![]() ![]() The Smart Install Feature is enabled by default on client switches. There are no workarounds that address this vulnerability other than disabling the Smart Install feature. The following example shows the output of the show version command on a device that is running Cisco IOS XE Software Release 3.16.1aS: Router> show versionĬisco IOS XE Software, Version 03.16.01a.S - Extended Support ReleaseĬisco IOS Software, ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.5(3)S1a, RELEASE SOFTWARE (fc1)įor information about the naming and numbering conventions for Cisco IOS XE Software releases, see White Paper: Cisco IOS and NX-OS Software Reference Guide. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS XE Software or similar text. To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. Determining the Cisco IOS XE Software Release The following example identifies a Cisco product that is running Cisco IOS Software Release 15.5(2)T1 with an installed image name of C2951-UNIVERSALK9-M: Router> show versionĬisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1)Ĭopyright (c) 1986-2015 by Cisco Systems, Inc.Ĭompiled Mon 22-Jun-15 09:32 by prod_rel_teamįor information about the naming and numbering conventions for Cisco IOS Software releases, see White Paper: Cisco IOS and NX-OS Software Reference Guide. Some Cisco devices do not support the show version command or may provide different output. ![]() The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. ![]() To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the command-line interface (CLI), and then refer to the system banner that appears. Switch# show vstack config Role: Client Vstack Director IP address: 10.1.1.100ĭetermining the Cisco IOS Software Release The output for Role: Client from the show vstack config command confirms that the feature is enabled on the device. The following is the output of the show vstack config command in a Cisco Catalyst Switch configured as a Smart Install client. To determine whether a device is configured with the Smart Install client feature enabled, use the show vstack config privileged EXEC command on the Smart Install client. Install clients if they support the archive download-sw privileged EXEC command. Release 12.2(52)SE are not Smart Install capable, but they can be Smart Switches running releases earlier than Cisco IOS Software Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Smart Install client functionality is enabled by default on Cisco IOS switches. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software with the Smart Install client feature enabled.įor information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory. ![]() All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. This advisory is available at the following link: There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition.Ĭisco has released software updates that address this vulnerability. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. The vulnerability is due to incorrect handling of image list parameters. The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |