![]() "Those servers were upgraded on May 7, 2020." "Cisco infrastructure maintains the salt-master servers that are used with Cisco VIRL-PE," a security advisory published earlier today says. Restrict Smart Install Access - Minimize the exposure of the feature by implementing ACLs and Control Plane Policing (CoPP).Cisco said today that some of its Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) backend servers were hacked by exploiting critical SaltStack vulnerabilities patched last month. ![]() Disabling Feature - On devices found to be running the Smart Install Client feature, customers should disable the feature or, where not applicable.Cisco advises Network Administrators to perform the following mitigations to reduce the exposure of abuse on the Smart Install protocol: The output should display "Smart Install: DISABLED" Verify again by using "show vstack status " and "show vstack download-status " commands. Disable the "Cisco Smart Install" feature if not required with "no vstack" command.Vulnerable releases with a fixed update will be tagged along with a security advisory. Use Cisco IOS Software Checker to verify the specific IOS and IOS XE software that you are using is affected.Review Cisco Security Advisories and apply the necessary updates on affected devices.Security Operations Centres (SOC) are encouraged to keep a lookout for an increase in scans on TCP port 4786 "Cisco Smart Install" uses this port. In most cases, this would lead to outages in the networks, similar to a denial-of-service, and modification of the configuration files. It allows a customer to deploy the network device to any location and install it into a network for immediate use without additional configuration required.Ĭisco network devices that are running a vulnerable release of Cisco IOS or IOS XE software with Smart Install feature enabled.Īn attacker who has successfully exploited this vulnerability would be able to remotely execute arbitrary code without authentication, allowing for full control over the vulnerable network device. The Cisco Smart Install feature provides zero-touch deployment for new equipment, similar to a "plug-and-play" model. This would trigger a reload of affected devices, resulting in a denial of service (DoS) condition, or the execution of arbitrary codes on affected devices. The attacks exploited the CVE-2018-0171 Cisco Smart Install vulnerability which has a Common Vulnerability Score System (CVSS) severity base score of 9.8 out of 10.Ī remote attacker could exploit this vulnerability by sending a crafted message to an unpatched Cisco equipment on TCP port 4786. ![]() On 8th April, it was reported that there had been cyber attacks on Cisco equipment, causing network outages in several countries including the US, Russia and Iran. ![]() Network Administrators are still highly recommended to install patches to address CVE-2018-0171, even though the recent attacks did not use the vulnerability for exploitation. They advise Network Administrators to Disable the Feature or Restrict Smart Install Access. They have identified that CVE-2018-0171 was not exploited in the attacks, but instead, the Smart Install protocol was abused. Updated 11 April 2018: Cisco has issued further updates to the Smart Install Client vulnerability. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |