Sign in / up

back to article Cisco says Smart Install is not a bug, not a vuln, releases blocker anyway

Cisco has reiterated that its Smart Install feature is not a bug and not a vulnerability, and to prove it's not, it's built a tool to help sysadmins block it. Smart Install (SMI) is by necessity insecure: sysadmins used it to give a new switch a minimal setup, so you can ship it to a branch office and, when it's plugged in, it …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Down not across

    Storm in a teacup, mountain out of a molehill

    I think this has been blown out of proportion. Yes, while the feature is intended for initial install, it could be used for re-install. Forgetting to turn it off sounds like someone not doing their job. Not to mention why on earth wouldn't the fetched configuration turn SMI off?

    0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Not good

    This vuln is being actively exploited so check your devices!

    0 0 Reply
    1. Down not across
      Reply Icon

      Re: Not good

      I'm sorry, but I don't see this as a vulnerability. It is well documented, and Cisco even warns about it in their documentation.Yes it could've been designed to be more secure, and yes perhaps IOS should automatically turn it off after having fetched initial config, but these are not consumer devices so it is not unreasonable to expect some competence of RTFM and configuration from the staff deploying the kit.

      If this is being successfully exploited, then some network "admins/engineers" aren't up to their job. What else is wrong in their configs and ACLs?

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like