dkklion.blogg.se

1. SMART INSTALL CISCO NO VSTACK FULL
2. SMART INSTALL CISCO NO VSTACK SOFTWARE
3. SMART INSTALL CISCO NO VSTACK CODE
4. SMART INSTALL CISCO NO VSTACK PASSWORD

This information in the startup-config is plentiful with useful information including, password hashes, local usernames and passwords (plaintext or hashes), and network topology information such as: VLANs, trunk links, etc. Let’s proceed with exploiting this misconfiguration.īy using SIET, we can obtain the startup-config (configuration of Cisco IOS device in NVRAM vs running-config which is in RAM). With the information at hand, we can now confirm that the remote device is indeed running Smart Install. Let’s confirm with using SIET if this remote device is indeed running Smart Install: One common tool is call SIET (Smart Install Exploitation Tool). Many tools have been created for Smart Install exploitation. How can we confirm that this remote device is indeed running Smart Install? Let’s confirm if Smart Install is running on this remote device.įrom this information, we have reason to believe that this remote device is indeed running Smart Install. We first begin by performing a remote port scan within the network as seen below using a port scanner such as Nmap:įrom the following OS fingerprint from Nmap, the remote device appears to be a Cisco device. The following demo demonstrates abusing Smart Install and common tools/techniques seen in modern networks.

SMART INSTALL CISCO NO VSTACK FULL

This exposed service can lead to remote, unauthenticated attackers/threat actors to utilize this service and obtain sensitive information such as: the running-config, password hashes or plaintext passwords, and network topology information or even full device takeover. However, many network administrators and engineers alike do not disable this service when the deployment is finished. One common best practice across the information technology field is to disable unnecessary services or disable these services when no longer needed. This protocol is very useful for networking professionals for rapid deployment of new infrastructure. Smart Install runs on TCP port 4786 and requires no authentication to connect to the remote service. This can include devices such as switches and routers and many other devices running Cisco IOS. developed a widely used protocol to perform zero touch deployment of new infrastructure. Here is an example of a switch with smart install enabled.Cisco Systems Inc. Run show vstack config to view the current status. Smart Install Client feature active on 10.217.1.60:4786 Smart Install Client feature active on 10.217.1.50:4786 Smart Install Client feature active on 10.217.1.40:4786 Smart Install Client feature active on 10.217.1.30:4786 Smart Install Client feature active on 10.217.1.20:4786 Smart Install Client feature active on 10.217.1.10:4786

Smart Install Client feature active on 10.217.1.9:4786 If you improve it please send me a copy at |

SMART INSTALL CISCO NO VSTACK SOFTWARE

| This program is free software you can redistribute it and/or modify |

Here is an example where the management stations are on 10.1.18.0 and 10.1.50.0 and the switch is 10.10.10.1. I recommend using ACLs to limit access to the management interface to just your management network.

SMART INSTALL CISCO NO VSTACK CODE

Embedi released the PoC code that causes the switch to reload so if you aren't using ACLs on your management interfaecs any script kiddie can attack from the inside. Keep in mind that being exposed to the Internet means you can be attacked from anywhere where in the world, but just because you don't have a switch in front of the firewall doesn't mean you shouldn't be concerned.

I have already been contacted by a customer that was notified they had one in the list. They say that Shodan.io lists 168,000 devices exposed on the public Internet. In the reference section below I have a link to a Kapersky article on the vulnerability. In this YouTube video Embedi CVE-2018-0171 CISCO full control demostrates gaining full control of the switch. This is a widespread vulnerability and it can lead to a DoS or a complete takeover of the switch. The Smart install protocol is used for automatic switch deployment and is enabled by default on many models including the 3850, 2960x, and 4500x. The guys at released a remote code exploit for Cisco's Smart Install protocol at GeekPWN 2017 Hong Kong. The Cisco script is written in Python 2.7.