CISCO 0-day exploits

• Previous message (by thread): CISCO 0-day exploits
• Next message (by thread): CISCO 0-day exploits
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 10 Feb 2020 at 13:52, Jean | ddostest.me via NANOG
<nanog at nanog.org> wrote:

> I really thought that more Cisco devices were deployed among NANOG.
>
> I guess that these devices are not used anymore or maybe that I
> understood wrong the severity of this CVE.

Network devices are incredibly fragile and mostly work because no one
is motivated to bring the infrastructure down. Getting any arbitrary
vendor down if you have access to it on L2 is usually so easy you
accidentally find ways to do it.
There are various L3 packet of deaths where existing infra can be
crashed with single packet, almost everyone has no or ridiculously
broken iACL and control-plane protection, yet business does not seem
to suffer from it.

Probably lower availability if you do upgrade your devices just
because there is a known issue, due to new production affecting
issues.

-- 
  ++ytti

• Previous message (by thread): CISCO 0-day exploits
• Next message (by thread): CISCO 0-day exploits
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]