before the bundled publication on September 24.
Those of you familiar with the IOS bundle will recall lengthy tables with hundreds of rows of data. Beginning this September, the IOS bundle software tables are replaced with a direct link to Cisco IOS Software Checker. The tables posed a number of problems, the most significant being that they displayed point-in-time data and were not updated to reflect new IOS releases. The data in Cisco IOS Software Checker is updated daily to include the most up-to-date information on recent IOS release.
Make sure to return to the Cisco Security Blog on September 24, 2014, for more details on the seminannual disclosure.
And, as always, please visit the Cisco Security portal to check out the wealth of available content, including:
- Best practices and white papers
- Event Responses
- The Cisco Security Blog
- Security Advisories
- Applied Mitigation Bulletins
- IntelliShield alerts
- IPS signature information