cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3467
Views
0
Helpful
4
Replies

current security patch level IOS/how to verify device is at it?

fit4lyf13
Level 1
Level 1

Hello all,

I am an IT auditor and I am trying to determine how can I verify the most current security patches for a sample of devices. Here is what the 4 devices have from the "show version" command:

C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)

Cisco IOS Software, CGESM Software (CGESM-LANBASE-M), Version 12.2(25)SED, RELEASE SOFTWARE (fc1)

Cisco IOS Software, C1100 Software (C1100-K9W7-M), Version 12.3(8)JEA, RELEASE

Cisco Internetwork Operating System Software

IOS (tm) C1700 Software (C1710-K9O3SY-M), Version 12.3(2)T, RELEASE SOFTWARE (fc1)

Two of these are routers (the 12.3 versions) and the other are switches (12.2).

How can I tell if these devices have the latest patches applied for those versions? I know 12.4 is available so none of these are current on version, but I need to make sure they have all available security patches.

Any advice would be great for someone who is not a network expert. Thanks.

Chad

4 Replies 4

JORGE RODRIGUEZ
Level 10
Level 10

Chad,

You would probably start in security advisory, usually is the place to start in checking Cisco's report on most critical security vulnerabilities and affected products and codes, if none of these

applies to your current devices your next step could probably be to check IOS release notes, just search in cisco main page your IOS version release notes to be aware of open CAVEATS that perhaps may be affecting your production network, generaly you would want to use codes in GD ( General Deployment), you can also check IOS retirement table at.

http://www.cisco.com/kobayashi/library/iosplanner/retired.shtml

Take a look in understanding IOS Designation GD, ED, MD DF etc.. on this link to hellp you understand IOS cycle it will help in desition making if upgrading, note that you need CCO login to get to this one bellow.

http://www.cisco.com/kobayashi/library/iosplanner/reldesignation.html#GD

Security Advisories

http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Security Vulnerability Policy

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

HTH

Jorge

Jorge Rodriguez

Chad

I think we should clarify one aspect mentioned in your post. While it is true that 12.4 is the most recent version for IOS routers (and therefore anything less than 12.4 is not quite current) we can not say the same thing about the Cisco Catalyst switches. I checked in the feature navigator on the Cisco site for the 3750 switch. For the SEC code train (which your 3750 is running) 12.2(25) is in fact the most recent code version offered.

HTH

Rick

HTH

Rick

Jorge,

Thanks for the reply. However, I don't think I have access to some of those links (I am sure people in our network area do, but us in Audit would not).

What I really need to is to tell if the 4 devices I listed have the latest patches for the given levels of IOS they are running. I am sure I could find what Cisco has released, but how can i tell if any of those have been applied to the devices? My real objective is to determine if these 4 devices are patched successfully based on today's known vulnerabilities.

Any other thoughts on how I can translate the output I supplied into determining if these devices are patched? Thanks.

Chad

Chad

Perhaps there is something else here that we can clarify a bit. You are describing your objective as determining path level within a release level. But that is not how Cisco generally does it. Cisco does not release a patch for a release as much as it releases a new version that incorporates the fix for the vulnerability. So once you know the specific version level for a device you would know exactly what its patch level is.

The difficult part is correlating a particular version with what fixes it contains. And I do not know of a good way to do that.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: