Cisco product experience serious vulnerability, resulting in a large number of devices is facing a remote risk of attack-vulnerability warning-the black bar safety net

! [](/Article/UploadPic/2018-4/201843183718524. png? www. myhack58. com)
Cisco in their IOS software that patches over 30 vulnerabilities, including a serious remote code execution vulnerability, the vulnerability can be hundreds of thousands of even millions of devices exposed on the network device initiates a remote attack.
A total of three vulnerabilities are rated critical. One of them is CVE-2018-0171, the Embedi researchers in the IOS and IOS XE software Smart Install function found in this vulnerability.
Without permission an attacker could be a particular Smart Install messages sent to TCP port 4786 of an affected device and cause it to enter the denial of service DoS condition or execute arbitrary code.
Cisco noted that by default, the Smart Install on the switch is enabled by default, if you receive a recent update it will not use this function to automatically disable the function.
Embedi released a detailed description CVE-2018-0171 blog article. Researchers initially believed that the vulnerability can only be with the network hackers take advantage of. However, the Internet scan found that there are about 250,000 to a vulnerable Cisco device to open a TCP port 4786 on.
In addition, Embedi have identified about 850 million units This port is used by the device, but the researchers can’t determine these on the system whether there is a Smart Install feature.
Cisco fixes another IOS vulnerabilities is CVE-2018-0150, allowing the attacker remote access to the device.
This vulnerability causes Is there a to use the default user name and password are not recorded in the accounts. This sets of user name password privileged level 15 device access, which is a Cisco network device to the highest level of access.
The last critical vulnerability is CVE-2018-0151, it affects IOS and IOS XE Software Quality of service（QoS）subsystem. The vulnerability could allow hackers through to the device to send malicious data packet and to cause a DoS condition or elevation of privileges.
More than ten middle-and low-risk vulnerabilities
Cisco has been in the IOS and IOS XE Software Patch 17 high-risk vulnerabilities, including DoS issues, but some of which could be used for remote code execution and elevation of Privilege.
Cisco also fixes more than a dozen rating for the“risk”of IOS vulnerabilities. Most vulnerabilities are from the company’s own discovery, and not discovery was the use of the case.