![]() Replace the existing startup-config with the attacker’s version of the startup-config file.Copy the device’s startup-config to the said TFTP server. ![]() Change the TFTP server address on the device to a TFTP destination server that may be controlled by the attacker.ImpactĪ successful exploitation of this vulnerability may have the following impact: A recent scan on the internet revealed more than 4000 vulnerable devices in Canada that may be susceptible to this attack. The Smart Install Exploitation Tool (SIET) is readily available on the internet making the exploit of this vulnerability more accessible to script kiddies or threat actors. When an attacker sends a crafted Smart Install message to a device listening on port TCP 4786, which if successful, could lead to a buffer overflow on the device that may eventually cause an indefinite loop resulting in a watchdog crash or a reload of the device. The vulnerability is exploited due to improper validation of packet data which can be accepted by a vulnerable device since this feature does not require any authentication. This advisory is rated Critical and the vulnerabilities are identified with the following IDs: CVE-2018-0171 and CVE-2018-0156. Devices with the “Director” role are not affected as confirmed by Cisco. The vulnerability currently affects devices which have the “Client” role within the Smart Install configuration. The Smart Install feature stays enabled on the device after its deployment and since it does not use any authentication mechanisms by design, it leaves the device susceptible to this attack. Using this feature, a customer can ship the Cisco device to any location, install and power it on without any additional configuration. OverviewĬisco Smart Install is a feature that offers zero-touch deployment for new devices using “plug-and-play” configuration and image management. The attacker may also be able to execute arbitrary code on the device. Cisco subsequently released advisories addressing vulnerabilities in this feature, which if exploited, give the ability to a remote attacker to trigger the reload of the affected device, causing a Denial of Service (DoS). Cisco has acknowledged the misuse of the Smart Install protocol on its network access layer switches running the IOS and IOS XE software leading to reports of the affected devices being reloaded causing network downtimes. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |