CVE-2018-0171
CVE-2018-0171
In short
A flaw in Cisco's Smart Install feature allows an attacker to send a specially crafted message over the network, causing the device to crash, hang, or run malicious code without needing to log in first.
Technical detail
The vulnerability stems from improper packet validation in the Smart Install protocol (TCP port 4786), allowing unauthenticated remote attackers to trigger a buffer overflow. Exploitation results in denial of service via device reload or watchdog crash, or arbitrary code execution depending on the attack variant.
Summary generated and translated by AI from the official description.
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
n/a · Cisco IOS and IOS XEpublic PoCs found — 2
githubgithub.com/AlrikRr/Cisco-Smart-Exploit★ 18exploitdbwww.exploit-db.com/exploits/44451unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0171https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490http://www.securityfocus.com/bid/103538http://www.securitytracker.com/id/1040580