Note

The following content was created prior to the creation of the Canadian Centre for Cyber Security by one of the entities that became part of the Cyber Centre. This content remains relevant to current discussions about cyber security.

 

AlertsAction Required to Secure the Cisco IOS and IOS XE Smart Install Feature

Number: IN18-001
Date: 14 April 2018

Purpose

The purpose of this Information Note is to bring attention to an Advisory released by Cisco regarding the Cisco IOS and IOS XE Smart Install feature.

Assessment

Cisco has released an Advisory that provides consolidated information on the Cisco Smart Install feature, how to properly secure devices that may be exposed as well as mitigates the disclosed vulnerabilities.

The following table lists published Cisco Advisories that identify the Smart Install feature as being vulnerable and whether each vulnerability is being actively exploited:

Table
Advisory Name CVE ID Description Client/Director Publication Date Actively Exploited?
Cisco Smart Install Protocol Misuse N/A Widespread scanning for devices with the Smart Install feature enabled and without proper security controls N/A 14-Feb-17 Yes
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability CVE-2018-0171 Reload, denial of service, remote code execution Client Only 28-Mar-18 No
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability CVE-2018-0156 Reload, denial of service Client Only 28-Mar-18 No
Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability CVE-2016-6385 Memory leak, eventual denial of service Client Only 28-Sep-16 No
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability CVE-2016-1349 Denial of service Client Only 23-Mar-16 No
Cisco IOS Software Smart Install Denial of Service Vulnerability CVE-2013-1146 Denial of service Client Only 11-Apr-13 No
Cisco IOS Software Smart Install Denial of Service Vulnerability CVE-2012-0385 Malformed SMI packet causes reload Client & Director 28-Mar-12 No
Cisco IOS Software Smart Install Remote Code Execution Vulnerability CVE-2011-3271 Remote code execution Client & Director 28-Sep-11 No

Suggested Action

CCIRC encourages organizations to review the CISCO Advisory and system administrators test and deploy the vendor-released updates to affected applications accordingly. Cisco recommends that customers who are not actively using Smart Install disable the feature. For those who do use the feature – and need to leave it enabled – use ACLs to block incoming traffic on TCP port 4786 (the proper security control). Additionally, patches for known security vulnerabilities should be applied as part of standard network security management.

References:

Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi

Cisco Security Updates

https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2018/av18-052-en.aspx

Date modified: