[nsp-sec] [TLP:Yellow] Possible IOS(-XR) SNMP security issue

[Dominik Bay]

Hi all,

since these intrusions we discovered are based on publicly know issues

- Cisco Smart Install Vulnerability
- SNMP RW access and bypassing SNMP ACLs via IP-Spoofing

I do not consider this TLP RED anymore, as mentioned in a mail before
somewhere in the thread.

Please share accordingly with your customers and partners to check for
this vulnerability and intrusion attempts.

Michael from PSIRT suggested these resources to learn more about the SMI
vulnerability:

----8<----
https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi

If you need a good way to scan a network for devices that have SMI
enabled, you can use the following tool:
https://github.com/Cisco-Talos/smi_check

That tool is also mentioned in this blog post by our Talos organization,
which in turn is referenced in the document Dario referred to:
http://blog.talosintelligence.com/2017/02/cisco-coverage-for-smart-install-client.html

---->8----

Cheers,
Dominik