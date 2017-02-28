News

This tool can help you discover Cisco Smart Install protocol abuse

Attackers are targeting a zero-touch configuration protocol to hijack Cisco switches

|

Romania Correspondent, IDG News Service |

20151005 cisco hq sign 100620823 orig
Credit: Stephen Lawson
More like this

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.

The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).

The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.

This is an abuse of a feature that works as intended, so there is no vulnerability to be patched, but Cisco has published a security advisory and blog post with information about how customers can detect and block such attacks.

The company has provided a new IPS (intrusion prevention system) signature and Snort rules to detect the use of Smart Install in customer networks.

The recent Smart Install scanning activity observed in the wild might be related to the recent release of an open-source tool called the Smart Install Exploitation Tool (SIET).

Customers who don't need the Cisco Smart Install functionality should simply disable the feature in their switches. Those who do need it, should follow Cisco's mitigation advice.

The team from Cisco Talos has developed and released its own scanning tool that customers can use to find switches with Smart Install enabled on their networks. The tool is called the Smart Install Client Scanner and was published on GitHub.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Related:

Lucian Constantin is an IDG News Service correspondent. He writes about information security, privacy, and data protection.

7 Wi-Fi vulnerabilities beyond weak passwords
You Might Like
Shop Tech Products at Amazon
What Readers Like
Tianhe 2
China reminds Trump that supercomputing is a race

China said it plans to develop a prototype of an exascale supercomputer by the end of this year,...

FCC building in Washington
FCC reverses net neutrality ISP transparency rules

The U.S. Federal Communications Commission has voted to roll back some net neutrality regulations that...

H-1B visa collage
Trump eyes an H-1B visa aimed at ‘best and brightest’

President Donald Trump is considering a new way of distributing the H-1B visa to ensure they go to the...

BrandPosts
Learn more
Popular Resources
Top Stories
mvisa MWC 2017 announcement
Visa, Mastercard beef up mobile payment tech at MWC

Visa on Monday announced one of the most unusual approaches, one that relies primarily on older QR code...

lg g6 on bench
First look: The new LG G6 brings with it a new aspect (ratio)

The new LG G6 smartphone comes with high-end components, solid construction, and an unusual 18:9 aspect...

rsa conference 2017
RSA Conference is a timesaver

For our manager, the annual security gathering is a great way to get quality time with vendors.

R programming
Create your own Slack bots -- and web APIs -- in R

Make your own API and connect it to a Slack custom slash command -- all in R. This step-by-step...