BOOTP services must be disabled.

From Infrastructure L3 Switch Secure Technical Implementation Guide - Cisco

Part of The Bootp service is not disabled.

SV-3086r3_rule BOOTP services must be disabled.

Vulnerability discussion

BOOTP is a user datagram protocol (UDP) that can be used by Cisco routers to access copies of Cisco IOS Software on another Cisco router running the BOOTP service. In this scenario, one Cisco router acts as a Cisco IOS Software server that can download the software to other Cisco routers acting as BOOTP clients. In reality, this service is rarely used and can allow an attacker to download a copy of a router's Cisco IOS Software.

Check content

Review the device configuration to determine if BOOTP services are enabled. If BOOTP is enabled, this is a finding.

Fix text

Configure the device to disable all BOOTP services.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer