[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Response: Cisco Smart Install Protocol Misuse

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Response: Cisco Smart Install Protocol Misuse
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Tue, 14 Feb 2017 15:04:43 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Response: Cisco Smart Install Protocol Misuse

Response ID: cisco-sr-20170214-smi

Revision 1.0

For Public Release 2017 February 14 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Several researchers have reported on the use of Smart Install (SMI) protocol 
messages 
toward Smart Install clients, also known as integrated branch clients (IBC), 
allowing an 
unauthenticated, remote attacker to change the startup-config file and force a 
reload of the 
device, upgrade the IOS image on the device, and execute high-privilege CLI 
commands on 
switches running Cisco IOS and IOS XE Software.

Cisco does not consider this a vulnerability in Cisco IOS, IOS XE, or the Smart 
Install 
feature itself but a misuse of the Smart Install protocol that by design does 
not require 
authentication. Customers who seek more than zero-touch deployment should 
consider deploying 
the Cisco Network Plug and Play solution instead.

Cisco has updated the Smart Install Configuration Guide to include security 
best practices 
regarding the deployment of the Cisco Smart Install feature within customer 
infrastructures:
http://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/concepts.html#23355

This response is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi

-----BEGIN PGP SIGNATURE-----

iQIVAwUBWKMqP689gD3EAJB5AQIhmg//bOM1Zdt3KCjzNpQ2dCyOVDA8l1yM6h4w
MJMUE8kqxUHKtKP9dCqDNKJt18XEWX1hOBNitiUqCIksaLDntRDjlkuA9dAayAHE
s7zvlrjV0OWJ9gNjUAc7Kb8fhwQVf3FIBiuRciy14y+8WBeTBGejYZgdK6vax0BQ
/uP16dlViu+dUSmS3+K79lZ+7oJUKJWEcniA1dmvT6Rn5V5asj7sy9W6CA+X9ehm
kahOFeZJibnynFX6cDH1V7gvnWbo62PtgZ+NPkRFscXIlJhAYUOxFLOdF227GBRo
sTvjfitx64uWVd2u3HFDPmFAw1V2dX86AlNm8P8Bp6S2+jvJ3SprZZ1j3+vt1AEn
j5L5sc7IJpjCjj/JLxFI3iQOBZBnXQXU4XHxvdorMt067CijcwQbPYSM52oAdG8d
Bemos1BvBt5q/yIUV/tkYchdFMNsUrPBEjma4xf3l4RQQsrYvDhbJRTVi/z4Tjhw
fT6I3NHax2rxIc936l3zMXsPSPCbpjKYMWPA0xraIfceCi6Ujkm/0aX5Lxx/rAa7
Utcg/pMDFNpl+LWyPhJ1egTvRjNm8XDnIsDmybmUdssxjp0RtJHAUDyKlu+OKK4g
X3/8i+Ke0XrYFj2aag809ykRhwydveIJ3BFoUp7HiiAA5lOslR0g7hs30WgTW5UK
rsLWNm4W6vw=
=4PAE
-----END PGP SIGNATURE-----

Prev by Date: [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information
Next by Date: [security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information
Previous by thread: [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information
Next by thread: [security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information
Index(es):
- Date
- Thread