[c-nsp] Cisco PSIRT - Mitigating and Detecting Potential Abuse of Cisco Smart Install Feature
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Fri Mar 3 15:40:06 EST 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco PSIRT has become aware of attackers abusing the Smart Install (SMI) feature in Cisco IOS and Cisco IOS XE Software.
While this is not considered a vulnerability, PSIRT has published a Cisco Security Response on February, 14th to inform customers about possible abuse of the Smart Install feature if it remains enabled after device installation. The associated Security Response also provides guidance on actions customers can take to protect their networks against abuse of this setup feature.
Cisco recommends customers review the linked documents and assess their networks for potential exposure.
https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
https://blogs.cisco.com/security/cisco-psirt-mitigating-and-detecting-potential-abuse-of-cisco-smart-install-feature
-----BEGIN PGP SIGNATURE-----
iQIVAwUBWLnRAq89gD3EAJB5AQIg9g//WD6liFO/eMFkE+FgMiML3zCbahWjCU78
1z/mSO4kr6lI1mk3l2REbfcM3T2ErntXhA+rbUcGEKosckccEf+Msy+CIBOW0nKt
IQEjdwwS0xQXm7fyMRJACei8dxXxHgsS+zbqSvfximTmr/KmVwyhzEUPjxXibWE4
4d6Q+9cjFJuKyp9slrNaYymSo7t3VIt/9msXXBVslMNgoIbOi4xm/Mag6/MH8U7L
JZCu0ADXHgxLHWFmzuLVup0BsFjNDhN+w5fRD8Jxyg3HaNozdXnVhxn9LAL0QMZo
N/774c9sS/CiWIC9+0HY8fNwR7ga+uEZmraVK0YI9O8Ln7KpigfOj+2d669OwQQm
GqLLK62CsAY9M1CDAVcXT5UPfvC0lKJlNSsEAb6IGF9XVrZ+TnXsJB2Vw1GywV7i
VznvK12M+2vDbLOYxMz5D2gKLGdhmv0kFcAkbXRsUUjaB6O+XK9GGAkhrCahc6xL
5/4pt+870tknTlQbvo9OZJ5jywJmanVDelaI+2+FqZ1gWRZJ0jhtXnB/xCpUWU3W
OwvvPJMnp6jPEcvkdnxneR9dN1ewvmADe4ExEblJ4eRn/oi+Fzubhd21RWpRmHgU
RtkysYG1ixpoyQY13ufHaUQAtGyxE4qTyYhBSI0QeMPEQ9h4suNgSLLidMq/+odE
rHQh505HFKs=
=BUWq
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list