True, news are spreading and it looks like the vulnerability is being widely used. The Hacker News got a great article also:
https://thehackernews.com/2018/04/hacking-cisco-smart-install.html
This is also why we choose to disable Smart Install as fast as possible.
... View more
Yeah i can see the advisory was updated yesterday the 6th of April 2018 to include the possibility to disable Smart Install. I read the Talos Intelligence blog and it's true they recommended turning off Smart Install if not used. I still just don't understand, why the simple information wasn't posted on the advisory in the first place. I'm happy it's updated though. :-)
... View more
This is exactly why i posted this in the first place. I couldn't find any information whether or not the no vstack would help anything. So i asked here and then tested it myself, because i'm impatient. :-)
... View more
I can hereby confirm that, disabling vstack will prevent this vulnerability.
Before disabling vstack:
X@X:/mnt/c/Python$ python vstack.py -t 172.26.23.250
[*] Connecting to Smart Install Client 172.26.23.250 port 4786
[*] Send a malicious packet
After this switch crashes and reloads.
Then i use no vstack and try again:
X@X:/mnt/c/Python$ python vstack.py -t 172.26.23.250
[*] Connecting to Smart Install Client 172.26.23.250 port 4786
Traceback (most recent call last):
File "vstack.py", line 32, in <module>
con.connect((options.target, options.port))
File "/usr/lib/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 111] Connection refused
We've implemented no vstack on 3000 switches, since we do not use Smart Install.
... View more
Sort of the conclusion i came to, i'm just wondering why Cisco has no official description of the command. When i search for fragmentation attack on Cisco they recommend using ACLs to prevent that, so bit confused.
... View more
I can't seem to find any documentation for most of the service commands in relation to routers. So does anyone know the function of "service disable-ip-fast-frag" command and what it does exactly?
Regards.
... View more
.jpg "Hall of Fame Guru"){kind=icon}
