Lucene search
CiscoCISCO-SA-20180328-SMI2HistoryMar 28, 2018 - 4:00 p.m.
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
2018-03-2816:00:00
tools.cisco.com
507
EPSS
0.851
Percentile
98.5%
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.
The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts:
Triggering a reload of the device
Allowing the attacker to execute arbitrary code on the device
Causing an indefinite loop on the affected device that triggers a watchdog crash
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Smart Install client functionality is enabled by default on switches that are running Cisco IOS Software releases that have not been updated to address Cisco bug ID CSCvd36820 [“https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820”].
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2”]
This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682”].
Affected configurations
Node
ciscoiosMatch12.2se
ORciscoiosMatch12.2ex
ORciscoiosMatch12.2ey
ORciscoiosMatch12.2ez
ORciscoiosMatch15.0ey
ORciscoiosMatch15.0se
ORciscoiosMatch15.1sg
ORciscoiosMatch15.0ex
ORciscoiosMatch15.0ea
ORciscoiosMatch15.2e
ORciscoiosMatch15.0ez
ORciscoiosMatch15.2ey
ORciscoiosMatch15.0ej
ORciscoiosMatch15.2ex
ORciscoiosMatch15.2jaz
ORciscoiosMatch15.2eb
ORciscoiosMatch15.2ea
ORciscoiosMatch15.2ec
ORciscoiosMatch15.3jpi
ORciscoiosMatch15.3jpj
ORciscoiosMatch15.3jpr
ORciscocisco_ios_xe_softwareMatch3.2se
ORciscocisco_ios_xe_softwareMatch3.3se
ORciscocisco_ios_xe_softwareMatch3.3xo
ORciscocisco_ios_xe_softwareMatch3.4sg
ORciscocisco_ios_xe_softwareMatch3.5e
ORciscocisco_ios_xe_softwareMatch3.6e
ORciscocisco_ios_xe_softwareMatch3.7e
ORciscocisco_ios_xe_softwareMatch16.1
ORciscocisco_ios_xe_softwareMatch16.2
ORciscocisco_ios_xe_softwareMatch3.8e
ORciscocisco_ios_xe_softwareMatch16.3
ORciscocisco_ios_xe_softwareMatch16.4
ORciscocisco_ios_xe_softwareMatch16.5
ORciscocisco_ios_xe_softwareMatch3.9e
ORciscocisco_ios_xe_softwareMatch16.6
ORciscocisco_ios_xe_softwareMatch3.10e
ORciscoiosMatch12.2\(55\)se
ORciscoiosMatch12.2\(55\)se3
ORciscoiosMatch12.2\(55\)se2
ORciscoiosMatch12.2\(58\)se
ORciscoiosMatch12.2\(55\)se1
ORciscoiosMatch12.2\(58\)se1
ORciscoiosMatch12.2\(55\)se4
ORciscoiosMatch12.2\(58\)se2
ORciscoiosMatch12.2\(55\)se5
ORciscoiosMatch12.2\(55\)se6
ORciscoiosMatch12.2\(55\)se7
ORciscoiosMatch12.2\(55\)se8
ORciscoiosMatch12.2\(55\)se9
ORciscoiosMatch12.2\(55\)se10
ORciscoiosMatch12.2\(55\)se11
ORciscoiosMatch12.2\(55\)se12
ORciscoiosMatch12.2\(55\)ex
ORciscoiosMatch12.2\(55\)ex1
ORciscoiosMatch12.2\(55\)ex2
ORciscoiosMatch12.2\(55\)ex3
ORciscoiosMatch12.2\(55\)ey
ORciscoiosMatch12.2\(55\)ez
ORciscoiosMatch15.0\(1\)ey
ORciscoiosMatch15.0\(1\)ey2
ORciscoiosMatch15.0\(1\)se
ORciscoiosMatch15.0\(2\)se
ORciscoiosMatch15.0\(1\)se1
ORciscoiosMatch15.0\(1\)se2
ORciscoiosMatch15.0\(1\)se3
ORciscoiosMatch15.0\(2\)se1
ORciscoiosMatch15.0\(2\)se2
ORciscoiosMatch15.0\(2\)se3
ORciscoiosMatch15.0\(2\)se4
ORciscoiosMatch15.0\(2\)se5
ORciscoiosMatch15.0\(2\)se6
ORciscoiosMatch15.0\(2\)se7
ORciscoiosMatch15.0\(2\)se8
ORciscoiosMatch15.0\(2\)se9
ORciscoiosMatch15.0\(2a\)se9
ORciscoiosMatch15.0\(2\)se10
ORciscoiosMatch15.0\(2\)se11
ORciscoiosMatch15.0\(2\)se10a
ORciscoiosMatch15.1\(2\)sg
ORciscoiosMatch15.1\(2\)sg1
ORciscoiosMatch15.1\(2\)sg2
ORciscoiosMatch15.1\(2\)sg3
ORciscoiosMatch15.1\(2\)sg4
ORciscoiosMatch15.1\(2\)sg5
ORciscoiosMatch15.1\(2\)sg6
ORciscoiosMatch15.1\(2\)sg7
ORciscoiosMatch15.1\(2\)sg8
ORciscoiosMatch15.0\(2\)ex
ORciscoiosMatch15.0\(2\)ex1
ORciscoiosMatch15.0\(2\)ex2
ORciscoiosMatch15.0\(2\)ex3
ORciscoiosMatch15.0\(2\)ex4
ORciscoiosMatch15.0\(2\)ex5
ORciscoiosMatch15.0\(2\)ex6
ORciscoiosMatch15.0\(2\)ex7
ORciscoiosMatch15.0\(2\)ex8
ORciscoiosMatch15.0\(2a\)ex5
ORciscoiosMatch15.0\(2\)ex10
ORciscoiosMatch15.0\(2\)ex11
ORciscoiosMatch15.0\(2\)ex13
ORciscoiosMatch15.0\(2\)ex12
ORciscoiosMatch15.0\(2\)ea1
ORciscoiosMatch15.2\(1\)e
ORciscoiosMatch15.2\(2\)e
ORciscoiosMatch15.2\(1\)e1
ORciscoiosMatch15.2\(3\)e
ORciscoiosMatch15.2\(1\)e2
ORciscoiosMatch15.2\(1\)e3
ORciscoiosMatch15.2\(2\)e1
ORciscoiosMatch15.2\(2b\)e
ORciscoiosMatch15.2\(4\)e
ORciscoiosMatch15.2\(3\)e1
ORciscoiosMatch15.2\(2\)e2
ORciscoiosMatch15.2\(2a\)e1
ORciscoiosMatch15.2\(2\)e3
ORciscoiosMatch15.2\(2a\)e2
ORciscoiosMatch15.2\(3\)e2
ORciscoiosMatch15.2\(3a\)e
ORciscoiosMatch15.2\(3\)e3
ORciscoiosMatch15.2\(3m\)e2
ORciscoiosMatch15.2\(4\)e1
ORciscoiosMatch15.2\(2\)e4
ORciscoiosMatch15.2\(2\)e5
ORciscoiosMatch15.2\(4\)e2
ORciscoiosMatch15.2\(4m\)e1
ORciscoiosMatch15.2\(3\)e4
ORciscoiosMatch15.2\(5\)e
ORciscoiosMatch15.2\(3m\)e7
ORciscoiosMatch15.2\(4\)e3
ORciscoiosMatch15.2\(2\)e6
ORciscoiosMatch15.2\(5a\)e
ORciscoiosMatch15.2\(5\)e1
ORciscoiosMatch15.2\(5b\)e
ORciscoiosMatch15.2\(4m\)e3
ORciscoiosMatch15.2\(3m\)e8
ORciscoiosMatch15.2\(2\)e5a
ORciscoiosMatch15.2\(5c\)e
ORciscoiosMatch15.2\(3\)e5
ORciscoiosMatch15.2\(2\)e5b
ORciscoiosMatch15.2\(4n\)e2
ORciscoiosMatch15.2\(4o\)e2
ORciscoiosMatch15.2\(5a\)e1
ORciscoiosMatch15.2\(4\)e4
ORciscoiosMatch15.2\(2\)e7
ORciscoiosMatch15.2\(5\)e2
ORciscoiosMatch15.2\(4p\)e1
ORciscoiosMatch15.2\(6\)e
ORciscoiosMatch15.2\(5\)e2b
ORciscoiosMatch15.2\(4\)e5
ORciscoiosMatch15.2\(5\)e2c
ORciscoiosMatch15.2\(4m\)e2
ORciscoiosMatch15.2\(4o\)e3
ORciscoiosMatch15.2\(4q\)e1
ORciscoiosMatch15.2\(6\)e0a
ORciscoiosMatch15.2\(2\)e7b
ORciscoiosMatch15.2\(4\)e5a
ORciscoiosMatch15.2\(6\)e0c
ORciscoiosMatch15.2\(4s\)e1
ORciscoiosMatch15.2\(4s\)e2
ORciscoiosMatch15.0\(2\)ez
ORciscoiosMatch15.2\(1\)ey
