02-20-2012 12:58 AM - edited 03-04-2019 03:20 PM
Hello
There are many CAt3560 with IOS 12.2(53)SE2 running in my client's network. Recently, those switches have been scanned by a tool "Netformx" and the report shows that IOS 12.2(53)SE2 is affected by advisory " Crafted ICMP Messages Can Cause Denial of Service" and also "
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability- 111895".
I wanna ask if anyone can confirm whether a Catalyst 3560 running IOS version 12.2(53)SE2 be affected by the above advisories.
http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html
Refer to the caveats mentioned in the note, it seems that 12.2(53)SE2 is not a known affected version.
Thanks!
02-20-2012 01:22 AM
All the IOS versions are vulnerable if they have PMTUD related configs in the device. If you go through the PSIRT report, if you are running GRE, IPSEC or L2TP, then you are vulnerable. If you don't have these on them, you are safe
Thanks
Vivek
02-20-2012 03:57 AM
Thanks a lot!
02-20-2012 11:21 PM
And how about the "
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability- 111895"? I expect it affects only IE 3000 only but not Catalyst series switches, right?
Thanks!
02-20-2012 11:30 PM
catalyst's are not affected with this vulnerability. But certainly not a good practice to keep your community strings like "public" or "private". Though no other switches will be hardcoded with those community strings, but certainly we "humans" tend to configure it, which is unsafe. Just try eliminating them, if you have any such configs
Thanks
Vivek
*Please do rate helpful posts
02-21-2012 12:36 AM
Thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide