Cisco Smart Install Protocol Misuse

Abstract: Adversaries are likely exfiltrating copies of configuration files on internet accessible switches using the Cisco Smart Install functionality. This protocol exposes infrastructure devices to increased operational risk, which could compromise device integrity. Malicious Smart Install protocol messages can allow an unauthenticated, remote attacker to change the startup-config file, force a reload of the device, load a new IOS image on the device, and execute high-privilege CLI commands on switches running Cisco IOS and IOS XE Software.

Date Published:

Last Reviewed: 11 August 2017

Identifier: IAA U/OO/801020-17

Creator: Vulnerability Solutions

Dissemination Control: N/A

Length: 2 page(s)

Format: pdf

Type: Advisory/Alert; IA Technical Advisory

Tags: Advisory; exfiltrating; Configuration; internet; accessible; install; protocol; config; attacker; high-privilege; switch; Cisco; iOS