In recent weeks, Cisco has published several documents related to the Smart Install feature: one Talos blog about potential misuse of the feature if left enabled, and two Cisco Security Advisories that were included in the March 2018 release of the Cisconbsp;IOS and IOSnbsp;XE Software Security Advisory Bundled Publication.

Given the heightened awareness, we want to minimize any potential confusion about exploitation attempts and clarify the verification of the feature on customer devices.

As such, Cisco has attempted to consolidate all information related to the mitigation of potential Smart Install misuse or exploit of related vulnerabilities into this single document, which also notes how to properly secure devices that may be exposed and remediate the disclosed vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi

Security Impact Rating: Informational

Leave a Reply