Description
This report identifies hosts that have the Cisco Smart Install feature running and are accessible to the Internet at large. This feature can be used to read or potentially modify a switch’s configuration.
Assessment
The entries in this report provide an overview of internet-facing Cisco network devices, which have the Smart Install service enabled. This service has a vulnerability which allows for an unauthenticated user to read and possibly modify the configuration of the device. The likelihood is considered high as there is a known exploit for this vulnerability and a scanner is available in Metasploit. The impact is set to high as it can lead to a dump of the running-config, which can be followed by the password cracking of the switch credentials.
Recommendations
- Deactivate Cisco Smart Install after successful installation if possible.
- Restrict access to internal networks.
- If remote access is absolutely necessary, use a VPN.
References
Shadow Server – Smart Install Scanner Project