Bonjour la liste, Pas vu passer ça ici il me semble et ça m'a un peu fait sursauter hier :-)
Une belle vulnérabilité de CDP a été disclose ici https://www.armis.com/cdpwn/ . Notes du CERT & CVEs : https://kb.cert.org/vuls/id/261385/ Extrait: """ CVE-2020-3110 and CVE-2020-3111, CVE-2020-3118, CVE-2020-3119 These vulnerabilities could allow a remote attacker on the local network to cause a denial of service by rebooting the affected device running CDP. A remote attacker could also execute code by sending a malicious unauthenticated CDP packet to the affected device. CVE-2020-3120 This vulnerability could allow a remote attacker on the local network to cause a denial of service by rebooting the affected device running CDP. These vulnerabilities affect devices that have CDP enabled. It is important to note that for all affected devices, CDP is enabled by default. A complete list of the affected products can be found in the following Cisco advisories: """ La liste de devices affectés est... longue. A noter quand même que si vous avez mis à jour vos équipements régulièrement comme il se doit: "Armis has disclosed the vulnerabilities to Cisco on August 29, 2019 and has worked with them since to develop and test mitigations and patches." J’interprète ça mal ou c'est vraiment très moche ? Bon week-end -- RD --------------------------- Liste de diffusion du FRnOG http://www.frnog.org/
