I created a Cisco authentication record, the privilege level is 15.
Average scans show 50+ vulnerabilities with anywhere from 4-30 of them showing as potential vulnerabilities. I had our network team review a single switch to validate detection's and nearly every one was confirmed a false positive. In the results section for every QID detected it simply shows the IOS version.
A solid 80% or more are tied to a certain service, which we confirmed is disabled on the switch.
Is anyone having any success scanning Cisco switches and getting verified true vulnerabilities?
In an environment with thousands of Cisco switches multiplied by 50 vulnerabilities, we have a ton of vulnerabilities we have to answer to and they all appear to be false positives.