Things get even more gnarly quickly when you consider what a successful attack against a Cisco switch exposing SMI would get an attacker. Or, put more bluntly, if you leave SMI exposed and unpatched and have not followed Cisco’s recommendations for securing SMI, effectively everything about that switch is at risk for compromise. Five issues were reported, the most severe of which easily rated as CVSS 10.0, if risk scoring is your thing. Things got more interesting for SMI within the last year when Tenable Network Security, Daniel Turner of Trustwave SpiderLabs, and Alexander Evstigneev and Dmitry Kuznetsov of Digital Security disclosed a number of security issues in SMI during their presentation at the 2016 Zeronights security conference. Since its first debut in 2010, SMI has had a handful of vulnerabilities published, including one that led to remote code execution ( CVE-2011-3271) and several denial of service issues ( CVE-2012-0385, CVE-2013-1146, CVE-2016-1349, CVE-2016-6385). Simple “plug and play” for adding new Cisco switches.īut, with the great power and heightened privileges comes great responsibility, and that remains true with SMI. Using SMI yields a number of benefits, chief among which is the fact that you can place an unconfigured Cisco switch into an SMI-enabled (and previously configured) network and it will get the correct image and configuration without needing to do much more than wiring up the device and turning it on. Cisco’s SMI documentation goes into more detail than we’ll be touching on in this post, but the short version is that SMI leverages a combination of DHCP, TFTP and a proprietary TCP protocol to allow organizations to deploy and manage Cisco switches. Cisco Smart Install (SMI) provides configuration and image management capabilities for Cisco switches.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |