This report identifies hosts that have the Cisco Smart Install feature running and are accessible to the Internet at large. This feature can be used to read or potentially modify a switch’s configuration.
The entries in this report provide an overview of internet-facing Cisco network devices, which have the Smart Install service enabled. This service has a vulnerability which allows for an unauthenticated user to read and possibly modify the configuration of the device. The likelihood is considered high as there is a known exploit for this vulnerability and a scanner is available in Metasploit. The impact is set to high as it can lead to a dump of the running-config, which can be followed by the password cracking of the switch credentials.
- Deactivate Cisco Smart Install after successful installation if possible.
- Restrict access to internal networks.
- If remote access is absolutely necessary, use a VPN.
Shadow Server – Cisco Smart Install Report
Shadow Server – Smart Install Scanner Project
Rapid7 Blog – Cisco SMI RCE