Common Vulnerabilities and Exposures Addressed in Open Source Components in Cisco IOS XE Bengaluru 17.5.x
Information About Common Vulnerabilities and Exposures
This document contains information about patched Common Vulnerabilities and Exposures (CVE) for open source software (OSS) used in this product. The updating of an OSS component does not necessarily imply that IOS XE itself was previously vulnerable. This is done to improve the general security posture of the product. The CVE ID in the following table links to the corresponding vulnerability entry on the National Vulnerability Database (NVD). To view the details of a vulnerability, click on the CVE ID.
 Note |
This Cisco product may contain third-party software that includes open source components (including those listed below) with unpatched vulnerabilities. Many of these vulnerabilities do not have a known attack vector. |
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. The policy also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Licensing information about the open source software used in this product can be found at Open Source Notices & Documentation. With respect to the open source software listed in this document, if you have any questions or wish to receive a copy of any source code to which you may be entitled under the applicable open source license(s) (such as the GNU Lesser/General Public License), contact us at external-opensource-requests@cisco.com.
Common Vulnerabilities and Exposures (CVE) Addressed in Open Source Components in Cisco IOS XE Bengaluru 17.5.1
|
CVE ID |
Component |
Component Version |
|---|---|---|
|
avahi |
0.7 |
|
|
bash |
4.2 |
|
|
binutils |
2.32 |
|
|
bluez |
5.5 |
|
|
boost |
1.71.0 |
|
|
cairo |
1.16.0 |
|
|
cjson |
1.7.10+gitAUTOINC+c69134d017 |
|
|
cpio |
2.12 |
|
|
cracklib |
2.9.5 |
|
|
curl |
7.66.0 |
|
|
dbus |
1.12.16 |
|
|
file |
5.37 |
|
|
flex |
2.6.0 |
|
|
gcc |
9.2.0 |
|
|
gdb |
8.3.1 |
|
|
gettext |
0.19.8.1 |
|
|
glib |
2.60.7 |
|
|
glibc |
2.3 |
|
|
gnutls |
3.6.13 |
|
|
international_components_for_unicode |
64.2 |
|
|
json-c |
0.13.1 |
|
|
libarchive |
3.4.0 |
|
|
libcgroup |
0.41 |
|
|
libcurl |
7.66.0 |
|
|
libgcrypt |
1.8.4 |
|
|
libxml2 |
2.9.9 |
|
|
libxslt |
1.1.33 |
|
|
lrzsz |
0.12.20 |
|
|
mailx |
12.5-5 |
|
|
ncurses |
6.1.20190803 |
|
|
netkit-rsh |
0.17 |
|
|
netkit-telnet |
0.17 |
|
|
nghttp2 |
1.39.2 |
|
|
openssh |
8.0p1 |
|
|
pcre |
8.43 |
|
|
perl |
5.30.1 |
|
|
ppp |
2.4.7 |
|
|
python |
2.7.18 |
|
|
python |
3.7.8 |
|
|
python-pycrypto |
2.6.1 |
|
|
python3-pycrypto |
2.6.1 |
|
|
qemu |
4.1.0 |
|
|
rsync |
3.1.3 |
|
|
screen |
4.6.2 |
|
|
sqlite |
3.29.0 |
|
|
sudo |
1.8.27 |
|
|
sysstat |
12.1.6 |
|
|
systemd |
243.2 |
|
|
unzip |
6 |
|
|
xinetd |
2.3.15 |
Additional Resources
|
Related Topic |
Resource |
|---|---|
|
Cisco Security Advisories |
https://tools.cisco.com/security/center/publicationListing.x |
|
Cisco Security Vulnerability Policy |
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html |
|
Common Vulnerabilities and Exposures |
|
|
Open Source In Cisco Products |
https://www.cisco.com/c/en/us/about/legal/open-source-documentation-responsive.html |