Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Regarding Crafted ICMP Messages Can Cause Denial of Service

Hello

There are many CAt3560 with IOS 12.2(53)SE2 running in my client's  network.  Recently, those switches have been scanned by a tool  "Netformx" and the report shows that IOS 12.2(53)SE2 is affected by advisory " Crafted ICMP Messages Can Cause Denial of Service" and also "

Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability- 111895".

I wanna ask if anyone can confirm whether a Catalyst 3560 running IOS version 12.2(53)SE2 be affected by the above advisories.

http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html

http://www.cisco.com/en/US/customer/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/configuration/pari.html#wp2119779

Refer to the caveats mentioned in the note, it seems that 12.2(53)SE2 is not a known affected version.

Thanks!

5 REPLIES

Regarding Crafted ICMP Messages Can Cause Denial of Service

All the IOS versions are vulnerable if they have PMTUD related configs in the device. If you go through the PSIRT report, if you are running GRE, IPSEC or L2TP, then you are vulnerable. If you don't have these on them, you are safe

Thanks

Vivek

Community Member

Regarding Crafted ICMP Messages Can Cause Denial of Service

Thanks a lot!

Community Member

Regarding Crafted ICMP Messages Can Cause Denial of Service

And how about the "

Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability- 111895"?  I expect it affects only IE 3000 only but not Catalyst series switches, right?

Thanks!

Regarding Crafted ICMP Messages Can Cause Denial of Service

catalyst's are not affected with this vulnerability. But certainly not a good practice to keep your community strings like "public" or "private". Though no other switches will be hardcoded with those community strings, but certainly we "humans" tend to configure it, which is unsafe. Just try eliminating them, if you have any such configs

Thanks

Vivek

*Please do rate helpful posts

Community Member

Regarding Crafted ICMP Messages Can Cause Denial of Service

Thanks again!

248
Views
0
Helpful
5
Replies
CreatePlease to create content