Cisco Plugins issues for InsightVM

daniel_cruzan · February 16, 2021, 6:50pm

Greetings,

We have been having an issue at my company with Cisco vulnerabilities and we were wondering if anyone else has been having the same problem. First, let me just say that we are doing credentialed scanning. On the devices in question, the credential login is showing as successful and has Enable permissions, so we should be fine there.
The issue is that the Cisco plugins for InsightVM do not appear to be taking the hardware into account. Only the IOS version. This is a pretty big problem because many of the Cisco Advisories for the vulnerabilities list only a specific type of device (or configuration) as being vulnerable. For example, we just created a ton of exceptions for CVE-2020-3414. This was showing up on our managed switches, but this only effects Cisco 4461 Integrated Service Routers.
Is anyone else having similar issues to this? I’d love to hear your feedback/experience.

Thank you,

andy_taylor · March 2, 2021, 11:38am

Yes , we are seeing the same thing. The authenticated scan doesnt appear to identify or take into account the actual hardware, just the IOS version.

Network team are not happy

Think ill raise a support ticket/FP on it and see what they say

greg_wiseman · March 2, 2021, 6:20pm

Hi Daniel and Andy,

Our checks for Cisco IOS take the hardware models into account as of February 9th. Our checks for Cisco IOS XE (which CVE-2020-3414 affects) will be similarly updated in a content release within the next week or so. I hope this will help put you back into good standing with your network teams!

All the best,
Greg

andy_taylor · March 5, 2021, 9:00am

I will pass the news on on !

Nobody wants a prickly Network guy getting all defensive about their kit to deal with