![]() ![]() To determine whether a Cisco IOS or IOS XE device is configured with the Smart Install client feature enabled, use the show vstack config privileged EXEC command on the Smart Install client. For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the "Fixed Software" section of this advisory. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software with the Smart Install client feature enabled. All the vulnerabilities have a Security Impact Rating of "High." For a complete list of advisories and links to them, see Cisco Event Response: Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. This advisory is part of the March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes six Cisco Security Advisories that describe six vulnerabilities. This advisory is available at the following link: There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the vulnerable device. A successful exploit could cause a Cisco Catalyst switch to reload, resulting in a DoS condition.Ĭisco has released software updates that address this vulnerability. ![]() ![]() An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. The vulnerability is due to incorrect handling of image list parameters. The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |