We have been having an issue at my company with Cisco vulnerabilities and we were wondering if anyone else has been having the same problem. First, let me just say that we are doing credentialed scanning. On the devices in question, the credential login is showing as successful and has Enable permissions, so we should be fine there.
The issue is that the Cisco plugins for InsightVM do not appear to be taking the hardware into account. Only the IOS version. This is a pretty big problem because many of the Cisco Advisories for the vulnerabilities list only a specific type of device (or configuration) as being vulnerable. For example, we just created a ton of exceptions for CVE-2020-3414. This was showing up on our managed switches, but this only effects Cisco 4461 Integrated Service Routers.
Is anyone else having similar issues to this? I’d love to hear your feedback/experience.