BackBox Integration With Cisco Software Checker
As a Cisco Security Technology Alliance (CSTA) partner, BackBox Software Ltd. is pleased to announce the release of our latest IntelliCheck, created to support Cisco’s “Cisco Software Checker”.
This pro-active IntelliCheck is relevant to any organization running Cisco IOS, IOS XE, and NX-OS on a variety of Cisco devices. BackBox provides the ability to automatically extract required device version information and dynamically interact with Cisco’s web-based “Cisco Software Checker” in an effort to assess and identify any related Cisco Security Advisories
Furthermore, this BackBox IntelliCheck requires very little user interaction and ensures regular, scheduled assessments of an organization’s Cisco environment by automating the following:
1. Connecting to Cisco devices and extracting current version information
2. Dynamically interacting with Cisco’s web-based “Cisco Software Checker”
3. Automatically notifying the designated user of the following information:
a. Identify the current, running version of OS.
b. Identify the first available version of OS with no known vulnerabilities according to Cisco Security Advisories.
4. Provide the designated user with a comprehensive email, inclusive of current OS and identified vulnerabilities along with the recommended version of OS to upgrade to.
As with all BackBox automation tasks and scripts, IntelliChecks (which provide proactive Security, Operational, and Performance Checks) have the ability to be customized to support specific organizational requirements such as leveraging a proxy server, if required in this case to connect externally for security reasons.
IntelliChecks Report
Signature
Cisco -> IOS/IOS-XE/NXOS Version Checker
Status
Success: 1, Suspect: 3, Failure: 0
Upgrading Cisco IOS/IOS-XE/NXOS to Latest Versions with BackBox Task Automation
In order to address the identified vulnerabilities and upgrade to Cisco recommended version of OS, BackBox provides the ability to intelligently and efficiently upgrade multiple Cisco devices simultaneously with Task Automation. This allows organizations to ensure a consistent and current standard of OS across all Cisco devices. By leveraging BackBox Intelligent Automation to accomplish this, organizations can now increase their operational efficiency and reliability while significantly reducing overall risk.
Detailed Results
| Publication date | Impact | Title | First fixed or not affected |
| 3/24/2021 16:00 | High | Cisco IOS XE Software Fast Reload Vulnerabilities | 16.12.4a |
| 3/24/2021 16:00 | High | Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability | 16.12.5 |
| 3/24/2021 16:00 | High | Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability | 16.12.5 |
| 3/24/2021 16:00 | High | Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability | 16.12.5 |
| 3/24/2021 16:00 | High | Cisco IOS XE Software Arbitrary Code Execution Vulnerability | 16.12.5 |
| 3/24/2021 16:00 | High | Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability | 16.12.5 |
| 3/24/2021 16:00 | High | Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability | 16.12.5 |
| 3/24/2021 16:00 | High | Cisco IOS XE Software for the Catalyst 9000 Family Arbitrary Code Execution Vulnerability | 16.12.4a |
| 3/24/2021 16:00 | High | Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability | 16.12.5 |
| 3/24/2021 16:00 | High | Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability | 16.12.5 |
| 3/24/2021 16:00 | High | Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability | 16.12.5 |
| 3/24/2021 16:00 | High | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability | 16.12.4a |