ORciscoiosMatch15.0\(2\)ej
ORciscoiosMatch15.0\(2\)ej1
ORciscoiosMatch15.2\(5\)ex
ORciscoiosMatch15.2\(4\)jaz1
ORciscoiosMatch15.2\(2\)eb
ORciscoiosMatch15.2\(2\)eb1
ORciscoiosMatch15.2\(2\)eb2
ORciscoiosMatch15.2\(2\)ea
ORciscoiosMatch15.2\(2\)ea1
ORciscoiosMatch15.2\(2\)ea2
ORciscoiosMatch15.2\(3\)ea
ORciscoiosMatch15.2\(4\)ea
ORciscoiosMatch15.2\(4\)ea1
ORciscoiosMatch15.2\(2\)ea3
ORciscoiosMatch15.2\(4\)ea3
ORciscoiosMatch15.2\(5\)ea
ORciscoiosMatch15.2\(4\)ea4
ORciscoiosMatch15.2\(4\)ea2
ORciscoiosMatch15.2\(4\)ea5
ORciscoiosMatch15.2\(4\)ea6
ORciscoiosMatch15.2\(4\)ec1
ORciscoiosMatch15.2\(4\)ec2
ORciscoiosMatch15.3\(3\)jpi
ORciscoiosMatch15.3\(3\)jpj
ORciscoiosMatch15.3\(3\)jpr1
ORciscocisco_ios_xe_softwareMatch3.2.0se
ORciscocisco_ios_xe_softwareMatch3.2.1se
ORciscocisco_ios_xe_softwareMatch3.2.2se
ORciscocisco_ios_xe_softwareMatch3.2.3se
ORciscocisco_ios_xe_softwareMatch3.3.0se
ORciscocisco_ios_xe_softwareMatch3.3.1se
ORciscocisco_ios_xe_softwareMatch3.3.2se
ORciscocisco_ios_xe_softwareMatch3.3.3se
ORciscocisco_ios_xe_softwareMatch3.3.4se
ORciscocisco_ios_xe_softwareMatch3.3.5se
ORciscocisco_ios_xe_softwareMatch3.3.0xo
ORciscocisco_ios_xe_softwareMatch3.3.1xo
ORciscocisco_ios_xe_softwareMatch3.3.2xo
ORciscocisco_ios_xe_softwareMatch3.4.0sg
ORciscocisco_ios_xe_softwareMatch3.4.2sg
ORciscocisco_ios_xe_softwareMatch3.4.1sg
ORciscocisco_ios_xe_softwareMatch3.4.3sg
ORciscocisco_ios_xe_softwareMatch3.4.4sg
ORciscocisco_ios_xe_softwareMatch3.4.5sg
ORciscocisco_ios_xe_softwareMatch3.4.6sg
ORciscocisco_ios_xe_softwareMatch3.4.7sg
ORciscocisco_ios_xe_softwareMatch3.4.8sg
ORciscocisco_ios_xe_softwareMatch3.5.0e
ORciscocisco_ios_xe_softwareMatch3.5.1e
ORciscocisco_ios_xe_softwareMatch3.5.2e
ORciscocisco_ios_xe_softwareMatch3.5.3e
ORciscocisco_ios_xe_softwareMatch3.6.0e
ORciscocisco_ios_xe_softwareMatch3.6.1e
ORciscocisco_ios_xe_softwareMatch3.6.0ae
ORciscocisco_ios_xe_softwareMatch3.6.0be
ORciscocisco_ios_xe_softwareMatch3.6.2ae
ORciscocisco_ios_xe_softwareMatch3.6.3e
ORciscocisco_ios_xe_softwareMatch3.6.4e
ORciscocisco_ios_xe_softwareMatch3.6.5e
ORciscocisco_ios_xe_softwareMatch3.6.6e
ORciscocisco_ios_xe_softwareMatch3.6.5ae
ORciscocisco_ios_xe_softwareMatch3.6.5be
ORciscocisco_ios_xe_softwareMatch3.6.7e
ORciscocisco_ios_xe_softwareMatch3.6.7ae
ORciscocisco_ios_xe_softwareMatch3.6.7be
ORciscocisco_ios_xe_softwareMatch3.7.0e
ORciscocisco_ios_xe_softwareMatch3.7.1e
ORciscocisco_ios_xe_softwareMatch3.7.2e
ORciscocisco_ios_xe_softwareMatch3.7.3e
ORciscocisco_ios_xe_softwareMatch3.7.4e
ORciscocisco_ios_xe_softwareMatch3.7.5e
ORciscocisco_ios_xe_softwareMatch16.1.1
ORciscocisco_ios_xe_softwareMatch16.1.2
ORciscocisco_ios_xe_softwareMatch16.1.3
ORciscocisco_ios_xe_softwareMatch16.2.1
ORciscocisco_ios_xe_softwareMatch16.2.2
