On Jul 9, 2015, at 5:35 PM, Ricky Beam <jfbeam@gmail.com> wrote:
On Thu, 09 Jul 2015 07:27:16 -0400, Jared Mauch <jared@puck.nether.net> wrote:
Really just people not patching their software after warnings more than six months ago:
A lot goes into "updates". Not the least of which is *knowing* about the issue. Then getting the patched code, then lab testing, then regulatory approval(s), then maintenance window(s)…
Not my first rodeo. Once again, it’s been since October 2014. If you failed to pay your credit card bill from October 2014 you can’t expect it to work either.
Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.
"Free" if you have a support contract. (the clause 3 "contact TAC" method is all too often a serious pain in the ass.)
I’ve never had issues getting them to open a case for this hardware. You can either operate responsibly or not. I wouldn’t be surprised if the situation gets worse. Either way, upgrade/patch/silo as necessary. - Jared