Vulnerabilities in IOS versions

Unanswered Question
Mar 26th, 2010


We've got a security audit coming up and we wanted to make sure the IOS versions we're running haven't been flagged for vulnerabilities.  Is there anywhere on the Cisco web site that notices like that would show up?  Or is there some way of determining that our IOS has been "certified" as acceptable?  For example, does an organization like CERT or NSA do anything like that?

The alternative, it seems, is just to scour the Cisco web site and see if specific vulnerailities and/or bugs have been announced, but I'm wondering if there's a faster, cleaner way of determining if your IOS is a good one.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Reza Sharifi Fri, 03/26/2010 - 09:37


The best place to look into is the release notes for the IOS you are using.  Just go through it and see if you notice any thing that security may flag.

You should also look at DISA Stig standards to make sure you are complying with their guidelines.




This Discussion