Cisco IOS/IOS XE Software Remote Code Execution Vulnerability (CVE-2018-0171)

Cisco IOS/IOS XE Software Remote Code Execution Vulnerability (CVE-2018-0171)

março 30, 2018 | NSFOCUS

Recently a serious vulnerability (CVE-2018-0171) was disclosed in Cisco IOS and IOS XE software. An attacker could reload an affected device without authorization, resulting in a denial of service condition or remote code execution. This vulnerability originated from improper validation of packet data. An attack could exploit this vulnerability by sending elaborately-crafted Smart Install message to TCP port 4786 in affected devices, which may lead to remote code execution or other impacts through buffer overflow.

Reference links:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

https://embedi.com/blog/cisco-smart-install-remote-code-execution/

Affected versions

This vulnerability affected all devices running Cisco IOS or IOS XE with Smart Install feature enabled. See details in Cisco advisory:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

So far the following software/devices have been affected by this vulnerability: 

  • Catalyst 4500 Supervisor Engines
  • Cisco Catalyst 3850 Series Switches
  • Cisco Catalyst 2960 Series Switches

Unaffected versions

Please refer to:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2#fixed

Recommended Solution

Cisco has released patches to fix this vulnerability. Users who are using the affected software/devices are advised to upgrade to the latest version.

Reference link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

  • Check to see whether Smart Install feature is enabled or not

Input show vstack config using privileged EXEC command on the Smart Install client. An output of Role: Client (SmartInstall enabled) or Oper Mode: Enabled confirms that the feature is enabled on the device.

  • Check software release

To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI to check the version and determine whether it is affected.

Reference link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

https://tools.cisco.com/security/center/softwarechecker.x

  • Users can turn to Smart Install Configuration Guide at the following link to use this feature correctly.

https://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/concepts.html#23355