Netpluz Security Advisory

Netpluz Security Advisory: Cisco Smart Install Feature Vulnerability

April 13, 2018

Dear Valued Customer,

We have received an advisory about the Cisco Smart Install Feature Vulnerability, where hackers exploited the Cisco Smart Install Protocol on TCP Port 4786.

In which they can trigger a reload of the affected devices which can result a Denial of Service (DoS) or remote code execution.

This Smart Install is a Cisco legacy plug-and-play feature.

Affected Product:

Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and have the Smart Install client feature enabled.

Impact:

A successful exploit allows hackers to remotely execute arbitrary code without authentication, gaining full control over the vulnerable network device to the point

where they can wipe the configuration that can lead to network outages.

Recommendation:

Network Administrators are advised to Disable the Smart Install Feature or Restrict Smart Install Access by implementing ACLs and Control Plane Policing (CoPP)

Customers under Netpluz Managed Routers need not be alarmed as none of our routers deployed support Smart Install Feature.

The list of supported devices and firmware for Smart Install can be found here:

https://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/supported_devices.html#32462

 

Reference:

https://www.csa.gov.sg/singcert/news/advisories-alerts/alert-on-cyber-attacks-leveraging-cisco-critical-vulnerabilities-cve-2018-0171

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi

https://research.kudelskisecurity.com/2018/04/07/critical-vulnerabilities-cisco-smart-install-actively-exploited-to-cause-mass-network-outages-cve-2018-0171-cve-2018-0156/