[nsp-sec] Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities
Chris Morrow
morrowc at ops-netman.net
Tue Jun 10 21:35:11 EDT 2008
On Tue, 10 Jun 2008, Eli Dart wrote:
>> server is an optional service that is disabled by default in Cisco
>> products. Only SNMPv3 is impacted by these vulnerabilities.
> ^^^^^^^^^^^^^^^^^^^^^^^^
>
> Does this mean that only SNMPv3 packets can exploit the vulnerability,
> or that the router must be configured for SNMPv3 in order to be vulnerable?
>
> For example, changing to a different version of SNMP is not listed in
> the workarounds section.
I hope you don't need the LI bits to work...
More information about the nsp-security
mailing list