I can see a lot of publications about Cisco Smart Install attack on Aprl 6, 2018. Vedor and researchers started some interesting war of words as rap battle. Let's try to be independent side in this battle. I want to share my experience how to protect your infrastructure from such attacks.
On March 28, 2018 Cisco published 2 Smart Install vulnerabilities:
But community forgot another vulnerabilities from March 28, 2018:
- RCE of QoS service CVE-2018-0151.
- Unauthenticated attacker can login to device using default username "cisco" CVE-2018-0150.