Cisco Prime Nerk 43 User Guide

  
9-53
Cisco Prime Network 4.3.2 User Guide
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Cisco Security Advisories 
(PSIRT)AAA Command Authorization By-pass - 68840
ARP Table Overwrite - 13600
Access Point Memory Exhaustion from ARP Attacks - 68715
Access Point Web-browser Interface - 70567
Auth Proxy Buffer Overflow - 66269
Authentication Proxy Vulnerability - 110478
BGP Attribute Corruption - 10935
BGP Logging - 63845...

  
9-54
Cisco Prime Network 4.3.2 User Guide
EDCS-1524415
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Cisco Security Advisories 
(PSIRT) (contd.)HTTP - 13627
HTTP Auth - 13626
HTTP Command Injection - 68322
HTTP GET Vulnerability - 44162
HTTP Server Query - 13628
Hard-Coded SNMP Community Names in Cisco Industrial 
Ethernet 3000 Series Switches Vulnerability- 111895
IKE Resource Exhaustion Vulnerability - 110559
IKE...

  
9-55
Cisco Prime Network 4.3.2 User Guide
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Cisco Security Advisories 
(PSIRT) (contd.)IOS Software Memory Leak in SIP Inspection Vulnerability - 
20120328
IOS Software Multicast Source Discovery Protocol 
Vulnerability - 20120328
IOS Software NAT DoS Vulnerability - 20120926
IOS Software NAT For SIP DoS Vulnerability - 20120926
IOS Software NAT H.323 Vulnerability - 112253...

  
9-56
Cisco Prime Network 4.3.2 User Guide
EDCS-1524415
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Cisco Security Advisories 
(PSIRT) (contd.)Multiple Features IP Sockets Vulnerability - 109333
Multiple Multicast Vulnerabilities - 107550
Multiple SIP DoS Vulnerabilities - 107617
Multiple SSH Vulnerabilities - 8118
Multiprotocol Label Switching Packet Vulnerability- 111458
NAM (Network Analysis Module) Vulnerability -...

  
9-57
Cisco Prime Network 4.3.2 User Guide
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Cisco Security Advisories 
(PSIRT) (contd.)SSH Malformed Packet - 29581
SSH TACACS+ Authentication - 64439
SSL - 91888
SSL Packet Processing Vulnerability - 107631
SSL VPN Vulnerability - 112029
Secure Copy Authorization Bypass Vulnerability - 97261
Secure Copy Privilege Escalation Vulnerability - 109323
Secure Shell Denial of...

  
9-58
Cisco Prime Network 4.3.2 User Guide
EDCS-1524415
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Compliance PoliciesBPDU Filter Disabled on Access Ports
BPDU-Guard Disabled on Access Ports
CDP Enabled on Access Ports
Channel Port in Auto Mode
Loop Guard and Port Fast Enabled on Ports
Non-channel Port in Desirable Mode
Non-trunk Ports in Desirable Mode
Port Fast Enabled on Trunk Port
Port is in Error Disabled State...

  
9-59
Cisco Prime Network 4.3.2 User Guide
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Choosing the Devices for the Compliance Audit
After you create a policy profile, you must choose the devices or device groups on which the compliance 
audit must be performed. After you choose the devices or device groups and schedule an audit, a job with 
the name of the policy profile is created. This name defines the job, and can...

  
9-60
Cisco Prime Network 4.3.2 User Guide
EDCS-1524415
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
By Devices—Choose this option to select the device(s) that you want to audit.
By Groups—Choose this option to select the device group(s) that you want to audit. There must be 
at least one device added to a device group for the group to be audited. If a device is added to 
multiple device groups that are selected for...

  
9-61
Cisco Prime Network 4.3.2 User Guide
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Reschedule—Using this option, you can reschedule a job that has been scheduled for a different 
time. Choose a job, and click Reschedule. The Compliance Audit Job Rescheduler window opens. 
Set your preferences. The following options are available against Choose Configuration option:
–Use Latest Archived Configuration—If you choose...

  
9-62
Cisco Prime Network 4.3.2 User Guide
EDCS-1524415
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
To export and view the job results in XLS format from Change and Configuration:
Step 1Log in to the Change and Configuration Management client.
Step 2Click the All Jobs tab.
Step 3Select a row that has a Job type that is mentioned above. Ensure that the Job Status is in Scheduled or 
Completed and the Lastrun Status is...