15.1

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

cisco

critical

nessus

NVD

Published: 2011-10-03

Updated: 2012-05-14

Summary

Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 12.2 Cisco IOS 15.1	2

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20110928-SMART-INSTALLHTTP.NASL
description	A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature.
last seen	2019-10-28
modified	2011-09-29
plugin id	56320
published	2011-09-29
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/56320
title	Cisco IOS Software Smart Install Remote Code Execution Vulnerability (cisco-sa-20110928-smart-install)
code	#TRUSTED 3f53b5123d7ece5d771a3530686e6b243b0629c110b72166de0e2c70e6b47da30d0cafd4b0145ea6fa6f35e843922171c71479002ed13d0fb897a776f338d3c46fb1c290b0dda3973eb35a43d7f35fca5f39766b1968b8b5abfaa50d1ef51904e4f4cb202082f6d07ce5cf68716a1e356c6259fd44ac20a2ad21166e3e605dcba0d22346f2325904d770704a689bff0f3c648bdd96ea381a9003d514a15dedacef3b26e0486edd860bfcd350e8516437ffa2ca97d07864ca54806d6a822ff95ba86cebc6d742ea5689bd238b8d2c464c68b0f963ecb0511696809d4d7c0785879f31c91bbb92e70540efb677f89171d878cd0d357b02c726fbb71366d5af4d145ad4f34f77980e3deb11d1a95d5fbe76e7549404fc180c3d800e3e73a3ee9dafedaf59dc4f85d1c6a91828f2f52bea4ddc1fbe0fe13138a50121bed3b5a9d7e880c6925947ca7659e7c4f53e7d318ad93cec0f9dff8b0e81604e291bdd31e312f960bd5fe7c615c62833942d30243af0a082c2eaade004bf43875aa4a409469cfad3d4c6d0288b74209d68a906f631dd754c47a2d0fb04bb9f8030c90d934d844fcf43a986d84d5b80b843378fad62c4443fc09c6826b4127034defbfce2cdb331be0e5ecf6b589f931d650c6ba52ae0d1feb16ef9a8a099d299531c01d0b7f77aa162583ef98270d25573ae4a50e69e5042f48156d5c77dbf6225b6530d44e0 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Cisco Security Advisory cisco-sa-20110928-smart-install. # The text itself is copyright (C) Cisco # include("compat.inc"); if (description) { script_id(56320); script_version("1.19"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15"); script_cve_id("CVE-2011-3271"); script_bugtraq_id(49828); script_xref(name:"CISCO-BUG-ID", value:"CSCto10165"); script_xref(name:"CISCO-SA", value:"cisco-sa-20110928-smart-install"); script_name(english:"Cisco IOS Software Smart Install Remote Code Execution Vulnerability (cisco-sa-20110928-smart-install)"); script_summary(english:"Checks the IOS version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature." ); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-smart-install script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f103c9d9" ); script_set_attribute( attribute:"solution", value: "Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20110928-smart-install." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/28"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencies("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include("audit.inc"); include("cisco_func.inc"); include("cisco_kb_cmd_func.inc"); flag = 0; override = 0; version = get_kb_item_or_exit("Host/Cisco/IOS/Version"); if ( version == '12.2(52)EX' ) flag++; if ( version == '12.2(52)EX1' ) flag++; if ( version == '12.2(52)SE' ) flag++; if ( version == '12.2(53)EY' ) flag++; if ( version == '12.2(53)SE' ) flag++; if ( version == '12.2(53)SE1' ) flag++; if ( version == '12.2(53)SE2' ) flag++; if ( version == '12.2(55)EX' ) flag++; if ( version == '12.2(55)EX1' ) flag++; if ( version == '12.2(55)EX2' ) flag++; if ( version == '12.2(55)EY' ) flag++; if ( version == '12.2(55)EZ' ) flag++; if ( version == '12.2(55)SE' ) flag++; if ( version == '12.2(55)SE1' ) flag++; if ( version == '12.2(55)SE2' ) flag++; if ( version == '15.1(3)T' ) flag++; if ( version == '15.1(3)T1' ) flag++; if ( version == '15.1(4)M' ) flag++; if ( version == '15.1(4)M0a' ) flag++; if ( version == '15.1(4)M0b' ) flag++; if ( version == '15.1(4)M1' ) flag++; if ( version == '15.1(4)XB4' ) flag++; if ( version == '15.1(4)XB5' ) flag++; if (get_kb_item("Host/local_checks_enabled")) { if (flag) { flag = 0; buf = cisco_command_kb_item("Host/Cisco/Config/show_vstack_config", "show vstack config"); if (check_cisco_result(buf)) { if (preg(pattern:"Role:\s+\(Client\\|Director\)", multiline:TRUE, string:buf)) { flag = 1; } } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; } } } if (flag) { security_hole(port:0, extra:cisco_caveat(override)); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 49828 CVE ID: CVE-2011-3271 Cisco的网际操作系统（IOS）是一个网际互连优化的复杂操作系统。 Cisco IOS的Smart Install功能在实现上存在漏洞，远程非法攻击者可利用此漏洞在受影响设备上执行任意代码。此漏洞源于运行Cisco IOS Software的Cisco Catalyst Switches中的Smart Install功能，Smart Install使用TCP端口4786进行通信，要触发此漏洞需要完整的TCP三方握手的连接。 Cisco IOS 15.x Cisco IOS 12.x 厂商补丁： Cisco ----- Cisco已经为此发布了一个安全公告（cisco-sa-20110928-nat）以及相应补丁: cisco-sa-20110928-nat：Cisco IOS Software Network Address Translation Vulnerabilities 链接：http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4d.shtml
id	SSV:20963
last seen	2017-11-19
modified	2011-09-29
published	2011-09-29
reporter	Root
title	Cisco IOS Smart Install远程代码执行漏洞

Summary

Vulnerable Configurations

Nessus

Seebug

References