[c-nsp] big uptime - what you got ?

[Keith Medcalf]

On Monday, 10 February, 2020 14:10, Tom Hill <tom at ninjabadger.net>
wrote:

>On 10/02/2020 21:01, Keith Medcalf wrote:

>> How about you just say in English what it is you want to say instead
>> of wasting everyone's time?

> "Click the fucking link and find out" ?

> (Protip: never ask a Brit to be explicit.)

>> Page does not exist, and I do not do tinyurl or bitly or any of that
>> sort of obfuscation crap.

> If you've decided to obfuscate HTTP 302 responses from your life, I'm
> not sure I can really help you navigate Cisco's security tools anyway.

Seems pretty straightforward to me.  You posted a link.  It was broken.
Case closed.

> Suffice it to say, there are a heap of critical and/or high-level
> security vulnerabilities listed for the Cisco IOS version referenced
by
> the OP (12.2(31)SGA1). Eschewing those recommendations in favour of
> dick-waving over high uptimes is an industry practice that we should
> really have killed-off by now.

Just because *you* or some other person thinks there are *critical*
security vulnerabilities does not mean that those vulnerabilities are
exploitable in any particular instance of the installation of that
hardware or software.

Just because "A" is a vulnerability does not mean that one needs to "fix
or upgrade" anything if "A" is already mitigated.

-- 
The fact that there's a Highway to Hell but only a Stairway to Heaven
says a lot about anticipated traffic volume.