Executive Summary

Title Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature
Name cisco-sa-20180409-smi First vendor Publication 2018-04-09
Vendor Cisco Last vendor Modification 2018-04-09
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores


In recent weeks, Cisco has published several documents related to the Smart Install feature: one Talos blog about potential misuse of the feature if left enabled, and two Cisco Security Advisories that were included in the March 2018 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Given the heightened awareness, we want to minimize any potential confusion about exploitation attempts and clarify the verification of the feature on customer devices. As such, Cisco has attempted to consolidate all information related to the mitigation of potential Smart Install misuse or exploit of related vulnerabilities into this single document, which also notes how to properly secure devices that may be exposed and remediate the disclosed vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi"]


iQJ5BAEBAgBjBQJazAunXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczIrMQAJFGNmwl1gkuSaoF/ZUdSg1TlgR9 2g4LEcyD0gtO4dvPzizSyBtt8VTbO5fX6rulpt7yZ+dRmfS9jOtQIy8V7w/gNj3u wVYuDaNBDjGBnnRDzGhRH3vOfjCnTQKnCscauCIXgSSgJcrVlSo+G0vKnQfiLL4U Cd3B6rse2PE0eztTJIVbQg5Lgc+dbqIfeyh6GjT7K15iXqTMeKw3tAw8rUB6pigK oimLe/I1nNKixl2ckjY7HFcUZNQ24me1w5DFAYiCJsQdqLVlW+hZY9TRQMCZhKAM /Z06WHiZ83QZ1pclCqBNzR+p+7X8FLF7MyUeZJQwn599g7KWepqrqWz5C9FxYUFk UFkczejMvIEOkS1RdlKFVnakKnpK99Pkia9YcOt8J0pR5W9R/jBnaQsSO3zjiDv6 PZZ4ZTgCT0YZej15VPXqNVeArfdQwCRR8iu79jdpgRo4GKRJd8VXmIICxiejFKsi PuFZhMyjA0/GpjRHJjiSvuBM8XvtMAh3q4/uzOoY0kipHYJoU0iyaxIEzYJ+QUCE v2xrvI0Y85g8i4fOKLQiL3DkHsrklgDKYfJb/ijN4NnaLtbgInTGmw3N9E7ai4u2 1i/sm/f+IW6Y+dAQmrteg2czhxfqxgF712vx/eiC65hawnUjGfR49N2VctSCl2e7 Ds79OtgR8Cxd5/4X =VqDf END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

Alert History

If you want to see full details history, please login or register.
Date Informations
2018-04-10 05:17:31
  • First insertion