Multiple Critical Vulnerabilities Identified in Cisco Smart Install

Abstract: Cisco recently released multiple critical vulnerabilities associated with the Smart Install Protocol (CVE-2018-0171 and CVE-2018-0156).  The two CVEs cover remote code execution and Denial of Service vulnerabilities due to malformed Smart Install packets.  This is a followup to a previously released IAA advising users to not use the insecure Smart Install protocol (IAA U/OO/801020-17).

Date Published:

Last Reviewed: 30 March 2018

Identifier: ORN U/OO/135653-18

Dissemination Control: N/A

Length: 2 page(s)

Format: pdf

Type: Advisory/Alert

Tags: Advisory; National Security Systems - NSS; Vulnerability; Mitigations; Distributed Denial of Service Attacks - DDoS