back to article Cisco cops to enterprise IOS XE vulnerability

Cisco’s latest operating system update ships with a vulnerability that could let hackers seize control of network devices. The giant has admitted to the hole in its IOS XE release 16.1.1 that, if exploited, would let an attacker force a device to reload. IOS XE is Cisco’s operating system for routers, switches and appliances …

Silver badge
Holmes

"Cisco has issued a software update, warning that there is no workaround you could implement."

And was that bug found before or during the audit that Cisco's carrying out after Juniper's little three-letter problem came to light?

3
0

Audit? Nah...

I doubt this has anything to do with code audit. This looks like a standard vulnerability, probably found by a customer who used some sort of network vulnerability scanner or some other piece of software which used the all zero MAC address causing his switch to crash.

1
0

Re: Audit? Nah...

I was the customer who discovered it.

I didn't need any sort of vulnerability scanner - I just needed a Nexus 1000v switch which had (surprise surprise) CDP enabled. There appears to be a bug on the N1kv which means it sends out CDP with all zero's as the mac address, which caused the Cat3k to crash within seconds of booting up.

4
0

Re: Audit? Nah...

Good catch! I've known far too many folks who wouldn't look at the *entire* packet and hence, miss the bug.

Isn't it fun when bugs interact?

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018