security advisories
Do You Know Where Your Network is Vulnerable?
1 min read
Cisco DNA Automation can make security more effective and easier to manage. Through Cisco DNA Center, you can get up-to-date advisories that can help identify potential vulnerabilities in your network.
September 2017 Cisco IOS & IOS XE Software Bundled Publication
2 min read
Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2017. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year). Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]
CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 is Now Available
1 min read
I am pleased to announce that the OASIS CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 committee specification is now available. As covered in our previous blog posts, the purpose of the OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC) is to standardize the practices for structured machine-readable security vulnerability-related advisories. The CSAF TC is focusing […]
March 2017 Cisco IOS & IOS XE Software Bundled Publication
2 min read
Today, we released the first Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2017. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year). Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]
Keeping Up with Security Vulnerability Disclosures with the Cisco PSIRT openVuln API
3 min read
The Cisco PSIRT openVuln API is a RESTful API that allows customers to obtain Cisco security vulnerability information in different machine-consumable formats. It supports industrywide security standards such as the Common Vulnerability Reporting Framework (CVRF), Open Vulnerability and Assessment Language (OVAL), Common Vulnerability and Exposure (CVE) identifiers, Common Weakness Enumeration (CWE), and the Common Vulnerability Scoring System (CVSS). This API […]
The Evolution of Scoring Security Vulnerabilities: The Sequel
3 min read
Back in April, I wrote a blog post about the new version of the Common Vulnerability Scoring System (CVSS). The changes made for CVSSv3 addressed some of the challenges that existed in CVSSv2. For example, CVSSv3 analyzes the scope of a vulnerability and identifies the privileges an attacker needs to exploit it. The CVSSv3 enhancements […]
September 2016 Cisco IOS & IOS XE Software Bundled Publication
1 min read
Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2016. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year). Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]
Cisco IOS & IOS XE Bundled Publication and IOS Software Checker Updates
2 min read
Today, we released the first of two semiannual Cisco IOS & XE Software Security Advisory Bundled Publications of 2016. (As a reminder, Cisco discloses IOS & XE vulnerabilities on a predictable schedule—the fourth Wednesday of March and September in each calendar year). Today’s edition of the Cisco IOS & XE Software Security Advisory Bundled Publication includes […]
Improvements to Cisco’s Security Vulnerability Disclosures
5 min read
Cisco is committed to protecting customers by sharing critical security-related information in different formats. Guided by customer feedback, Cisco’s Product Security Incident Response Team (PSIRT) is seeking ways to improve how we communicate information about Cisco product vulnerabilities to our Customers and Partners. As John Stewart mentioned on his blog post, the Cisco PSIRT has launched a […]