04-05-2018 07:51 AM - edited 03-08-2019 02:32 PM
Do I have to download any PAK files or do anything else to get my 2960S' upgraded to 15.2(2)E8 to fix the smart install DOS bug? My 2960s are running c2960s-universalk9-mz.
Can I expect some errors in the config due to certain setting in the cli being depreciated. These 2960s are in a stackwise "stack".
We don't use the gui feature of the 2960's, so will just be doing a tftp to the flash and changing the "system boot" to point to the new image on all the switches.
Thanks
04-05-2018 01:26 PM
The SmartInstall bug/vulnerability can be disabled by issuing the command "no vstack".
04-05-2018 01:30 PM
Thanks for the reply.
I have done that (no vstack), but Cisco does not list that as a "work around" solution in the Security notice.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi
04-05-2018 01:55 PM
04-06-2018 06:28 AM
04-06-2018 07:06 AM
seems that using "no vstack" WILL keep the smart install bug from happening.
This tread shows a it being tested and using "no vstack" keeps the malformed packet from reloading the switch. Shame Cisco didn't put this in the security advisory.
04-06-2018 03:53 PM
@dmooreami wrote:
Role: Client (SmartInstall disabled)
VStack is not running. That's good.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide