[c-nsp] 3750 and CVE-2018-0167

Antoine Monnier mrantoinemonnier at gmail.com
Mon Jun 4 11:23:58 EDT 2018 

Usually IP phones can also learn their voice vlan through a specific DHCP
option in the data VLAN - they then reboot inside the voice vlan to get
their final IP.
Might be an option?

On Mon, Jun 4, 2018 at 11:54 AM, Sebastian Beutel <
sebastian.beutel at rus.uni-stuttgart.de> wrote:

> Hi Brian,
>
> On Thu, May 31, 2018 at 07:03:23PM +0200, Brian Turnbow wrote:
> >
> > We don't use lldp, but you can turn it off on an interface by interface
> > bassis.
> >
> We need lldp because our ip phones learn their voice vlan via lldp. We
> can't
> define dedicated phone ports because people are used to plug in their phone
> wherever they choose to.
>
> >
> > Why run it on ports with devices outside of your control?
> >
> We didn't choose so. Universities had byod long before it had a name...
>
> Best,
>     Sebastian.
>
> >
> > > -----Original Message-----
> > > From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf
> Of
> > > Sebastian Beutel
> > > Sent: mercoledì 30 maggio 2018 17:52
> > > To: cisco-nsp at puck.nether.net
> > > Subject: [c-nsp] 3750 and CVE-2018-0167
> > >
> > > Dear list,
> > >
> > >     we're still having some Cat 3750 in operation and it will still
> take
> > some time
> > > till we can retire the last ones. We've asked Cisco whether they are
> > planning
> > > to publish a new software image for this platform that fixes
> > > CVE-2018-0167 despite the fact that the product is way beyond end of
> > > security and vulnerability support.
> > >     Our Cisco representative stated that they are not planning to do so
> > despite
> > > the severity of the bug. He also said we're the only customer having
> > this issue.
> > > So my question is: If you're still running 3750s, how do you deal with
> > this?
> > >
> > > Best,
> > >    Sebastian.
> > >
> > > P.S.: Cisco's advisory:
> > >
> > https://tools.cisco.com/security/center/content/
> CiscoSecurityAdvisory/cisco-sa-20180328-lldp
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list