OPERATIONAL DEFECT DATABASE
...
...
The Smart Install client feature does not auto-disable after boot-up when a device detects that zero-touch deployment is not in use.
- The default 'vstack' feature is enabled. - IOS version 12.2(52)SE or later, but earlier than: 12.2(60)EZ12 15.1(2)SY12, 15.2(1)SY6, 15.4(1)SY4, or 15.5(1)SY1 15.2(2)E7, 15.2(4)E5, 15.2(5)E2c, or 15.2(6)E 15.2(4)EA6 - Any IOS-XE version earlier than: 3.6.7E, 3.8.5E, or 3.10.0E 16.3.5, or 16.6.1
- Disable the Smart Install client using the 'no vstack' command. Note: The 'no vstack' command does not persist after a reload in the following Cisco IOS and IOS XE releases: - 12.2(60)EZ11 - 15.1(2)SY11, 15.2(1)SY5, 15.2(2)SY3, or 15.4(1)SY3 - 15.2(5)E2, 15.2(5)E2a, 15.2(5)E2b - 3.9.2E, 3.9.2aE, 3.9.2bE For further recommendations, see: https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
- This update improves security by making Cisco IOS and IOS XE automatically disable the Smart Install client if no SMI Director is detected after about 5 minutes. - This change follows secure coding best practices and was identified during an internal security audit. PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
