CISCO 0-day exploits

tim at pelican.org tim at pelican.org
Mon Feb 10 13:29:45 UTC 2020


On Monday, 10 February, 2020 11:50, "Jean | ddostest.me via NANOG" <nanog at nanog.org> said:

> I really thought that more Cisco devices were deployed among NANOG.
> 
> I guess that these devices are not used anymore or maybe that I
> understood wrong the severity of this CVE.

The phones / cameras side of it seems very much like an Enterprise problem.  I'm not sure what the split is here of people operating Enterprise networks vs Service Provider, but I'd expect a skew towards the latter.

There is some SP kit on the vulnerable list too, but in my experience, CDP there is used to validate L2 topologies amongst SP kit only, and disabled on customer-facing ports.  So maybe a "we *do* have CDP turned off everywhere we don't need it, right?" sanity-check, but not necessarily a rush to patch.

I'd have expected greater consternation had this hit vanilla-IOS/XE boxes that are likely to be in managed CPE roles, such as ISR and ASR1K.  There I can see the potential for CDP to be enabled customer-facing, either for diagnostics with the customer, or for the voice / data VLAN stuff outlined in the article.

Regards,
Tim.





More information about the NANOG mailing list