Follow

Yeeeees, great, thank you, Cisco.

"A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device."

Excellent when you're running hosting services where customer-controlled hardware is attached to your switches. (We don't, but upgrading our UCS FIs is inevitable.)

tools.cisco.com/security/cente

Also a DOS condition for IOS XE:
tools.cisco.com/security/cente

"There are no workarounds that address this vulnerability. However, customers who do not use Cisco Discovery Protocol can disable it either globally to fully close the attack vector or on individual interfaces to reduce the attack surface."

:blobthinkingglare: How is that not a workaround?

Show thread

Yeah, ok, maybe it's not a workaround if you're living in the past century and are running outdated Cisco voice gear that doesn't support LLDP-MED...

On that note - oh, hey, that's a remote code execution bug on Cisco IP phones too: tools.cisco.com/security/cente

Show thread
Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!