Mitigation and ResponseĬisco has released new Cisco IOS and Cisco IOS XE software images which resolve the issues identified in this Cyber Fusion Center advisory. If “Role: Client (SmartInstall enabled)” or “Oper Mode: Enable” and “Role: Client” is present in the devices running configuration the Cisco device is vulnerable. Role: Client (SmartInstall enabled) switch2# show vstack config If eitherof the two following outputs is shown, and the Cisco device has not been updated to the latest available software, your device is vulnerable: switch# show vstack config To determine if your Cisco IOS or Cisco IOS XE network switch is vulnerable, use the “show vstack config” command as follows: “show vstack config ” To identify which version of the Cisco IOS or Cisco IOS XE software your device(s) is currently running, use the following command: “show version” The affected sub-system, the Cisco Smart Install (SMI) client is installed and enabled by default. Affected VersionsĬisco IOS and Cisco IOS XE network switches which have not installed the latest available software updates as of March 28 th, 2018 are vulnerable to these attacks. The Cyber Fusion Center strongly cautions that messages such as these should not be used for attribution.Īdditionally, CVE-2018-0171 could allow remote attackers to completely compromise the device, allowing unauthorized access to an organizations network, exposing protected assets, and could allow attackers to program backdoors on affected systems for persistent access. Additionally, attacks in Russia, Iran, and other Middle Eastern countries have reset devices and shown taunting messages and an American flag. The Cyber Fusion Center has also seen active mass exploitation of these vulnerabilities, including the use of publicly available Proof of Concept (POC) code for CVE-2018-0171 to wipe devices configurations and reset them to factory default. CVE-2018-0171 has been assigned a CVSS score of 9.8 out of 10.0. The ability for unauthenticated remote attackers to execute arbitrary code on Cisco networks devices by exploiting a feature that is enable and remotely exposed by default makes the criticality of these vulnerabilities extremely high. Remote attackers can send specially crafted Smart Install message packets to an effected device and cause arbitrary remote code execution (RCE), wipe a devices configuration and force a reload of the of the affected system, obtain full control of the system, or to cause indefinite loops on affected devices which cause critical processes to crash.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |