The network element must be running a current and supported operating system with all IAVMs addressed.

From Perimeter Router Security Technical Implementation Guide Cisco

Part of Operating system is not at a current release level.

SV-15302r2_rule The network element must be running a current and supported operating system with all IAVMs addressed.

Vulnerability discussion

Network devices that are not running the latest tested and approved versions of software are vulnerable to network attacks. Running the most current, approved version of system and device software helps the site maintain a stable base of security fixes and patches, as well as enhancements to IP security. Viruses, denial of service attacks, system weaknesses, back doors and other potentially harmful situations could render a system vulnerable, allowing unauthorized access to DoD assets.

Check content

Have the administrator enter the show version command to determine the installed IOS version. As of June 2010, the latest major release is 12.4 for routers and 12.2 for switches (both access and multi-layer). The release being used must have all IAVMs resolved and must not be in a Cisco deferred status or has been made obsolete. Ask the administrator login to the Cisco Software Center to download software. Select the specific router or switch model. Select the IOS Software link and then Verify that the release being used is listed under the release family (will need to expand the list) and not in the deferred list. If the release is not listed in either the release family or deferred, then the release is obsolete. Verify that all IAVMs have been addressed. Note: Cisco software in a differed state will still be at the Cisco Software Center and available for download under the deferred group, whereas software made obsolete is no longer available for download. Deferred status occurs when a software maintenance release is made obsolete and removed from order ability and service outside of Cisco's normal release schedule, or Cisco cancels a scheduled maintenance release from reaching the First-Customer-Ship (FCS) milestone. Deferrals are most often related to software quality issues. A deferral can be performed for an entire maintenance release, or just for certain sets of platforms or features within a release. A deferral prior to the FCS milestone may be performed by Cisco to protect customers from receiving software with known catastrophic defects. A deferral after FCS will expedite obsolescence for the release to limit the exposure of customers.

Fix text

Update operating system to a supported version that addresses all related IAVMs.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer