Executive Summary
| Summary | |
|---|---|
| Title | Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20180409-smi | First vendor Publication | 2018-04-09 |
| Vendor | Cisco | Last vendor Modification | 2018-04-09 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| In recent weeks, Cisco has published several documents related to the Smart Install feature: one Talos blog about potential misuse of the feature if left enabled, and two Cisco Security Advisories that were included in the March 2018 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. Given the heightened awareness, we want to minimize any potential confusion about exploitation attempts and clarify the verification of the feature on customer devices. As such, Cisco has attempted to consolidate all information related to the mitigation of potential Smart Install misuse or exploit of related vulnerabilities into this single document, which also notes how to properly secure devices that may be exposed and remediate the disclosed vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJazAunXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczIrMQAJFGNmwl1gkuSaoF/ZUdSg1TlgR9 2g4LEcyD0gtO4dvPzizSyBtt8VTbO5fX6rulpt7yZ+dRmfS9jOtQIy8V7w/gNj3u wVYuDaNBDjGBnnRDzGhRH3vOfjCnTQKnCscauCIXgSSgJcrVlSo+G0vKnQfiLL4U Cd3B6rse2PE0eztTJIVbQg5Lgc+dbqIfeyh6GjT7K15iXqTMeKw3tAw8rUB6pigK oimLe/I1nNKixl2ckjY7HFcUZNQ24me1w5DFAYiCJsQdqLVlW+hZY9TRQMCZhKAM /Z06WHiZ83QZ1pclCqBNzR+p+7X8FLF7MyUeZJQwn599g7KWepqrqWz5C9FxYUFk UFkczejMvIEOkS1RdlKFVnakKnpK99Pkia9YcOt8J0pR5W9R/jBnaQsSO3zjiDv6 PZZ4ZTgCT0YZej15VPXqNVeArfdQwCRR8iu79jdpgRo4GKRJd8VXmIICxiejFKsi PuFZhMyjA0/GpjRHJjiSvuBM8XvtMAh3q4/uzOoY0kipHYJoU0iyaxIEzYJ+QUCE v2xrvI0Y85g8i4fOKLQiL3DkHsrklgDKYfJb/ijN4NnaLtbgInTGmw3N9E7ai4u2 1i/sm/f+IW6Y+dAQmrteg2czhxfqxgF712vx/eiC65hawnUjGfR49N2VctSCl2e7 Ds79OtgR8Cxd5/4X =VqDf END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
Alert History
| Date | Informations |
|---|---|
| 2018-04-10 05:17:31 |
|
