103 matches found
EUVD-2012-0421
Malware in sbrugna...
EUVD-2013-1186
Malware in sbrugna...
EUVD-2016-2448
Malware in sbrugna...
Russian State Hackers Exploit 7-Year-Old Cisco Router Vulnerability
FBI and Cisco warn Russian hackers are exploiting a 7-year-old Cisco Smart Install vulnerability on outdated routers and…...
Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices
Static Tundra is a Russian state-sponsored cyber espionage group linked to the FSB's Center 16 unit that has been operating for over a decade, specializing in compromising network devices for long-term intelligence gathering operations. The group actively exploits a seven-year-old vulnerability...
CVE-2013-1146
The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service device reload via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790...
CVE-2011-3271
Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service device crash via crafted TCP packets to port 4786, aka Bug ID CSCto10165...
CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature
The U.S. Cybersecurity and Infrastructure Security Agency CISA has disclosed that threat actors are abusing the legacy Cisco Smart Install SMI feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available...
Best Practices for Cisco Device Configuration
In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protoco...
VulnCheck KEV: CVE-2018-0156
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service DoS condition...
Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service DoS condition...
Azbuka Vkusa: Мисконфигурация Cisco Smart Install
Closed...
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service DoS condition, or perform code execution on the affected device...
Cisco Smart Install (SMI) Protocol Detection (TCP)
TCP based detection of services supporting the Cisco Smart Install SMI protocol. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cisco IOS XE Software Smart Install DoS (cisco-sa-20180328-smi)
According to its self-reported version, Cisco IOS XE Software is affected by a denial of service DoS vulnerability in the Smart Install feature due to improper validation of packet data. An unauthenticated, remote attacker can exploit this by sending a crafted packet to an affected device on TCP...
Cisco IOS Software Smart Install DoS (cisco-sa-20180328-smi)
According to its self-reported version, Cisco IOS is affected by a denial of service DoS vulnerability in the Smart Install feature due to improper validation of packet data. An unauthenticated, remote attacker can exploit this by sending a crafted packet to an affected device on TCP port 4786 in...
Cisco IOS Smart Install Memory Leak (cisco-sa-20160928-smi)
According to its self-reported version, Cisco IOS is affected by a denial of service DoS vulnerability in the Smart Install client feature due to incorrect handling of image list parameters. An unauthenticated, remote attacker can exploit this, by sending crafted Smart Install packets to TCP port...
Cisco IOS XE Software Smart Install Memory Leak (cisco-sa-20160928-smi)
According to its self-reported version, Cisco IOS XE Software is affected by a denial of service DoS vulnerability in the Smart Install client feature due to incorrect handling of image list parameters. An unauthenticated, remote attacker can exploit this, by sending crafted Smart Install packets...
Informatica: Cisco RCE
The researcher was able to complete RCE attack and download sensitive files. We have mitigated it by hardening the machine and port. There are opened classical cisco smart install service, which was successfully exploited. Informatica is a fAsTeSt!!! bug fixer in my life. Closing vulnerability in...
Beers with Talos EP27: Smart Install, Vuln Process Realities, and Professional Wrestling
Beers with Talos BWT Podcast Episode 27 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP27 Show Notes: Recorded 4/13/18 - We just upgraded all our gear, so naturally we had a straight tech...