Cisco IOS Smart Install Protocol Misuse (cisco-sr-20170214-smi)

info Nessus Plugin ID 99233

Synopsis

The Smart Install feature is enabled on the remote Cisco IOS device.

Description

The remote Cisco IOS device has the Smart Install feature enabled. The Smart Install (SMI) protocol does not require authentication by design. The absence of an authorization or authentication mechanism in the SMI protocol between the integrated branch clients (IBC) and the director can allow a client to process crafted SMI protocol messages as if these messages were from the Smart Install director. An unauthenticated, remote attacker can exploit this to perform the following actions :

- Change the TFTP server address on the IBC.

- Copy arbitrary files from the IBC to an attacker-controlled TFTP server.

- Substitute the client's startup-config file with a file that the attacker prepared and force a reload of the IBC after a defined time interval.

- Load an attacker-supplied IOS image onto the IBC.
- Execute high-privilege configuration mode CLI commands on an IBC, including do-exec CLI commands.

Solution

Disable the Smart Install feature.

See Also

http://www.nessus.org/u?bc0b0179

Plugin Details

Severity: Info

ID: 99233

File Name: cisco-sr-20170214-smi-ios.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 4/6/2017

Updated: 12/1/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/local_checks_enabled, Host/Cisco/IOS/Version

Vulnerability Publication Date: 2/14/2017