Solved: Re: Cisco Bug CSCto10165 Smart Install Vulnerability

francisfox · ‎01-12-2012

Hi There, we are using IOS 12.2(55) on a cisco 3750X-24TS. This IOS has the smart install vulnerability identified in

CSCto10165. We had been using the ACL workaround to mitigate this however i notice on the bug toolkit that this bug now has a fix. The thing that is confusing me is that the bug toolkit states the bug was 1st found in 12.2(58)SE and 1st fixed also in 12.2(58)SE. So is it fixed? I notice on the downloads page there is 12.2(58)SE2 available for download but this is dated 27/7/2011. Is the fix in this version? The release notes don't mention this bug. Can anyone offer any advice. Regards Francis

rsimoni · ‎01-12-2012

Hi Francis,

the fix is for sure in 12.2(55)SE3.

About 12.2(58)SE from what I understand from the internal notes, always tricky on PSIRT bugs, the issue was first noticed on the image which was candidated to be 12.2(58)SE. The bug could be fixed before 12.2(58)SE was actually published on CCO, this is why this release is both mentioned as the first found and first fixed.

Hope this clarifies.

please rate and close the question if helpful.

Riccardo

View solution in original post

rsimoni · ‎01-12-2012

Hi Francis,

the fix is for sure in 12.2(55)SE3.

About 12.2(58)SE from what I understand from the internal notes, always tricky on PSIRT bugs, the issue was first noticed on the image which was candidated to be 12.2(58)SE. The bug could be fixed before 12.2(58)SE was actually published on CCO, this is why this release is both mentioned as the first found and first fixed.

Hope this clarifies.

please rate and close the question if helpful.

Riccardo

lgijssel · ‎01-13-2012

+5 for Ricardo for an obviously correct answer

@francisfox: Thnx4notrating

francisfox · ‎01-16-2012

Many thanks Riccardo