09/12/18 - Bug found.
09/17/18 - Vulnerabilities reported to
[email protected] via encrypted email. 90 day is December 17, 2018.
09/17/18 - Cisco responds that Tenable sent with an old invalid key.
09/17/18 - Tenable, chastened, resends with the proper key.
09/17/18 - Cisco assigns CSCvm53531, CSCvm53537, CSCvm53539, and PSIRT-0723370376. Cisco states, "The last Cisco PSIRT publishing date of 2018 is November 7". Cisco asks for "joint disclosure" on Feb. 9, 2019.
09/17/18 - Tenable responds that Feb. 9, 2019 is unacceptable due to strict disclosure policy.
09/18/18 - Cisco replies with a handful of dates that could work. Also, having trouble reproducing all the results and asks for some command output.
09/18/18 - Tenable says Dec. 12 or Dec. 19 are fine. Sends additional output requested by Cisco.
09/19/18 - Cisco replies with additional questions about Tenable's write up.
09/19/18 - Tenable replies with explanations.
09/21/18 - Cisco confirms the vulnerabilities.
10/12/18 - Tenable asks for an update.
10/12/18 - Cisco says the team is still looking into it.
11/1/2018 - Tenable reminds Cisco that 45 days remain.
11/1/2018 - Cisco acknowledges.
12/7/2018 - Tenable asks for an update.
12/10/2018 - Cisco asks Tenable for coordinated disclosure on 12/19.
12/10/2018 - Tenable agrees.
12/12/2018 - Cisco assigns a CVE and shares some publication details. Asks Tenable to share their advisory.
12/13/2018 - Tenable acknowledges the request.
12/18/2018 - Cisco reminds Tenable of upcoming publication and shares the link.
12/18/2018 - Tenable shares a partial first draft of the advisory and asks for the list of fixed versions.
12/18/2018 - Cisco suggests a correction to the draft and provides the list of patched versions.
12/18/2018 - Tenable thanks Cisco.
12/19/2018 - Cisco publishes their advisory.
12/19/2018 - Tenable publishes their advisory.