Boletines de Vulnerabilidades

Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability


Información sobre el sistema

   
Software afectado Cisco

Descripción

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Smart%20Install%20Remote%20Code%20Execution%20Vulnerability&vs_k=1

Identificadores estándar

Propiedad Valor
CVE CVE-2018-0171.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2023-01-18
Ministerio de Defensa
CNI
CCN
CCN-CERT