APP: Cisco IOS-XE Smart Install Denail Of Service
This signature detects a vulnerability in Cisco Smart Install Client. Successful exploitation can allow denial of service.
Extended Description
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.
Short Name
APP:CISCO:IOS-SMI-DOS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2018-0156 Cisco Denail IOS-XE Install Of Service Smart bid:103569
Release Date
04/10/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3377
Port
TCP/4786
False Positive
Unknown
CVSS Score
7.8