Had an external pen test done against my ASA.3rd party company said I have this CVE show up:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Cisco released code fix in May of 2018, my code (9.8.4.15) is Oct 2019. Why would this code show as positive critical CVE on a security scan? It's been almost 2 yrs, security scanners should have correct signatures by now, right?
I can't believe that this CVE is still in the code?
Anyone have this hit them on security scan? I don't know the scanning tool the 3rd party is using. I have asked them to investigate.
No comments:
Post a Comment