Restrict Smart Install Access - Minimize the exposure of the feature by implementing ACLs and Control Plane Policing (CoPP).Disabling Feature - On devices found to be running the Smart Install Client feature, customers should disable the feature or, where not applicable.Cisco advises Network Administrators to perform the following mitigations to reduce the exposure of abuse on the Smart Install protocol: The output should display "Smart Install: DISABLED" Smart Install uses a Cisco proprietary protocol that runs over TCP port 4786. A vulnerability exists in the Smart Install feature of Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device. Verify again by using "show vstack status " and "show vstack download-status " commands. deployed at new locations without any configuration. Disable the "Cisco Smart Install" feature if not required with "no vstack" command.Vulnerable releases with a fixed update will be tagged along with a security advisory. Use Cisco IOS Software Checker to verify the specific IOS and IOS XE software that you are using is affected.Review Cisco Security Advisories and apply the necessary updates on affected devices.Security Operations Centres (SOC) are encouraged to keep a lookout for an increase in scans on TCP port 4786 "Cisco Smart Install" uses this port. In most cases, this would lead to outages in the networks, similar to a denial-of-service, and modification of the configuration files. It allows a customer to deploy the network device to any location and install it into a network for immediate use without additional configuration required.Ĭisco network devices that are running a vulnerable release of Cisco IOS or IOS XE software with Smart Install feature enabled.Īn attacker who has successfully exploited this vulnerability would be able to remotely execute arbitrary code without authentication, allowing for full control over the vulnerable network device. The Cisco Smart Install feature provides zero-touch deployment for new equipment, similar to a "plug-and-play" model. This would trigger a reload of affected devices, resulting in a denial of service (DoS) condition, or the execution of arbitrary codes on affected devices. The attacks exploited the CVE-2018-0171 Cisco Smart Install vulnerability which has a Common Vulnerability Score System (CVSS) severity base score of 9.8 out of 10.Ī remote attacker could exploit this vulnerability by sending a crafted message to an unpatched Cisco equipment on TCP port 4786. On 8th April, it was reported that there had been cyber attacks on Cisco equipment, causing network outages in several countries including the US, Russia and Iran. Network Administrators are still highly recommended to install patches to address CVE-2018-0171, even though the recent attacks did not use the vulnerability for exploitation. They advise Network Administrators to Disable the Feature or Restrict Smart Install Access. They have identified that CVE-2018-0171 was not exploited in the attacks, but instead, the Smart Install protocol was abused. Updated 11 April 2018: Cisco has issued further updates to the Smart Install Client vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |