Cisco defends Smart Install protocol, which permits unauthenticated logins
Wed 15 Feb 2017
When is remote, unauthenticated login not a vulnerability? When it’s a feature!
Cisco has stated that the Smart Install protocol, which allows for remote, unauthenticated login to individual switches is actually a feature, rather than a vulnerability.
Should an attacker use this feature to change the start-up config file on a switch running Cisco IOS and IOS XE software, they can force reload, load new IOS images, and execute high-privilege commands.
However, Cisco maintains that the Smart Install protocol does not require authentication by design, and that this is an intentional feature rather than an oversight or error. The company refers to Smart Install as a ‘plug-and play’ configuration, created to allow customers to install a switch at a remote location and power it on without any additional configuration requirements.
The problems associated with the absence of authentication in Smart Install are referred to by Cisco as a potential for misuse rather than a vulnerability. The company acknowledges that an attacker could, without an authorization protocol, take advantage of the Smart Install feature to seize control of a client switch and change the server address, substitute configuration files, and execute commands on switches running newer operating systems.
The issues with Smart Install protocol were reported to Cisco by security researchers at Trustwave SpiderLabs, Digital Security and Tenable Network Security.
Smart Install is a default setting on client switches – should a customer wish to avoid known vulnerabilities associated with the Smart Install protocol they must change the default settings to disable the feature.
Network administrators may have a difficult time figuring out if their systems have been compromised due to misuse of Smart Install, as without authentication misuse will appear the same as regular activity. An administrator who suspects a system has been compromised should look at network device event logs for unscheduled reloads and configuration changes from external IP addresses.
Cisco recommends that any client not actively using the Smart Install feature disable it using the configuration command no vstack. Customers using the feature for zero-touch deployment should disable it as soon as the hardware is deployed and operational. Cisco has also updated security best practices with regards to the Smart Install protocol.