Cisco IOS Software Smart Install Denial of Service Vulnerability (cisco-sa-20120328-smartinstall)
High Nessus Plugin ID 58572
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionCisco IOS Software contains a vulnerability in the Smart Install feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if the Smart Install feature is enabled. The vulnerability is triggered when an affected device processes a malformed Smart Install message on TCP port 4786. Cisco has released free software updates that address this vulnerability. A workaround may be available in some versions of Cisco IOS Software if the Smart Install feature is not needed.
SolutionApply the relevant patch referenced in Cisco Security Advisory cisco-sa-20120328-smartinstall.