Administrators may also address this vulnerability by logging in to the device and changing the password for this account. To address this vulnerability, administrators may remove the default account by using the no username cisco command in the device configuration. These upgrades require maintenance windows and these tasks tend to have the best results when suitably qualified subject matter experts are involved in the planning and deployment phases. The long-term solution to this problem is to upgrade to a newer version of the IOS XE software. The “ show version” command can be used on the affected platforms to confirm whether the version installed is vulnerable to possible exploits. deletion of configuration and compromising access control lists). A successful exploit could allow the attacker to log in to the device with the highest level of privilege on the device (e.g. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. The vulnerability is due to an undocumented user account with administrator like privileges that has a default username and password. IOS XE run on a wide range of Cisco network devices. Cisco IOS XE Software Static Credential VulnerabilityĪ vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software (Earlier than IOS XE 16.X). Cisco has had a difficult quarter in terms of vulnerabilities as this follows the January release of the far-reaching Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability. : Smart Install Client feature active on 192.168.10.In keeping with Unified Technologies’ commitment to inform our customers and general public of important threats to secure computing, access and connectivity, the content below was prepared to provide some insight into some critical flaws in widely deployed Cisco equipment. thread-count number of threads to be spawnedĪs always, do not run this on a switch you don't own or have explicit written permission to. e execute commands in the device's console. There is a working exploit available from this github repository - SIET.Īs you can see in the exploit description, there are several things you can do: Also, as a Cisco best practice, the switch's management plane should be on a vlan that is only accessible to trusted users. My advice is to add "no vstack" to your deployment template unless you are actually using Smart Install. That's unfortunate given that those switches are likely to be in industrial plants and other locations where an attacker can do real physical damage. Notice it includes the Industrial Ethernet series. They list the following models as vulnerable: As always, a crash is the first step in developing a usable exploit. Here is an article from the guys that found the exploit. Cisco released updates in late 2018 to resolve the issue but there are probably millions of switches out there that haven't been upgraded yet. It suffers from a serious security vulnerability that allows an unauthenticated user to download the configuration or execute commands on the switch. The Cisco Smart Install service has been around for a long time, at least back to IOS 12.2.55.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |