Vstack command cisco3/21/2023 The Talos team at Cisco recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. These tasks tend to have the best results when suitably qualified subject matter experts are involved in the planning and deployment phases. Oher solutions include blocking the TCP port that is used for the exploit. The Smart Install feature is primarily used as a deployment tool when Cisco devices are being provisioned or first introduced into a network and as such the feature can be disabled if not being used. The “ show version” and the “ show vstack config” command can be used on the affected platforms to verify whether the version installed is vulnerable to possible exploits as well as if the Smart Install Client is enabled. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. The vulnerability is due to improper validation of packet data. Cisco IOS and IOS XE Software Smart Install Remote Code Execution VulnerabilityĪ vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. Administrators may also address this vulnerability by logging in to the device and changing the password for this account. To address this vulnerability, administrators may remove the default account by using the no username cisco command in the device configuration. These upgrades require maintenance windows and these tasks tend to have the best results when suitably qualified subject matter experts are involved in the planning and deployment phases. The long-term solution to this problem is to upgrade to a newer version of the IOS XE software. The “ show version” command can be used on the affected platforms to confirm whether the version installed is vulnerable to possible exploits. deletion of configuration and compromising access control lists). A successful exploit could allow the attacker to log in to the device with the highest level of privilege on the device (e.g. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. The vulnerability is due to an undocumented user account with administrator like privileges that has a default username and password. IOS XE run on a wide range of Cisco network devices. Cisco IOS XE Software Static Credential VulnerabilityĪ vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software (Earlier than IOS XE 16.X). Cisco has had a difficult quarter in terms of vulnerabilities as this follows the January release of the far-reaching Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability. The Smart Install Exploitation Tool (SEIT) available in the below link can be used to download the config files, install new configuration file to the remote device, and also update the cisco IOS running on the remote device and execute code on the remote device.Ī simple shodan search for port 4786 shows that there are over 70K Devices which have the smart install services exposed to the internet.In keeping with Unified Technologies’ commitment to inform our customers and general public of important threats to secure computing, access and connectivity, the content below was prepared to provide some insight into some critical flaws in widely deployed Cisco equipment. use auxiliary/scanner/misc/cisco_smart_install This can also identified using Metsaploit and NMAP. This vulnerability is reported by most Vulnerability Scanners including Tenable Nessus. It goes without saying that this seemingly 'innocent' feature can be leveraged by attackers to compromise organization's networks. More of this is available in the link below. Rather than going to each and every switch and typing configs on the CLI, smart install makes it easier to deploy the same IOS image and the same configuration parameters on all your Cisco switches. Simply put, It makes the job of Network Administrators a bit easier. Cisco Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |