Recently a serious vulnerability (CVE-2018-0171) was disclosed in Cisco IOS and IOS XE software. An attacker could reload an affected device without authorization, resulting in a denial of service condition or remote code execution. This vulnerability originated from improper validation of packet data. An attack could exploit this vulnerability by sending elaborately-crafted Smart Install message to TCP port 4786 in affected devices, which may lead to remote code execution or other impacts through buffer overflow.
Reference links:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
https://embedi.com/blog/cisco-smart-install-remote-code-execution/
Affected versions
This vulnerability affected all devices running Cisco IOS or IOS XE with Smart Install feature enabled. See details in Cisco advisory:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
So far the following software/devices have been affected by this vulnerability:
- Catalyst 4500 Supervisor Engines
- Cisco Catalyst 3850 Series Switches
- Cisco Catalyst 2960 Series Switches
Unaffected versions
Please refer to:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2#fixed
Recommended Solution
Cisco has released patches to fix this vulnerability. Users who are using the affected software/devices are advised to upgrade to the latest version.
Reference link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
- Check to see whether Smart Install feature is enabled or not
Input show vstack config using privileged EXEC command on the Smart Install client. An output of Role: Client (SmartInstall enabled) or Oper Mode: Enabled confirms that the feature is enabled on the device.
- Check software release
To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI to check the version and determine whether it is affected.
Reference link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
https://tools.cisco.com/security/center/softwarechecker.x
- Users can turn to Smart Install Configuration Guide at the following link to use this feature correctly.
