nanog mailing list archives
Re: CISCO 0-day exploits
From: Saku Ytti <saku () ytti fi>
Date: Mon, 10 Feb 2020 15:40:13 +0200
On Mon, 10 Feb 2020 at 13:52, Jean | ddostest.me via NANOG <nanog () nanog org> wrote:
I really thought that more Cisco devices were deployed among NANOG. I guess that these devices are not used anymore or maybe that I understood wrong the severity of this CVE.
Network devices are incredibly fragile and mostly work because no one is motivated to bring the infrastructure down. Getting any arbitrary vendor down if you have access to it on L2 is usually so easy you accidentally find ways to do it. There are various L3 packet of deaths where existing infra can be crashed with single packet, almost everyone has no or ridiculously broken iACL and control-plane protection, yet business does not seem to suffer from it. Probably lower availability if you do upgrade your devices just because there is a known issue, due to new production affecting issues. -- ++ytti
Current thread:
- CISCO 0-day exploits Jean | ddostest.me via NANOG (Feb 07)
- Re: CISCO 0-day exploits Jean | ddostest.me via NANOG (Feb 10)
- Re: CISCO 0-day exploits tim () pelican org (Feb 10)
- Re: CISCO 0-day exploits Saku Ytti (Feb 10)
- Re: CISCO 0-day exploits Jean | ddostest.me via NANOG (Feb 10)
- Re: CISCO 0-day exploits Tom Hill (Feb 10)
- Re: CISCO 0-day exploits Ahmed Borno (Feb 10)
- Re: CISCO 0-day exploits Saku Ytti (Feb 11)
- Re: CISCO 0-day exploits Harlan Stenn (Feb 11)
- Re: CISCO 0-day exploits Ahmed Borno (Feb 11)
- Re: CISCO 0-day exploits Saku Ytti (Feb 11)
- Re: CISCO 0-day exploits Ahmed Borno (Feb 11)
- Re: CISCO 0-day exploits sronan (Feb 11)
- Re: CISCO 0-day exploits Jean | ddostest.me via NANOG (Feb 10)
- <Possible follow-ups>
- Re: CISCO 0-day exploits Scott Weeks (Feb 10)