nanog mailing list archives

Re: CISCO 0-day exploits

From: "tim () pelican org" <tim () pelican org>
Date: Mon, 10 Feb 2020 13:29:45 -0000 (GMT)

On Monday, 10 February, 2020 11:50, "Jean | ddostest.me via NANOG" <nanog () nanog org> said:

I really thought that more Cisco devices were deployed among NANOG.

I guess that these devices are not used anymore or maybe that I
understood wrong the severity of this CVE.


The phones / cameras side of it seems very much like an Enterprise problem.  I'm not sure what the split is here of 
people operating Enterprise networks vs Service Provider, but I'd expect a skew towards the latter.

There is some SP kit on the vulnerable list too, but in my experience, CDP there is used to validate L2 topologies 
amongst SP kit only, and disabled on customer-facing ports.  So maybe a "we *do* have CDP turned off everywhere we 
don't need it, right?" sanity-check, but not necessarily a rush to patch.

I'd have expected greater consternation had this hit vanilla-IOS/XE boxes that are likely to be in managed CPE roles, 
such as ISR and ASR1K.  There I can see the potential for CDP to be enabled customer-facing, either for diagnostics 
with the customer, or for the voice / data VLAN stuff outlined in the article.

Regards,
Tim.

Current thread:

CISCO 0-day exploits Jean | ddostest.me via NANOG (Feb 07)
- Re: CISCO 0-day exploits Jean | ddostest.me via NANOG (Feb 10)
  - Re: CISCO 0-day exploits tim () pelican org (Feb 10)
  - Re: CISCO 0-day exploits Saku Ytti (Feb 10)
    - Re: CISCO 0-day exploits Jean | ddostest.me via NANOG (Feb 10)
    - Re: CISCO 0-day exploits Tom Hill (Feb 10)
    - Re: CISCO 0-day exploits Ahmed Borno (Feb 10)
    - Re: CISCO 0-day exploits Saku Ytti (Feb 11)
    - Re: CISCO 0-day exploits Harlan Stenn (Feb 11)
    - Re: CISCO 0-day exploits Ahmed Borno (Feb 11)
    - Re: CISCO 0-day exploits Saku Ytti (Feb 11)
    - Re: CISCO 0-day exploits Ahmed Borno (Feb 11)
    - Re: CISCO 0-day exploits sronan (Feb 11)

(Thread continues...)