CVE-2018-0171
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.
Analysis
Cisco IOS and IOS XE Smart Install feature allows unauthenticated remote attackers to trigger device reload or execute arbitrary code through crafted packets, widely exploited to disrupt network infrastructure.
Technical Context
The CWE-20 input validation flaw in Cisco's Smart Install protocol handler (TCP port 4786) allows specially crafted packets to trigger a stack-based buffer overflow. The vulnerability can be exploited for denial of service (device crash/reload) or, with more sophisticated payloads, for remote code execution.
Affected Products
['Cisco IOS Software with Smart Install enabled', 'Cisco IOS XE Software with Smart Install enabled']
Remediation
Disable Smart Install if not required: 'no vstack'. Apply Cisco security advisory patches. Implement infrastructure ACLs to restrict access to port 4786. Monitor for Smart Install protocol scanning.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today