There are times when a networking vendor would announce a vulnerability due to buffer overflow condition. An advisory would say that an unauthenticated user can craft a packet and execute an arbitrary code that can affect the system including a reload.
My question is, apart from reloading the system and modifying config, what else an attacker could do? If you are monitoring the config changes, this intrusion would become obvious and you can remediate the bug. An attacker could probably use this router/switch to launch attack on other systems. But router/switch operating system is usually closed, and it only allows ping packets or ssh out connections.
No comments:
Post a Comment