CISCO 0-day exploits
Tom Hill
tom at ninjabadger.net
Mon Feb 10 18:54:02 UTC 2020
On 10/02/2020 18:13, Scott Weeks wrote:
> Just because you use cisco devices doesn't mean you have to use
> their proprietary protocols, such as EIGRP or CDP. OSPF or LLDP
> work just fine and interoperate with other vendors... :)
The CDPwn vulnerability covers similar vulnerabilities in LLDP, and does
indeed demonstrate that network segmentation (i.e. "dude it's just L2")
is not the last word in mitigating against said vulnerabilities.
You ought to all be far more concerned, IMO.
--
Tom
More information about the NANOG
mailing list