Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mercredi 22 février 2017

CISCO Smart Install Protocol Issues (CERT-EU Security Advisory 2017-003)

It has been reported that there exists a way to misuse the Cisco Smart Install protocol messages. The misuse is directed towards Smart Install Clients allowing an unauthenticated remote attacker to change the startup configuration, load alternative IOS versions, and execute commands on affected devices. Cisco does not consider this issue a vulnerability. However, since Cisco Smart Install is enabled by default in a big number of modern switches and routers, CERT-EU considers this protocol abuse a potentially serious threat.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 222


Événements SSI