×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Regarding Crafted ICMP Messages Can Cause Denial of Service

Unanswered Question
Feb 20th, 2012
User Badges:

Hello


There are many CAt3560 with IOS 12.2(53)SE2 running in my client's  network.  Recently, those switches have been scanned by a tool  "Netformx" and the report shows that IOS 12.2(53)SE2 is affected by advisory " Crafted ICMP Messages Can Cause Denial of Service" and also "

Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability- 111895".


I wanna ask if anyone can confirm whether a Catalyst 3560 running IOS version 12.2(53)SE2 be affected by the above advisories.


http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html


http://www.cisco.com/en/US/customer/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/configuration/pari.html#wp2119779



Refer to the caveats mentioned in the note, it seems that 12.2(53)SE2 is not a known affected version.


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vivek Ganapathi Mon, 02/20/2012 - 01:22
User Badges:
  • Silver, 250 points or more

All the IOS versions are vulnerable if they have PMTUD related configs in the device. If you go through the PSIRT report, if you are running GRE, IPSEC or L2TP, then you are vulnerable. If you don't have these on them, you are safe


Thanks

Vivek

3alee Mon, 02/20/2012 - 23:21
User Badges:

And how about the "

Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability- 111895"?  I expect it affects only IE 3000 only but not Catalyst series switches, right?


Thanks!

Vivek Ganapathi Mon, 02/20/2012 - 23:30
User Badges:
  • Silver, 250 points or more

catalyst's are not affected with this vulnerability. But certainly not a good practice to keep your community strings like "public" or "private". Though no other switches will be hardcoded with those community strings, but certainly we "humans" tend to configure it, which is unsafe. Just try eliminating them, if you have any such configs


Thanks

Vivek


*Please do rate helpful posts

Actions

This Discussion