BugZero | Cisco BugID CSCvd36810 - Smart Install client must alert to console periodi...

Cisco - Defect ID: CSCvd36810

Smart Install client must alert to console periodically

Cisco - Defect ID: CSCvd36810

Smart Install client must alert to console periodically

Last updated on 3/24/2023

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the product; specifically, to print the following console message periodically whenever the Smart Install client feature is enabled: %SMI-5-CLIENT: Smart Install Client feature is enabled. It is recommended to disable the Smart Install feature when it is not actively used. To disable feature execute 'no vstack' in configuration mode In the fixed releases : 1) If you enable the vstack in switch --> alert message is printed on console. 2) The interval for the alert msg is not configurable. It's hard coded. For every one hour alert message is printed on console from the time vstack enabled. 3) With vstack enabled in switch, if you do write memory & reload the switch, alert message is printed on console during the boot process. 4) If you do write erase and reload, alert message is printed on console during the boot process.

Conditions

Device configured with default configuration and running a version of Cisco IOS or IOS XE prior to the following first fixed releases:

IOS

12.2(60)EZ12 15.0(2)SE11 15.1(2)SY11, 15.2(1)SY5, 15.2(2)SY3, 15.4(1)SY3, 15.5(1)SY 15.2(2)E7, 15.2(4)E5, 15.2(5)E2c, 15.2(6)E0c, 15.2(6)E1 15.2(4)EA6 15.3(3)M10, 15.4(3)M8, 15.5(3)M6, 15.6(3)M3, 15.7(3)M 15.6(2)T3 15.9(3) (upcoming release)

IOS XE

3.6.7E 3.8.5E 3.10.0E Denali-16.3.5 Everest-16.6.1

Workaround

Not applicable or available.

Further Problem Description

This issue was found during an internal security audit of the product. This issue should not be made public as it is an internal hardening issue to be considered for integration. PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvd36810

Smart Install client must alert to console periodically

Cisco - Defect ID: CSCvd36810

Smart Install client must alert to console periodically

Last updated on 3/24/2023

Vendor details

Vendor details

Description

Symptom

Conditions

IOS

IOS XE

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?