This tool can help you discover Cisco Smart Install protocol abuse
Security

This tool can help you discover Cisco Smart Install protocol abuse

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.

The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).

The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.

This is an abuse of a feature that works as intended, so there is no vulnerability to be patched, but Cisco has published a security advisory and blog post with information about how customers can detect and block such attacks.

The company has provided a new IPS (intrusion prevention system) signature and Snort rules to detect the use of Smart Install in customer networks.

The recent Smart Install scanning activity observed in the wild might be related to the recent release of an open-source tool called the Smart Install Exploitation Tool (SIET).

Customers who don't need the Cisco Smart Install functionality should simply disable the feature in their switches. Those who do need it, should follow Cisco's mitigation advice.

The team from Cisco Talos has developed and released its own scanning tool that customers can use to find switches with Smart Install enabled on their networks. The tool is called the Smart Install Client Scanner and was published on GitHub.

IDG Insider

PREVIOUS ARTICLE

«A better security strategy than ‘know your enemy’: Know your co-workers

NEXT ARTICLE

Dell EMC India reorganizes to tap the digital gold rush»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Recommended for You

silhouette

Everything you need to know about… Tech Careers

IDG Connect tackles the tech stories that matter to you

kathryn-cave

Blockchain For Dummies: What you really need to know

Kathryn Cave looks at the big trends in global tech

martin-veitch-thumbnail

What we know and don’t know about digital transformation

Martin Veitch's inside track on today’s tech trends

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?