Rule ID
SV-283872r1204036_rule
Version
V1R1
CCIs
Nokia network devices that are configured via a zero-touch deployment or auto-loading feature can have their startup configuration or image pushed to the device for installation via Trivial File Transfer Protocol (TFTP) or Remote Copy (RCP). Loading an image or configuration file from the network is taking a security risk because the file could be intercepted by an attacker who could corrupt the file, resulting in a denial of service.
Review the device configuration to determine if the auto-boot feature is enabled. Verify "auto-boot" is not configured when using the command below: - show bof | match "auto-boot" Note: If auto-boot is enabled, it will appear as "auto-boot". If it is disabled, it will not appear. If a configuration auto-boot is enabled, this is a finding.
Disable the auto-boot feature in the bof, as show in the example below: - bof no auto-boot