Cisco Smart Install Remote Code Execution Vulnerability

There is a vulnerability in the Smart Install (SMI) feature of Cisco's IOS and IOS XE software packages.

Threat ID:: CC-2230
Category:: Exploit
Threat Severity:: Medium
Threat Vector:
Published:: 12 April 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

There is a vulnerability in the Smart Install (SMI) feature of Cisco's IOS and IOS XE software packages.

Threat details

This could allow a remote attacker to trigger a reload of an affected device, load a new IOS image on the device or execute high-privilege commands.

The issue lies in the lack of proper validation of packet data which makes it possible for attackers to send out a well-crafted sequence of packets/bytes to cause a buffer overflow which could result in:

a device reboot
arbitrary code execution
application-level denial-of-service attacks

This is a stack-based buffer overflow weakness in Cisco SMI Client code which causes the devices to be susceptible.

Threat updates

Date	Update
16 Apr 2018	Several tools have appeared on the GitHub code repository that could allow less knowledgeable attackers to exploit this vulnerability.

Remediation steps

Type	Step
	Cisco have released an update to the IOS and IOS XE software packages that rectifies this vulnerability. Administrators are encouraged to apply this update immediately. Once this update has completed Smart Install should be disabled Port 4786 should be closed at all times unless needed for an relevant deployment.

Last edited: 17 February 2020 12:40 pm