cnvd - cnvd-2018-06774

cnvd-2018-06774

Vulnerability from cnvd

Title: Cisco Smart Install远程命令执行漏洞

Description:

Smart Install作为一项即插即用配置和镜像管理功能，为新加入网络的交换机提供零配置部署，实现了自动化初始配置和操作系统镜像加载的过程，同时还提供配置文件的备份功能。

Cisco Smart Install存在远程命令执行漏洞，攻击者无需用户验证即可向远端Cisco设备的TCP 4786端口发送精心构造的恶意数据包，触发漏洞造成设备远程执行Cisco系统命令或拒绝服务（DoS）。

Severity: 高

Patch Name: Cisco Smart Install远程命令执行漏洞的补丁

Patch Description:

Cisco Smart Install存在远程命令执行漏洞，攻击者无需用户验证即可向远端Cisco设备的TCP 4786端口发送精心构造的恶意数据包，触发漏洞造成设备远程执行Cisco系统命令或拒绝服务（DoS）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

Impacted products

Name
['Cisco IOS XE', 'Cisco IOS']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103538"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0171"
    }
  },
  "description": "Smart Install\u4f5c\u4e3a\u4e00\u9879\u5373\u63d2\u5373\u7528\u914d\u7f6e\u548c\u955c\u50cf\u7ba1\u7406\u529f\u80fd\uff0c\u4e3a\u65b0\u52a0\u5165\u7f51\u7edc\u7684\u4ea4\u6362\u673a\u63d0\u4f9b\u96f6\u914d\u7f6e\u90e8\u7f72\uff0c\u5b9e\u73b0\u4e86\u81ea\u52a8\u5316\u521d\u59cb\u914d\u7f6e\u548c\u64cd\u4f5c\u7cfb\u7edf\u955c\u50cf\u52a0\u8f7d\u7684\u8fc7\u7a0b\uff0c\u540c\u65f6\u8fd8\u63d0\u4f9b\u914d\u7f6e\u6587\u4ef6\u7684\u5907\u4efd\u529f\u80fd\u3002\r\n\r\nCisco Smart Install\u5b58\u5728\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u65e0\u9700\u7528\u6237\u9a8c\u8bc1\u5373\u53ef\u5411\u8fdc\u7aefCisco\u8bbe\u5907\u7684TCP 4786\u7aef\u53e3\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684\u6076\u610f\u6570\u636e\u5305\uff0c\u89e6\u53d1\u6f0f\u6d1e\u9020\u6210\u8bbe\u5907\u8fdc\u7a0b\u6267\u884cCisco\u7cfb\u7edf\u547d\u4ee4\u6216\u62d2\u7edd\u670d\u52a1\uff08DoS\uff09\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06774",
  "openTime": "2018-03-30",
  "patchDescription": "Smart Install\u4f5c\u4e3a\u4e00\u9879\u5373\u63d2\u5373\u7528\u914d\u7f6e\u548c\u955c\u50cf\u7ba1\u7406\u529f\u80fd\uff0c\u4e3a\u65b0\u52a0\u5165\u7f51\u7edc\u7684\u4ea4\u6362\u673a\u63d0\u4f9b\u96f6\u914d\u7f6e\u90e8\u7f72\uff0c\u5b9e\u73b0\u4e86\u81ea\u52a8\u5316\u521d\u59cb\u914d\u7f6e\u548c\u64cd\u4f5c\u7cfb\u7edf\u955c\u50cf\u52a0\u8f7d\u7684\u8fc7\u7a0b\uff0c\u540c\u65f6\u8fd8\u63d0\u4f9b\u914d\u7f6e\u6587\u4ef6\u7684\u5907\u4efd\u529f\u80fd\u3002\r\n\r\nCisco Smart Install\u5b58\u5728\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u65e0\u9700\u7528\u6237\u9a8c\u8bc1\u5373\u53ef\u5411\u8fdc\u7aefCisco\u8bbe\u5907\u7684TCP 4786\u7aef\u53e3\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684\u6076\u610f\u6570\u636e\u5305\uff0c\u89e6\u53d1\u6f0f\u6d1e\u9020\u6210\u8bbe\u5907\u8fdc\u7a0b\u6267\u884cCisco\u7cfb\u7edf\u547d\u4ee4\u6216\u62d2\u7edd\u670d\u52a1\uff08DoS\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Smart Install\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS XE",
      "Cisco IOS"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-29",
  "title": "Cisco Smart Install\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

CVE-2018-0171 (GCVE-0-2018-0171)

Vulnerability from cvelistv5

Published

2018-03-28 22:00

Modified

2025-07-30 01:46

Severity ?

CWE

CWE-20

Summary

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.

References

▼	URL	Tags
	https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04	x_refsource_MISC
	http://www.securitytracker.com/id/1040580	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2	x_refsource_CONFIRM
	https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05	x_refsource_MISC
	http://www.securityfocus.com/bid/103538	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Cisco IOS and IOS XE	Version: Cisco IOS and IOS XE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"
          },
          {
            "name": "1040580",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040580"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
          },
          {
            "name": "103538",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103538"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0171",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T16:04:53.348841Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0171"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:46:17.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2018-0171 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS and IOS XE",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco IOS and IOS XE"
            }
          ]
        }
      ],
      "datePublic": "2018-03-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-19T13:57:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"
        },
        {
          "name": "1040580",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040580"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
        },
        {
          "name": "103538",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103538"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS and IOS XE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco IOS and IOS XE"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"
            },
            {
              "name": "1040580",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040580"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2"
            },
            {
              "name": "https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490",
              "refsource": "MISC",
              "url": "https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
            },
            {
              "name": "103538",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103538"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0171",
    "datePublished": "2018-03-28T22:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:46:17.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted