[c-nsp] 3750 and CVE-2018-0167

Sebastian Beutel sebastian.beutel at rus.uni-stuttgart.de
Mon Jun 4 13:18:44 EDT 2018 

Hi Antoine,

On Mon, Jun 04, 2018 at 05:23:58PM +0200, Antoine Monnier wrote:
> Usually IP phones can also learn their voice vlan through a specific DHCP
> option in the data VLAN - they then reboot inside the voice vlan to get
> their final IP. Might be an option?
> 
Maybe that's a dumb question but how do they reach their dhcp server if they
do not know the vlan yet where it resides?

Best,
   Sebastian.

> On Mon, Jun 4, 2018 at 11:54 AM, Sebastian Beutel <
> sebastian.beutel at rus.uni-stuttgart.de> wrote:
> 
> > Hi Brian,
> >
> > On Thu, May 31, 2018 at 07:03:23PM +0200, Brian Turnbow wrote:
> > >
> > > We don't use lldp, but you can turn it off on an interface by interface
> > > bassis.
> > >
> > We need lldp because our ip phones learn their voice vlan via lldp. We
> > can't
> > define dedicated phone ports because people are used to plug in their phone
> > wherever they choose to.
> >
> > >
> > > Why run it on ports with devices outside of your control?
> > >
> > We didn't choose so. Universities had byod long before it had a name...
> >
> > Best,
> >     Sebastian.
> >
> > >
> > > > -----Original Message-----
> > > > From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf
> > Of
> > > > Sebastian Beutel
> > > > Sent: mercoledì 30 maggio 2018 17:52
> > > > To: cisco-nsp at puck.nether.net
> > > > Subject: [c-nsp] 3750 and CVE-2018-0167
> > > >
> > > > Dear list,
> > > >
> > > >     we're still having some Cat 3750 in operation and it will still
> > take
> > > some time
> > > > till we can retire the last ones. We've asked Cisco whether they are
> > > planning
> > > > to publish a new software image for this platform that fixes
> > > > CVE-2018-0167 despite the fact that the product is way beyond end of
> > > > security and vulnerability support.
> > > >     Our Cisco representative stated that they are not planning to do so
> > > despite
> > > > the severity of the bug. He also said we're the only customer having
> > > this issue.
> > > > So my question is: If you're still running 3750s, how do you deal with
> > > this?
> > > >
> > > > Best,
> > > >    Sebastian.
> > > >
> > > > P.S.: Cisco's advisory:
> > > >
> > > https://tools.cisco.com/security/center/content/
> > CiscoSecurityAdvisory/cisco-sa-20180328-lldp
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >

More information about the cisco-nsp mailing list