CVE-2018-0156

Name of the Vulnerable Software and Affected Versions Cisco IOS Software and Cisco IOS XE Software (affected versions not specified)

Description The issue is related to the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software, where improper validation of packet data could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This can be achieved by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected, while Cisco devices configured as a Smart Install director are not affected.

Recommendations For Cisco IOS Software and Cisco IOS XE Software, update to a version that addresses the vulnerability, as software updates have been released by Cisco to fix this issue. As a temporary workaround, consider disabling the Smart Install client functionality on affected devices until a patch is available. Restrict access to TCP port 4786 to minimize the risk of exploitation.