Cisco IOS Software Smart Install Remote Code Execution Vulnerability (cisco-sa-20110928-smart-install)

critical Nessus Plugin ID 56320

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20110928-smart-install.

See Also

http://www.nessus.org/u?f103c9d9

Plugin Details

Severity: Critical

ID: 56320

File Name: cisco-sa-20110928-smart-installhttp.nasl

Version: 1.19

Type: local

Family: CISCO

Published: 9/29/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/21/2012

Vulnerability Publication Date: 9/28/2011

Reference Information

CVE: CVE-2011-3271

BID: 49828