**Name of the Vulnerable Software and Affected Versions:**

Cisco IOS and Cisco IOS XE Software (affected versions not specified)

**Description:**

A vulnerability exists in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software due to improper validation of packet data. This allows a remote, unauthenticated attacker to potentially trigger a device reload, leading to a denial-of-service (DoS) condition, or to execute arbitrary code on the affected device. Exploitation involves sending a crafted Smart Install message to TCP port 4786, which could cause a buffer overflow. The Static Tundra group, sponsored by the Russian state, and the Salt Typhoon group have been observed exploiting this vulnerability to gain access to telecommunications, education, and manufacturing sectors globally. These groups aim to establish persistent access and exfiltrate network traffic and device configurations.

**Recommendations:**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.