Details of VAR-201804-1734

ID

VAR-201804-1734

TITLE

Cisco Smart Install Unauthorized Access Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-07375

DESCRIPTION

As a plug-and-play configuration and image management function, SmartInstall provides zero-configuration deployment for newly-joined switches, auto-initial configuration and operating system image loading, and configuration file backup. An unauthorized access vulnerability exists in Cisco SmartInstall. An attack can exploit this vulnerability and cause a network disconnection.

Trust: 0.6

sources: CNVD: CNVD-2018-07375

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-07375

AFFECTED PRODUCTS

vendor:	cisco	model:	sm-x-es3 skus	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nme-16es-1g-p	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sm-es3 skus	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sm-es2 skus	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ie	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	ie	scope:	eq	version:	4010	Trust: 0.6
vendor:	cisco	model:	ie	scope:	eq	version:	4000	Trust: 0.6
vendor:	cisco	model:	ie	scope:	eq	version:	3010	Trust: 0.6
vendor:	cisco	model:	ie	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	ie	scope:	eq	version:	2000	Trust: 0.6
vendor:	cisco	model:	catalyst series	scope:	eq	version:	2975	Trust: 0.6
vendor:	cisco	model:	catalyst series	scope:	eq	version:	2960	Trust: 0.6
vendor:	cisco	model:	catalyst series	scope:	eq	version:	3560	Trust: 0.6
vendor:	cisco	model:	catalyst series	scope:	eq	version:	3650	Trust: 0.6
vendor:	cisco	model:	catalyst series	scope:	eq	version:	3750	Trust: 0.6
vendor:	cisco	model:	catalyst series	scope:	eq	version:	3850	Trust: 0.6
vendor:	cisco	model:	catalyst supervisor engines	scope:	eq	version:	4500	Trust: 0.6

sources: CNVD: CNVD-2018-07375

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-07375
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2018-07375
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-07375

PATCH

title:

Cisco SmartInstall is not authorized to access the patch for the vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/125285

Trust: 0.6

sources: CNVD: CNVD-2018-07375

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-07375

Trust: 0.6

sources: CNVD: CNVD-2018-07375

REFERENCES

url:	https://www.cisco.com/c/en/us/td/docs/switches/lan/smart_install/configuration/guide/smart_install/supported_devices.html#51890	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170214-smi	Trust: 0.6
url:	https://github.com/sab0tag3d/siet	Trust: 0.6

sources: CNVD: CNVD-2018-07375

SOURCES

db:

CNVD

id:

CNVD-2018-07375

LAST UPDATE DATE

2022-05-04T10:00:46.185000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-07375

date:

2018-04-10T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-07375

date:

2018-04-10T00:00:00