[c-nsp] Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability

Dario Ciccarone dciccaro at cisco.com
Wed Sep 24 15:12:34 EDT 2014

Hash: SHA1


    Thanks for your feedback ! Please see inline for some additional

On 9/24/14 2:55 PM, Peter Rathlev wrote:
> On Wed, 2014-09-24 at 12:23 -0400, Cisco Systems PSIRT wrote:
>> Cisco IOS Software RSVP Vulnerability
> ...
> Thank you to PSIRT for generally thorough advisories. :-)
> I have a grievance though: The "Cisco IOS Software" section of "Software
> Versions and Fixes" not longer includes a comprehensive list of affected
> IOS releases but instead refers to the IOS Software Checker tool.
> The IOS Software Checker tool is really nice in itself, but if you for
> some reason have several different IOS releases running in your network
> then checking each of these via lookup is a lot slower than just
> skimming the list in the advisory.
Actually, we think that may be because you're using option "a" - typing
in an IOS release, or selecting from the list. You can instead use
option "b" (and paste the output of multiple "show version" commands) or
option "c" (and provide a list of IOS releases). Try option "c" and see
if you like it.

Additionally, the "static" IOS tables on previous advisories were that -
a static snapshot at publication time. While the IOS Software checker
data comes from a database that is updated in real time, based on new
fixes availability, new IOS releases, etc.

We don't expect to go back to the previous advisory format, with the
static tables - and actually, our goal is to expand the "IOS Software
checker" in the future to also accept IOS-XE, NX-OS and other Cisco
operating systems. No ETA for those enhancements yet.

Once again, thanks for providing us with your feedback - it is very

> Since the advisory contains a lot of information already, and since it's
> beautifully organised into sections, I think a comprehensive list like
> it has been before is a really good idea.
> An example of an advisory with the comprehensive list:
> Just my to zhents of course. :-)

Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: GPGTools - http://gpgtools.org


More information about the cisco-nsp mailing list