[c-nsp] Recent 3750X oddity
Jim Glassford
jmglass at iup.edu
Wed Sep 27 13:52:12 EDT 2017
On 9/27/2017 1:47 PM, Chris Russell wrote:
> On 27/09/2017 16:44, Bryan Holloway wrote:
>> In case anyone's interested, this problem mysteriously stopped
>> occurring about two days after I first reported it to the list.
>>
>> Curiously enough, it started happening again on Monday, September
>> 25th, and again it has gone silent.
>
> This is a bug - can't remember the bug id, but its a vstack DoS, the
> original bug ID shows as fixed however we've had acknowledgement from
> Cisco this isn't the case and it won't be fixed till E7.
>
> Workaround: If you don't use vstack, type "no vstack"
>
> Cheers
>
> Chris
>
FYI on the vstack
Cisco Security Response: Cisco Smart Install Protocol Misuse
Response ID: cisco-sr-20170214-smi
Revision 1.0
For Public Release 2017 February 14 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Several researchers have reported on the use of Smart Install (SMI) protocol messages
toward Smart Install clients, also known as integrated branch clients (IBC), allowing an
unauthenticated, remote attacker to change the startup-config file and force a reload of the
device, upgrade the IOS image on the device, and execute high-privilege CLI commands on
switches running Cisco IOS and IOS XE Software.
Cisco does not consider this a vulnerability in Cisco IOS, IOS XE, or the Smart Install
feature itself but a misuse of the Smart Install protocol that by design does not require
authentication. Customers who seek more than zero-touch deployment should consider deploying
the Cisco Network Plug and Play solution instead.
Cisco has updated the Smart Install Configuration Guide to include security best practices
regarding the deployment of the Cisco Smart Install feature within customer infrastructures:
http://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/concepts.html#23355
This response is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
More information about the cisco-nsp
mailing list