Cisco Smart Install Detection

info Nessus Plugin ID 105161
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The Cisco Smart Install feature is enabled on the remote host.

Description

The Cisco Smart Install (SMI) feature is enabled on the remote host.
If the SMI Client role enabled, it is subject to protocol misuse, which could allow an unauthenticated, remote attacker to:

- Substitute the switch's startup-config file with a file that the attacker prepared and force a reload of the switch after a defined time interval.

- Load the attacker-supplied IOS image onto the switch.

- Execute high-privilege configuration mode CLI commands on the switch, including do-exec CLI commands.

- Copy arbitrary files from the switch to the attacker-controlled TFTP server.

Solution

Disable the Smart Install feature if not needed.

See Also

http://www.nessus.org/u?bc0b0179

Plugin Details

Severity: Info

ID: 105161

File Name: cisco_smartinstall_detect.nbin

Version: 1.35

Type: remote

Published: 12/12/2017

Updated: 7/12/2021

Dependencies: find_service2.nasl

Asset Inventory: true

Hardware Inventory: true

OS Identification: true

Vulnerability Information

CPE: cpe:/o:cisco:ios

Reference Information