Cisco IOS Software Smart Install Denial of Service Vulnerability (cisco-sa-20130327-smartinstall)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

The Smart Install client feature in Cisco IOS Software contains a
vulnerability that could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition on an affected device.
Affected devices that are configured as Smart Install clients are
vulnerable. Cisco has released free software updates that address this
vulnerability. There are no workarounds for devices that have the
Smart Install client feature enabled.

See also :

http://www.nessus.org/u?72f23000

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20130327-smartinstall.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 65891 ()

Bugtraq ID: 58746

CVE ID: CVE-2013-1146