====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN136
_____________________________________________________________________

DATE                : 10/04/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco IOS, Cisco IOS XE running Smart Install
                                       Feature.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi
_____________________________________________________________________

Cisco Security Advisory: Action Required to Secure the Cisco IOS and IOS
XE Smart Install Feature

Advisory ID: cisco-sa-20180409-smi

Revision: 1.0

For Public Release: 2018 April 9 00:00 GMT

Last Updated: 2018 April 9 00:00 GMT

CVE ID(s): NA

+---------------------------------------------------------------------

Summary

=======

In recent weeks, Cisco has published several documents related to the
Smart Install feature: one Talos blog about potential misuse of the
feature if left enabled, and two Cisco Security Advisories that were
included in the March 2018 release of the Cisco IOS and IOS XE Software
Security Advisory Bundled Publication. Given the heightened awareness,
we want to minimize any potential confusion about exploitation attempts
and clarify the verification of the feature on customer devices. As
such, Cisco has attempted to consolidate all information related to the
mitigation of potential Smart Install misuse or exploit of related
vulnerabilities into this single document, which also notes how to
properly secure devices that may be exposed and remediate the disclosed
vulnerabilities.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================