Solved: Re: Non-Zero Padding Bytes Observed in Ethernet Packets DNAC

sujanyakj · ‎01-08-2024

We are having Gen 1 DNAC with IOS as 2.3.3.7 and during the vulnerability scan we got the below VA "Non-Zero Padding Bytes Observed in Ethernet Packets DNAC " with the resolution as " This weakness may be exploited to fingerprint the Ethernet cards and device drivers"

please suggest on the above

Torbjørn · ‎01-09-2024

Is this the output from a third-party vulnerability assessment tool?

This describes exactly what it says, that this makes the device NICs and drivers is more likely to be identified(fingerprinted) by another device on the same L2 link/VLAN. Which could in theory be used to identify which vulnerabilities a device is susceptible to. As far as I can see this should be a non-issue for any well thought out DNAC deployment. The DNAC should not be placed in the same VLAN as any untrusted devices.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

View solution in original post

Torbjørn · ‎01-09-2024

Is this the output from a third-party vulnerability assessment tool?

This describes exactly what it says, that this makes the device NICs and drivers is more likely to be identified(fingerprinted) by another device on the same L2 link/VLAN. Which could in theory be used to identify which vulnerabilities a device is susceptible to. As far as I can see this should be a non-issue for any well thought out DNAC deployment. The DNAC should not be placed in the same VLAN as any untrusted devices.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

sujanyakj · ‎01-11-2024

Thank you @Torbjørn. Yes , you are right. Scanner and device is in same subnet.