The Smart Install feature is enabled by default on client switches.
If not properly disabled or secured following setup, Smart Install could allow for the exfiltration and modification of configuration files, among other things, even without the presence of a vulnerability.Ī Smart Install network consists of one Smart Install Director switch or router, also known as the Integrated Branch Director (IBD), and one or more Smart Install Client switches, also known as Integrated Branch Clients (IBCs). Newer technology, such as the Cisco Network Plug and Play feature, is highly recommended for more secure setup of new switches. Restrict Smart Install Access - Minimize the exposure of the feature by implementing ACLs and Control Plane Policing (CoPP).Ĭisco Smart Install is a legacy feature that provides zero-touch deployment for new switches, typically access layer switches, and incorporates no authentication by design.Disabling Feature - On devices found to be running the Smart Install Client feature, customers should disable the feature or, where not applicable,.
#32CC VSTACK SOFTWARE#
Feature Enabled? - For devices running affected software versions, these devices should be checked for the presence of the Smart Install Client feature.Software Affected?- Determine if the software version(s) in use are affected by the vulnerabilities described within the Smart Install Security Advisories.Identification & Mitigation StepsĬustomers concerned with potential exposure of their network devices to the Smart Install vulnerabilities should adhere to the following process: Additionally, patches for known security vulnerabilities should be applied as part of standard network security management. Customers who do use the feature - and need to leave it enabled - can use ACLs to block incoming traffic on TCP port 4786 (the proper security control). To ensure their network is protected against issues involving Smart Install, our recommendation for customers not actually using Smart Install is to disable the feature using the no vstack command once setup is complete. Reload, denial of service, remote code executionĬisco IOS and IOS XE Software Smart Install Denial of Service VulnerabilityĬisco IOS and IOS XE Software Smart Install Memory Leak VulnerabilityĬisco IOS Software Smart Install Denial of Service VulnerabilityĬisco IOS Software Smart Install Remote Code Execution Vulnerability Widespread scanning for devices with the Smart Install feature enabled and without proper security controlsĬisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability The following table lists the Advisories that identify the Smart Install feature (Client and/or Director) as being vulnerable and the extent that these respective vulnerabilities are being actively exploited:
0 kommentar(er)
