![]() ![]() Jon’s blog post has a wealth of information on Cisco SMI exposure over the years and we’ll refrain from duplicating the historical content here. Rapid7’s own Jon Hart reported on Cisco Smart Install Exposure back in September of 2017. The Smart Install feature incorporates no authentication by design. The feature allows a customer to ship a Cisco switch to any location, install it in the network, and power it on without additional configuration requirements. Researchers from Embedi discovered (and responsibly disclosed) a stack-based buffer overflow weakness in Cisco Smart Install Client code which causes the devices to be susceptible to arbitrary remote code execution without authentication.Ĭisco Smart Install (SMI) is a “plug-and-play” configuration and image-management feature that provides zero-touch deployment for new (typically access layer) switches.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |