Shulou(Shulou.com)06/01 Report--

This article introduces the example analysis of Cisco Smart Install remote command execution vulnerability, the content is very detailed, interested friends can refer to, hope to be helpful to you.

0x01 vulnerability description

A buffer stack overflow vulnerability (CVE-2018-0171) is present in the Smart Install Client code of Cisco IOS and IOS-XE systems. An attacker can remotely send a malicious packet to port TCP 4786, which can be exploited to trigger a stack overflow vulnerability on the target device, causing a device denial of service (DoS) or causing remote command execution, and the attacker can remotely control the network device affected by the vulnerability.

It is reported that the TCP 4786 port of the Cisco switch is open by default. At present, the relevant PoC has been released (the integrity remains to be confirmed). 360-CERT recommends that relevant users carry out evaluation and upgrade as soon as possible.

0x02 vulnerability impact surface impact hazard level: severe

The impact of equipment is mainly related to:

Catalyst 4500 Supervisor Engines

Cisco Catalyst 3850 Series Switches

Cisco Catalyst 2960 Series Switches

Some devices that contain Smart Install Client may also be affected:

Catalyst 4500 Supervisor Engines

Catalyst 3850 Series

Catalyst 3750 Series

Catalyst 3650 Series

Catalyst 3560 Series

Catalyst 2960 Series

Catalyst 2975 Series

IE 2000

IE 3000

IE 3010

IE 4000

IE 4010

IE 5000

SM-ES2 SKUs

SM-ES3 SKUs

NME-16ES-1G-P

SM-X-ES3 SKUs

0x03 repair testing is recommended to check for vulnerabilities

Confirm whether the target device opens the 4786/TCP port, and if so, it may be affected, such as scanning the target device port with nmap:

In addition, you can confirm whether the Smart Install Client feature is enabled by the following command:

If you are not sure if your vulnerability is affected, you can use Cisco's Cisco IOS Software Checker to detect:

This is the end of the example analysis of Cisco Smart Install remote command execution vulnerabilities. I hope the above can be helpful to you and learn more. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.