Critical vulnerability opens Cisco switches to remote attack

A critical vulnerability affecting many of Cisco’s networking devices could be exploited by unauthenticated, remote attackers to take over vulnerable devices or trigger a reload and crash.

The flaw was discovered by Embedi researchers nearly a year ago. It is a stack-based buffer overflow vulnerability present in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software.

The vulnerability can be exploited by by sending a crafted Smart Install message to an affected device on TCP port 4786.

Embedi researchers confirmed that the flaw is found in Catalyst 4500 Supervisor Engines, Cisco Catalyst 3850 Series Switches, and Cisco Catalyst 2960 Series Switches, but that a slew of other devices are potentially vulnerable.

Cisco says that it affects devices that are running a vulnerable release of Cisco IOS or IOS XE Software and have the Smart Install client feature enabled.

Cisco says that the vulnerability is not actively exploited in the wild, but as information about it and Proof-of-Concept code has now been published network administrators would do well to install the released security updates as soon a possible.