![]() InsightVM and Nexpose customers can follow the steps in this quick guide to launch a focused scan for these vulnerabilities, report on affected assets, and create remediation projects. A vulnerability check for CVE-2018-0150 (static credentials in IOS XE) will be forthcoming once we have confirmed the credentials for the undocumented user account in question.Use the vulnerability ID cisco-sr-20170214-smi in filters or searches. InsightVM customers already have visibility into exposed Smart Install instances (CVE-2018-0171) on both IOS and IOS XE.These vulnerabilities have been tagged as Rapid7 Critical. Authenticated vulnerability coverage for IOS XE is not yet supported. Today’s (March 29, 2018) content update will contain authenticated vulnerability checks for CVE-2018-0151 and CVE-2018-0171 on the IOS platform.InsightVM/Nexpose current coverage is as follows: Metasploit users can identify Smart Install endpoints with the auxiliary/scanner/misc/cisco_smart_install module. If you have any SMI endpoints in directly connected to the internet, you should disable SMI as soon as possible and leave it disabled. Identify vulnerable systems in your environment and patch them as soon as possible. If it returns with a Role: Client (SmartInstall enabled) response or a response that includes Oper Mode: Enabled and Role: Client, the device is vulnerable. To identify whether SMI is enabled on a given device, all you need to do is connect to it and issue this command: # show vstack config Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Only Smart Install client switches are affected by the vulnerability that is described in this advisory. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and have the Smart Install client feature enabled. The issue lies in the lack of proper validation of packet data which makes it possible for attackers to send out a well-crafted sequence of packets/bytes to cause a buffer overflow which could result in: Unlike previous SMI exposure reports, Cisco has officially stated this is a bona fide vulnerability and not “protocol misuse”. Jon’s blog post has a wealth of information on Cisco SMI exposure over the years and we’ll refrain from duplicating the historical content here. Rapid7’s own Jon Hart reported on Cisco Smart Install Exposure back in September of 2017. The Smart Install feature incorporates no authentication by design. The feature allows a customer to ship a Cisco switch to any location, install it in the network, and power it on without additional configuration requirements. Researchers from Embedi discovered (and responsibly disclosed) a stack-based buffer overflow weakness in Cisco Smart Install Client code which causes the devices to be susceptible to arbitrary remote code execution without authentication.Ĭisco Smart Install (SMI) is a “plug-and-play” configuration and image-management feature that provides zero-touch deployment for new (typically access layer) switches. Last updated at Fri, 14:59:08 GMT What’s Up?
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |