Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature

Number: IN18-001
Date: 14 April 2018

Purpose

The purpose of this Information Note is to bring attention to an Advisory released by Cisco regarding the Cisco IOS and IOS XE Smart Install feature.

Assessment

Cisco has released an Advisory that provides consolidated information on the Cisco Smart Install feature, how to properly secure devices that may be exposed as well as mitigates the disclosed vulnerabilities.

The following table lists published Cisco Advisories that identify the Smart Install feature as being vulnerable and whether each vulnerability is being actively exploited:

Table
Advisory Name CVE ID Description Client/Director Publication Date Actively Exploited?
Cisco Smart Install Protocol Misuse N/A Widespread scanning for devices with the Smart Install feature enabled and without proper security controls N/A 14-Feb-17 Yes
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability CVE-2018-0171 Reload, denial of service, remote code execution Client Only 28-Mar-18 No
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability CVE-2018-0156 Reload, denial of service Client Only 28-Mar-18 No
Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability CVE-2016-6385 Memory leak, eventual denial of service Client Only 28-Sep-16 No
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability CVE-2016-1349 Denial of service Client Only 23-Mar-16 No
Cisco IOS Software Smart Install Denial of Service Vulnerability CVE-2013-1146 Denial of service Client Only 11-Apr-13 No
Cisco IOS Software Smart Install Denial of Service Vulnerability CVE-2012-0385 Malformed SMI packet causes reload Client & Director 28-Mar-12 No
Cisco IOS Software Smart Install Remote Code Execution Vulnerability CVE-2011-3271 Remote code execution Client & Director 28-Sep-11 No

Suggested Action

CCIRC encourages organizations to review the CISCO Advisory and system administrators test and deploy the vendor-released updates to affected applications accordingly. Cisco recommends that customers who are not actively using Smart Install disable the feature. For those who do use the feature – and need to leave it enabled – use ACLs to block incoming traffic on TCP port 4786 (the proper security control). Additionally, patches for known security vulnerabilities should be applied as part of standard network security management.

References:

Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi

Cisco Security Updates

https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2018/av18-052-en.aspx

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: