Yeeeees, great, thank you, Cisco.
"A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device."
Excellent when you're running hosting services where customer-controlled hardware is attached to your switches. (We don't, but upgrading our UCS FIs is inevitable.)
Also a DOS condition for IOS XE:
"There are no workarounds that address this vulnerability. However, customers who do not use Cisco Discovery Protocol can disable it either globally to fully close the attack vector or on individual interfaces to reduce the attack surface."
How is that not a workaround?
Yeah, ok, maybe it's not a workaround if you're living in the past century and are running outdated Cisco voice gear that doesn't support LLDP-MED...
On that note - oh, hey, that's a remote code execution bug on Cisco IP phones too: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos
The company that brought you this
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!