Recently a serious vulnerability (CVE-2018-0171) was disclosed in Cisco IOS and IOS XE software. An attacker could reload an affected device without authorization, resulting in a denial of service condition or remote code execution. This vulnerability originated from improper validation of packet data. An attack could exploit this vulnerability by sending elaborately-crafted Smart Install message to TCP port 4786 in affected devices, which may lead to remote code execution or other impacts through buffer overflow.
This vulnerability affected all devices running Cisco IOS or IOS XE with Smart Install feature enabled. See details in Cisco advisory:
So far the following software/devices have been affected by this vulnerability:
- Catalyst 4500 Supervisor Engines
- Cisco Catalyst 3850 Series Switches
- Cisco Catalyst 2960 Series Switches
Please refer to:
Cisco has released patches to fix this vulnerability. Users who are using the affected software/devices are advised to upgrade to the latest version.
- Check to see whether Smart Install feature is enabled or not
Input show vstack config using privileged EXEC command on the Smart Install client. An output of Role: Client (SmartInstall enabled) or Oper Mode: Enabled confirms that the feature is enabled on the device.
- Check software release
To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI to check the version and determine whether it is affected.
- Users can turn to Smart Install Configuration Guide at the following link to use this feature correctly.