OPERATIONAL DEFECT DATABASE
...
...
This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the product; specifically, to print the following console message periodically whenever the Smart Install client feature is enabled: %SMI-5-CLIENT: Smart Install Client feature is enabled. It is recommended to disable the Smart Install feature when it is not actively used. To disable feature execute 'no vstack' in configuration mode In the fixed releases : 1) If you enable the vstack in switch --> alert message is printed on console. 2) The interval for the alert msg is not configurable. It's hard coded. For every one hour alert message is printed on console from the time vstack enabled. 3) With vstack enabled in switch, if you do write memory & reload the switch, alert message is printed on console during the boot process. 4) If you do write erase and reload, alert message is printed on console during the boot process.
Device configured with default configuration and running a version of Cisco IOS or IOS XE prior to the following first fixed releases:
12.2(60)EZ12 15.0(2)SE11 15.1(2)SY11, 15.2(1)SY5, 15.2(2)SY3, 15.4(1)SY3, 15.5(1)SY 15.2(2)E7, 15.2(4)E5, 15.2(5)E2c, 15.2(6)E0c, 15.2(6)E1 15.2(4)EA6 15.3(3)M10, 15.4(3)M8, 15.5(3)M6, 15.6(3)M3, 15.7(3)M 15.6(2)T3 15.9(3) (upcoming release)
3.6.7E 3.8.5E 3.10.0E Denali-16.3.5 Everest-16.6.1
Not applicable or available.
This issue was found during an internal security audit of the product. This issue should not be made public as it is an internal hardening issue to be considered for integration. PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
