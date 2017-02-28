This tool can help you discover Cisco Smart Install protocol abuse

Attackers are targeting a zero-touch configuration protocol to hijack Cisco switches

|

Romania Correspondent, IDG News Service |

20151005 cisco hq sign 100620823 orig
Credit: Stephen Lawson
Related

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.

The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).

The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.

This is an abuse of a feature that works as intended, so there is no vulnerability to be patched, but Cisco has published a security advisory and blog post with information about how customers can detect and block such attacks.

The company has provided a new IPS (intrusion prevention system) signature and Snort rules to detect the use of Smart Install in customer networks.

The recent Smart Install scanning activity observed in the wild might be related to the recent release of an open-source tool called the Smart Install Exploitation Tool (SIET).

Customers who don't need the Cisco Smart Install functionality should simply disable the feature in their switches. Those who do need it, should follow Cisco's mitigation advice.

The team from Cisco Talos has developed and released its own scanning tool that customers can use to find switches with Smart Install enabled on their networks. The tool is called the Smart Install Client Scanner and was published on GitHub.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Lucian Constantin is an IDG News Service correspondent. He writes about information security, privacy, and data protection.

Must read: 10 new UI features coming to Windows 10
You Might Like
Don't Miss
Amazon Echo, Echo Dot, and Google Home
8 ways to make Amazon’s Alexa even more awesome

Amazon’s voice assistant, Alexa, works remarkably well, but these improvements could dramatically...

ipad pro pair
Boat relying on an iPad for navigation crashes into a ferry after Wi-Fi goes

The iPad is useful for many things, but relying on it exclusively while steering a boat isn't a smart...

best buy geek squad car
Why you shouldn't trust Geek Squad ever again

The U.S. government reportedly pays Geek Squad technicians to dig through your PC for files to give to...

BrandPosts
Learn more
Resources
Top Stories
170227 mwc 02759
Cisco Jasper grows Internet of Things reach, breadth

Nearly a year after it bought Jasper for $1.4 billion, Cisco this week strengthened the company’s...

freedom free software mobile
What enterprise software developers can learn from consumer apps

With employees frustrated by complex, confusing enterprise apps, companies have been taking cues from...

windows
Deep dive into Windows Server 2016

In this review, we will go through the various new and improved features of Windows Server 2016. We...

00 crimeware
A new service for the less techie criminals

Cybercriminals can obtain sensitive data, like credit card numbers, names and addresses, with just a...