#Cisco devices running vstack asr1001x install#
These devices are LAN switches (Cisco Catalyst Switches), and the default configuration is to enable Smart Install with a client role. The Smart Install feature is enabled by default on devices that can be configured to act as Smart Install directors or Smart Install clients. The following example shows the output from show tcp brief all | include 4786 on a device that has the Smart Install feature enabled: router# show tcp brief all | include 4786 The command show tcp brief all | include 4786 can be used to determine if TCP port 4786 is open (and therefore, to determine if Smart Install is enabled). The following is the output of show vstack config in a Cisco Catalyst Switch configured as a Smart Install director: Director# show vstack configĪ device that has the Smart Install feature enabled, either as a director or as a client, has TCP port 4786 in the open state. The following is the output of show vstack config in a Cisco Catalyst Switch configured as a Smart Install client: The outputs of show commands are different when entered on the director or on the client.
![cisco devices running vstack asr1001x cisco devices running vstack asr1001x](http://gekk.info/articles/images/ras/1421sp2a.png)
To display Smart Install information, use the show vstack config privileged EXEC command on the Smart Install director or client.
#Cisco devices running vstack asr1001x software#
Individual publication links are in "Cisco Event Response: Semi-Annual Cisco IOS Software Security Advisory Bundled Publication" at the following link:ĭevices configured as a Smart Install client or director are affected by this vulnerability. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the March 2012 bundled publication. Note: The March 28, 2012, Cisco IOS Software Security Advisory bundled publication includes nine Cisco Security Advisories. This advisory is available at the following link: A workaround may be available in some versions of Cisco IOS Software if the Smart Install feature is not needed. The vulnerability is triggered when an affected device processes a malformed Smart Install message on TCP port 4786.Ĭisco has released software updates that address this vulnerability. Cisco IOS Software contains a vulnerability in the Smart Install feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if the Smart Install feature is enabled.