Critical vulnerability opens Cisco switches to remote attack [source: helpnetsecurity]

04 Apr 2018

No Comments

1447

A critical vulnerability affecting many of Cisco’s networking devices could be exploited by unauthenticated, remote attackers to take over vulnerable devices or trigger a reload and crash.

The company says that the vulnerability is not actively exploited in the wild, but as information about it and Proof-of-Concept code has now been published network administrators would do well to install the released security updates as soon a possible.

About the vulnerability (CVE-2018-0171)

The flaw was discovered by Embedi researchers nearly a year ago. It is a stack-based buffer overflow vulnerability present in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software.

“Smart Install is a ‘plug-and-play’ configuration and image-management feature that provides zero-touch deployment for new (typically access layer) switches,” Cisco explains.

“The feature allows a customer to ship a Cisco switch to any location, install it in the network, and power it on without additional configuration requirements. The Smart Install feature incorporates no authentication by design.”

The vulnerability can be exploited by by sending a crafted Smart Install message to an affected device on TCP port 4786.

Vulnearable devices

Embedi researchers confirmed that the flaw is found in Catalyst 4500 Supervisor Engines, Cisco Catalyst 3850 Series Switches, and Cisco Catalyst 2960 Series Switches, but that a slew of other devices are potentially vulnerable.

Cisco says that it affects devices that are running a vulnerable release of Cisco IOS or IOS XE Software and have the Smart Install client feature enabled.

“A Smart Install network consists of exactly one Smart Install director switch or router, also known as an integrated branch director (IBD), and one or more Smart Install client switches, also known as integrated branch clients (IBCs). A client switch does not need to be directly connected to the director; the client switch can be up to seven hops away,” Cisco noted. “Only Smart Install client switches are affected by the vulnerability.”

For more, click here.