Forum Discussion
CVE-2023-20198: Zero-Day Vulnerability in Cisco IOS XE...
As of 2023-12-14, the blog states that Cisco has not released updates for this critical zero-day yet. And Tenable plugin revisions for these findings still reflect that.
However, Cisco's since released many updates, and I think the blog and Tenable plugins need to be revised to determine patch level of endpoint for the CVE.
Here's just a sample of IOS XE versions and their released patch:
VERSION first fixed in:
16.9.3 first fixed in: 16.12.10a
16.12.8 first fixed in: 16.12.10a
16.9.4 first fixed in: 16.12.10a
16.12.4 first fixed in: 16.12.10a
16.3.5 first fixed in: 16.12.10a
16.9.2 first fixed in: 16.12.10a
16.6.5 first fixed in: 16.12.10a
16.8.1 first fixed in: 16.12.10a
16.3.7 first fixed in: 16.12.10a
16.6.3 first fixed in: 16.12.10a
16.6.2 first fixed in: 16.12.10a
16.6.1 first fixed in: 16.12.10a
16.6.4 first fixed in: 16.12.10a
16.12.3s first fixed in: 16.12.10a
16.9.5 first fixed in: 16.12.10a
16.12.5b first fixed in: 16.12.10a
16.12.3a first fixed in: 16.12.10a
16.10.1 first fixed in: 16.12.10a
16.6.9 first fixed in: 16.12.10a
16.12.3 first fixed in: 16.12.10a
16.12.2 first fixed in: 16.12.10a
16.11.1 first fixed in: 16.12.10a
16.3.3 first fixed in: 16.12.10a
16.3.6 first fixed in: 16.12.10a
16.4.2 first fixed in: 16.12.10a
16.12.1 first fixed in: 16.12.10a
16.2.1 first fixed in: 16.12.10a
16.6.7 first fixed in: 16.12.10a
16.6.6 first fixed in: 16.12.10a
16.12.5 first fixed in: 16.12.10a
17.3.4a first fixed in: 17.3.8a
17.3.5 first fixed in: 17.3.8a
17.3.4 first fixed in: 17.3.8a
17.3.2 first fixed in: 17.3.8a
17.3.3 first fixed in: 17.3.8a
17.3.6 first fixed in: 17.3.8a
17.6.4 first fixed in: 17.6.5a or 17.6.6a
17.5.1 first fixed in: 17.6.5a or 17.6.6a
17.6.3a first fixed in: 17.6.5a or 17.6.6a
17.6.1a first fixed in: 17.6.5a or 17.6.6a
17.6.5 first fixed in: 17.6.5a or 17.6.6a
