[c-nsp] TIL: Maintenance Operations Protocol (MOP)
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Fri Aug 6 11:48:06 EDT 2021
On Fri, Aug 06, 2021 at 02:00:30PM +0200, Lukas Tribus wrote:
> I'm no longer putting in hundreds of hours to fight losing battles,
> which earlier in my carrier I did:
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140828-CVE-2014-3347
Ensuring that MOP is dead and stays buried might actually be worth a
PSIRT effort - any feature that is on-by-default and enables unauthorized
access to a device should be worth the fight.
+1, and worth a PSIRT case right away.
But it doesn't provide unauthorized access, does it? Drew's test showed a password prompt (not sure what the AAA config looked like)..
oli
More information about the cisco-nsp
mailing list