Cisco Smart Install Endpoints Exposure

ID: cisco-smi-exposure

Severity: medium

Author: dwisiswant0

Tags: network,cisco,smi,exposure,tcp

Description

Cisco Smart Install endpoints were discovered. Exposure of SMI to untrusted networks could allow complete compromise of the switch.

YAML Source

id: cisco-smi-exposure

info:
  name: Cisco Smart Install Endpoints Exposure
  author: dwisiswant0
  severity: medium
  description: Cisco Smart Install endpoints were discovered. Exposure of SMI to untrusted networks could allow complete compromise of the switch.
  reference:
    - https://blog.talosintelligence.com/2017/02/cisco-coverage-for-smart-install-client.html
    - https://blogs.cisco.com/security/cisco-psirt-mitigating-and-detecting-potential-abuse-of-cisco-smart-install-feature
    - https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
    - https://github.com/Cisco-Talos/smi_check/blob/master/smi_check.py#L52-L53
    - https://github.com/Sab0tag3d/SIET
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
    max-request: 1
  tags: network,cisco,smi,exposure,tcp

tcp:
  - inputs:
      - data: "000000010000000100000004000000080000000100000000"
        type: hex

    host:
      - "{{Hostname}}"
    port: 4786

    matchers:
      - type: word
        encoding: hex
        words:
          - "000000040000000000000003000000080000000100000000"
# digest: 4b0a00483046022100cb05a10e044981d52b0085c87b4698d249625ecab4a28828c443ef787cb7712c022100c369328834190764cccdf3a4ab87cb909e758ee6b878a8433422a756778e8856:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "network/exposures/cisco-smi-exposure.yaml"

View on Github