Cisco PSIRT Improvements in Nipper 2.9.1
Following customer feedback, we’ve enhanced the PSIRT plugin to provide more valuable data for Cisco ASA and PIX devices based on its version. By running additional checks Nipper now produces a more accurate list of vulnerabilities associated with the device.
Accuracy, usability, and stability improvements
The latest release of Nipper focuses on accuracy, stability, and usability improvements across the following device manufacturers and report plugins:
FortiOS
- Included a FortiOS 6 demo config for evaluation users
- Fixed false positive on Fortinet/FortiGate devices with Filtering Differences
- Improved administrative services detection for FortiGate
- Improved filter rule detection for devices running FortiOS 6.2
- Improved stability when comparing FortiGate device configs
- Fixed issue with some FortiGate configs using ipv6 failing to generate a report
Cisco
- Fixed false positive for OSPF LSA thresholds on Cisco ASA
- Improved JunOS vulnerability audit detection for certain versions
- Resolved issue of SSH incorrectly reported as disabled on some Cisco configurations
- Fixed a false positive on Cisco devices with NTP control queries
Check Point
- Fixed R80 rulebases sometimes being incorrectly audited
- Resolved an R77 dependency issue
Improved stability related to:
- System-wide licensing
- Filtering differences when auditing some Sonicwall devices
- Changing email logging settings
- Adding remote devices in Audit Scheduling
Usability
- Excluding vulnerabilities now removes them from the ‘Conclusion’ table
- Resolved issue on filtering differences when the baseline was created on a different OS
- Changed default remote connections to Palo Alto to use HTTPS
Other
- Updated copyright information across reports to 2021
- Updated vulnerabilities from the National Vulnerability Database