Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:CISCO:IOS-SMI-DOS |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Cisco IOS-XE Smart Install Denail Of Service |
Release Date |
2018/04/10 |
Update Number |
3054 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Cisco IOS-XE Smart Install Denail Of Service
This signature detects a vulnerability in Cisco Smart Install Client. Successful exploitation can allow denial of service.
Extended Description
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.
Affected Products
- Cisco ios 15.2(2a)ja
- Cisco ios 15.2(2)e4
- Cisco ios_xe 15.2(2a)ja
- Cisco ios_xe 15.2(2)e4
References
- BugTraq: 103569
- CVE: CVE-2018-0156