There is no workaround on MGX switches.
There are two workarounds on IOS devices to address this issue.
Cisco IOS provides TFTP server functionality to facilitate the transfer
of Cisco IOS images when another TFTP server may not be available. If the TFTP
server functionality is not currently needed, the following steps may be taken
to disable the TFTP server.
While in enable mode on the router, issue the command
show running-config and look for lines starting with
For each line in the config starting with
tftp-server, prepend the word no followed by
a space followed by the full text of the matching line in config mode to remove
that entry. This step must be repeated for each matching line of the config.
Once this task has been completed, verify that there are no lines
starting with tftp-server by issuing the command
show running-config from the enable prompt.
Once verified, save the new configuration so that the server will be
disabled upon the next reset of the device.
Cisco IOS provides the ability to alias a long filename to a shorter
filename. If the tftp-server entries in the configuration have the keyword
"alias" in them, the router will not be vulnerable to exploitation of this
vulnerability. To implement this workaround, follow the directions above for
disabling the TFTP server, and then add any configuration lines back to the
config by appending the keyword "alias" followed by a short filename such that
the command resembles:
tftp-server flash rsp-jv-mz.111-24a alias CiscoIOS
Note that this must be done for every line starting with "tftp-server"
in the configuration. The existence of a single line in the configuration
beginning with "tftp-server" without an alias defined while running affected
versions of software is all that is needed to become subject to this