CISCO 0-day exploits

Mailman List Mirror (Read Only)
2

I really thought that more Cisco devices were deployed among NANOG.

I guess that these devices are not used anymore or maybe that I
understood wrong the severity of this CVE.

A proper network design helps to mitigate flaws like this. If you have CDP off, which many people do, then this exploit is not that big of a deal to you. If your devices are on a management network then it’s not that big of a deal. Just because a certain vendor has vulnerabilities exposed doesn’t it’s an all hand on deck scenario. Many of the folks on NANOG have a good grasp of network design. Sure, some don’t. But for the most part they do.

Justin Wilson
lists@mtin.net

3

The CDPwn vulnerability covers similar vulnerabilities in LLDP, and does
indeed demonstrate that network segmentation (i.e. "dude it's just L2")
is not the last word in mitigating against said vulnerabilities.

You ought to all be far more concerned, IMO.