[c-nsp] 3750 and CVE-2018-0167

Coy Hile coy.hile at coyhile.com
Mon Jun 4 13:26:47 EDT 2018 


> On Jun 4, 2018, at 13:18, Sebastian Beutel <sebastian.beutel at rus.uni-stuttgart.de> wrote:
> 
> Hi Antoine,
> 
>> On Mon, Jun 04, 2018 at 05:23:58PM +0200, Antoine Monnier wrote:
>> Usually IP phones can also learn their voice vlan through a specific DHCP
>> option in the data VLAN - they then reboot inside the voice vlan to get
>> their final IP. Might be an option?
>> 
> Maybe that's a dumb question but how do they reach their dhcp server if they
> do not know the vlan yet where it resides?
> 
> Best,
>   Sebastian.
> 

Helper addresses configured on the switch configures where such requests should be forwarded. 

>> On Mon, Jun 4, 2018 at 11:54 AM, Sebastian Beutel <
>> sebastian.beutel at rus.uni-stuttgart.de> wrote:
>> 
>>> Hi Brian,
>>> 
>>>> On Thu, May 31, 2018 at 07:03:23PM +0200, Brian Turnbow wrote:
>>>> 
>>>> We don't use lldp, but you can turn it off on an interface by interface
>>>> bassis.
>>>> 
>>> We need lldp because our ip phones learn their voice vlan via lldp. We
>>> can't
>>> define dedicated phone ports because people are used to plug in their phone
>>> wherever they choose to.
>>> 
>>>> 
>>>> Why run it on ports with devices outside of your control?
>>>> 
>>> We didn't choose so. Universities had byod long before it had a name...
>>> 
>>> Best,
>>>    Sebastian.
>>> 
>>>> 
>>>>> -----Original Message-----
>>>>> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf
>>> Of
>>>>> Sebastian Beutel
>>>>> Sent: mercoledì 30 maggio 2018 17:52
>>>>> To: cisco-nsp at puck.nether.net
>>>>> Subject: [c-nsp] 3750 and CVE-2018-0167
>>>>> 
>>>>> Dear list,
>>>>> 
>>>>>    we're still having some Cat 3750 in operation and it will still
>>> take
>>>> some time
>>>>> till we can retire the last ones. We've asked Cisco whether they are
>>>> planning
>>>>> to publish a new software image for this platform that fixes
>>>>> CVE-2018-0167 despite the fact that the product is way beyond end of
>>>>> security and vulnerability support.
>>>>>    Our Cisco representative stated that they are not planning to do so
>>>> despite
>>>>> the severity of the bug. He also said we're the only customer having
>>>> this issue.
>>>>> So my question is: If you're still running 3750s, how do you deal with
>>>> this?
>>>>> 
>>>>> Best,
>>>>>   Sebastian.
>>>>> 
>>>>> P.S.: Cisco's advisory:
>>>>> 
>>>> https://tools.cisco.com/security/center/content/
>>> CiscoSecurityAdvisory/cisco-sa-20180328-lldp
>>> 
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list