You are here
Home > Preporuke > Sigurnosno upozorenje za Cisco Smart Install Protocol

Sigurnosno upozorenje za Cisco Smart Install Protocol

  • Detalji os-a: WN7
  • Važnost: INF
  • Operativni sustavi: O
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Response: Cisco Smart Install Protocol Misuse

Response ID: cisco-sr-20170214-smi

Revision 1.0

For Public Release 2017 February 14 16:00 UTC (GMT)

+———————————————————————

Summary
=======

Several researchers have reported on the use of Smart Install (SMI) protocol messages
toward Smart Install clients, also known as integrated branch clients (IBC), allowing an
unauthenticated, remote attacker to change the startup-config file and force a reload of the
device, upgrade the IOS image on the device, and execute high-privilege CLI commands on
switches running Cisco IOS and IOS XE Software.

Cisco does not consider this a vulnerability in Cisco IOS, IOS XE, or the Smart Install
feature itself but a misuse of the Smart Install protocol that by design does not require
authentication. Customers who seek more than zero-touch deployment should consider deploying
the Cisco Network Plug and Play solution instead.

Cisco has updated the Smart Install Configuration Guide to include security best practices
regarding the deployment of the Cisco Smart Install feature within customer infrastructures:
http://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/concepts.html#23355

This response is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi

—–BEGIN PGP SIGNATURE—–

iQIVAwUBWKMqP689gD3EAJB5AQIhmg//bOM1Zdt3KCjzNpQ2dCyOVDA8l1yM6h4w
MJMUE8kqxUHKtKP9dCqDNKJt18XEWX1hOBNitiUqCIksaLDntRDjlkuA9dAayAHE
s7zvlrjV0OWJ9gNjUAc7Kb8fhwQVf3FIBiuRciy14y+8WBeTBGejYZgdK6vax0BQ
/uP16dlViu+dUSmS3+K79lZ+7oJUKJWEcniA1dmvT6Rn5V5asj7sy9W6CA+X9ehm
kahOFeZJibnynFX6cDH1V7gvnWbo62PtgZ+NPkRFscXIlJhAYUOxFLOdF227GBRo
sTvjfitx64uWVd2u3HFDPmFAw1V2dX86AlNm8P8Bp6S2+jvJ3SprZZ1j3+vt1AEn
j5L5sc7IJpjCjj/JLxFI3iQOBZBnXQXU4XHxvdorMt067CijcwQbPYSM52oAdG8d
Bemos1BvBt5q/yIUV/tkYchdFMNsUrPBEjma4xf3l4RQQsrYvDhbJRTVi/z4Tjhw
fT6I3NHax2rxIc936l3zMXsPSPCbpjKYMWPA0xraIfceCi6Ujkm/0aX5Lxx/rAa7
Utcg/pMDFNpl+LWyPhJ1egTvRjNm8XDnIsDmybmUdssxjp0RtJHAUDyKlu+OKK4g
X3/8i+Ke0XrYFj2aag809ykRhwydveIJ3BFoUp7HiiAA5lOslR0g7hs30WgTW5UK
rsLWNm4W6vw=
=4PAE
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorVlatka Misic
Cert idNCERT-REF-2017-02-0096-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa vim

Otkriven je sigurnosni nedostatak u programskom paketu vim za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje prepisivanje spremnika. Savjetuje...

Close