Cisco IOS/IOS XE Software Remote Code Execution Vulnerability (CVE-2018-0171)

Cisco IOS/IOS XE Software Remote Code Execution Vulnerability (CVE-2018-0171)

março 30, 2018 | NSFOCUS

Recently a serious vulnerability (CVE-2018-0171) was disclosed in Cisco IOS and IOS XE software. An attacker could reload an affected device without authorization, resulting in a denial of service condition or remote code execution. This vulnerability originated from improper validation of packet data. An attack could exploit this vulnerability by sending elaborately-crafted Smart Install message to TCP port 4786 in affected devices, which may lead to remote code execution or other impacts through buffer overflow.

Reference links:

Affected versions

This vulnerability affected all devices running Cisco IOS or IOS XE with Smart Install feature enabled. See details in Cisco advisory:

So far the following software/devices have been affected by this vulnerability: 

  • Catalyst 4500 Supervisor Engines
  • Cisco Catalyst 3850 Series Switches
  • Cisco Catalyst 2960 Series Switches

Unaffected versions

Please refer to:

Recommended Solution

Cisco has released patches to fix this vulnerability. Users who are using the affected software/devices are advised to upgrade to the latest version.

Reference link:

  • Check to see whether Smart Install feature is enabled or not

Input show vstack config using privileged EXEC command on the Smart Install client. An output of Role: Client (SmartInstall enabled) or Oper Mode: Enabled confirms that the feature is enabled on the device.

  • Check software release

To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI to check the version and determine whether it is affected.

Reference link:

  • Users can turn to Smart Install Configuration Guide at the following link to use this feature correctly.