ORciscocisco_ios_xe_softwareMatch3.8.0e
ORciscocisco_ios_xe_softwareMatch3.8.1e
ORciscocisco_ios_xe_softwareMatch3.8.2e
ORciscocisco_ios_xe_softwareMatch3.8.3e
ORciscocisco_ios_xe_softwareMatch3.8.4e
ORciscocisco_ios_xe_softwareMatch3.8.5e
ORciscocisco_ios_xe_softwareMatch3.8.5ae
ORciscocisco_ios_xe_softwareMatch16.3.1
ORciscocisco_ios_xe_softwareMatch16.3.2
ORciscocisco_ios_xe_softwareMatch16.3.3
ORciscocisco_ios_xe_softwareMatch16.3.1a
ORciscocisco_ios_xe_softwareMatch16.3.4
ORciscocisco_ios_xe_softwareMatch16.3.5
ORciscocisco_ios_xe_softwareMatch16.3.5b
ORciscocisco_ios_xe_softwareMatch16.4.1
ORciscocisco_ios_xe_softwareMatch16.5.1
ORciscocisco_ios_xe_softwareMatch16.5.1a
ORciscocisco_ios_xe_softwareMatch3.9.0e
ORciscocisco_ios_xe_softwareMatch3.9.1e
ORciscocisco_ios_xe_softwareMatch3.9.2e
ORciscocisco_ios_xe_softwareMatch3.9.2be
ORciscocisco_ios_xe_softwareMatch16.6.1
ORciscocisco_ios_xe_softwareMatch3.10.0e
ORciscocisco_ios_xe_softwareMatch3.10.0ce
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | ios | 12.2se | cpe:2.3:o:cisco:ios:12.2se:*:*:*:*:*:*:* |
| cisco | ios | 12.2ex | cpe:2.3:o:cisco:ios:12.2ex:*:*:*:*:*:*:* |
| cisco | ios | 12.2ey | cpe:2.3:o:cisco:ios:12.2ey:*:*:*:*:*:*:* |
| cisco | ios | 12.2ez | cpe:2.3:o:cisco:ios:12.2ez:*:*:*:*:*:*:* |
| cisco | ios | 15.0ey | cpe:2.3:o:cisco:ios:15.0ey:*:*:*:*:*:*:* |
| cisco | ios | 15.0se | cpe:2.3:o:cisco:ios:15.0se:*:*:*:*:*:*:* |
| cisco | ios | 15.1sg | cpe:2.3:o:cisco:ios:15.1sg:*:*:*:*:*:*:* |
| cisco | ios | 15.0ex | cpe:2.3:o:cisco:ios:15.0ex:*:*:*:*:*:*:* |
| cisco | ios | 15.0ea | cpe:2.3:o:cisco:ios:15.0ea:*:*:*:*:*:*:* |
| cisco | ios | 15.2e | cpe:2.3:o:cisco:ios:15.2e:*:*:*:*:*:*:* |
Related
attackerkb
attackerkb
CVE-2018-0171
2018-03-28 00:00:00
nessus
nessus
nvd
nvd
CVE-2018-0171
2018-03-28 22:29:01
seebug
seebug
Cisco Smart Install Remote Code Execution(CVE-2018-0171)
2018-03-29 00:00:00
prion
prion
Buffer overflow
2018-03-28 22:29:00
cve
cve
CVE-2018-0171
2018-03-28 22:29:01
thn
thn
Here's how hackers are targeting Cisco Network Switches in Russia and Iran
2018-04-09 09:48:00
checkpoint_advisories
checkpoint_advisories
Cisco Smart Install Remote Code Execution (CVE-2018-0171)
2018-04-02 00:00:00
cvelist
cvelist
CVE-2018-0171
2018-03-28 22:00:00
exploitdb
exploitdb
Cisco Smart Install - Crash (PoC)
2018-03-29 00:00:00
cisa_kev
cisa_kev
threatpost
threatpost
Cisco Patches Two Critical RCE Bugs in IOS XE Software
2018-03-28 17:35:07
myhack58
myhack58
avleonov
avleonov
Is Vulnerability Management more about Vulnerabilities or Management?
2020-02-11 13:46:54
ics
ics
Rockwell Automation Stratix Industrial Managed Ethernet Switch
2018-04-25 12:00:00
Rockwell Automation Stratix and ArmorStratix Switches
2018-04-25 12:00:00