Query Details
CVE 2025 20188 CVSS 10 Out Of 10
Query
// https://www.bleepingcomputer.com/news/security/cisco-fixes-max-severity-ios-xe-flaw-letting-attackers-hijack-devices/ // https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC DeviceInfo | where Vendor has "cisco" | summarize arg_max(TimeGenerated, *) by DeviceId | where Model has "catalyst" | where OSDistribution == "CiscoXE"
Explanation
This KQL (Kusto Query Language) query is designed to analyze device information from a dataset. Here's a simple breakdown of what it does:
-
Filter by Vendor: It starts by filtering the data to only include devices where the vendor is Cisco.
-
Summarize Latest Entry: For each device, it summarizes the data to get the most recent entry (based on
TimeGenerated) for each uniqueDeviceId. This means it keeps only the latest information available for each device. -
Filter by Model: It further narrows down the results to include only devices that have "catalyst" in their model name.
-
Filter by OS Distribution: Finally, it filters the results to include only those devices that are running the "CiscoXE" operating system distribution.
In essence, this query is used to identify the most recent information about Cisco Catalyst devices running the CiscoXE operating system from a dataset of device information.
Details
Steven Lim
Released: May 10, 2025
Tables
Keywords
Operators