Cisco Smart Install 漏洞列表

Checks if TFTP service becomes available after Smart Install exploitation. This template should be run after the configuration extraction payload to verify that the device is now serving configuration files via TFTP.

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data.

Cisco Smart Install endpoints were discovered. Exposure of SMI to untrusted networks could allow complete compromise of the switch.

【漏洞对象】Cisco Smart Install 客户端<br>【漏洞描述】<br>该客户端未进行任何鉴权，导致滥用 Smart Install协议可能导致修改 TFTP 服务器设置、通过 TFTP 窃取配置文件、更换 IOS 映像，甚至可能会执行 IOS 命令。