One Article Review
| Source |  Network World |
|---|---|
| Identifiant | 324717 |
| Date de publication | 2017-02-28 08:49:29 (vue: 2017-02-28 08:49:29) |
| Titre | This tool can help you discover Cisco Smart Install protocol abuse |
| Texte | For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.To read this article in full or to leave a comment, please click here |
| Envoyé | Oui |
| Condensat | abuse access allows any article attackers attacks authentication authorization automatically because been branch called can cisco click client commands comment config configuration configured copy custom default deployment devices director discover does download enabled execute existing file from full have help here high hijack hijacked ibd image install installed integrated ios layer leave load mechanism might mode network networks new newly not now one owners particular past please potentially primarily privilege probing protocol read released replace researchers router running smart smi software startup such support switch switches talos team tool touch used using vulnerable weeks zero |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.