04-09-2018 07:42 PM - edited 03-08-2019 02:35 PM
Could you please help take a look and confirm whether this needs to be done or not? Please Suggest me thanks
CVE-2018-0171 & CVE-2018-0156 c2960s-universalk9-tar.122-55.SE10 and
c3560-ipbase-mz.122-50.SE5
thanks
Solved! Go to Solution.
04-25-2018 01:21 PM
Go HERE to see a list of routers & switches that support Smart Install. If the routers & switches are in this list, issue the command "no vstack" or "no vstack config" and this should disable Smart Install.
Next, for switches not found in this list, you need to put an ACL to block TCP port 4786 and apply the ACL to all VLANs with an IP address.
NOTE: There is one or two switch model that do not support the "no vstack" or "no vstack config" command but they have an IBC role so the ACL is mandatory in this case.
04-09-2018 08:18 PM
just run "no vstack" on your switches this turns the smrt install client off. no poiunt upgrading IOS's if you are not using the feature. If it doesnt run, it cant be exploited.
04-25-2018 10:55 AM
04-25-2018 01:21 PM
Go HERE to see a list of routers & switches that support Smart Install. If the routers & switches are in this list, issue the command "no vstack" or "no vstack config" and this should disable Smart Install.
Next, for switches not found in this list, you need to put an ACL to block TCP port 4786 and apply the ACL to all VLANs with an IP address.
NOTE: There is one or two switch model that do not support the "no vstack" or "no vstack config" command but they have an IBC role so the ACL is mandatory in this case.
04-10-2018 12:14 AM
Dennis is correct.
Disable Smart Install by using the command "no vstack".
Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature
04-25-2018 10:52 AM
Hi, The cisco bug id CSCvg76186 associated with this CVE says the known affected release is 15.2(5)e. Does this mean other ios versions are not vulnerable even though smart install is enabled?
05-03-2018 06:54 PM
05-04-2018 01:19 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide