"Cisco has issued a software update, warning that there is no workaround you could implement."
And was that bug found before or during the audit that Cisco's carrying out after Juniper's little three-letter problem came to light?
Cisco’s latest operating system update ships with a vulnerability that could let hackers seize control of network devices. The giant has admitted to the hole in its IOS XE release 16.1.1 that, if exploited, would let an attacker force a device to reload. IOS XE is Cisco’s operating system for routers, switches and appliances …
I was the customer who discovered it.
I didn't need any sort of vulnerability scanner - I just needed a Nexus 1000v switch which had (surprise surprise) CDP enabled. There appears to be a bug on the N1kv which means it sends out CDP with all zero's as the mac address, which caused the Cat3k to crash within seconds of booting up.
Biting the hand that feeds IT © 1998–2019