CVE-2013-1146

Cisco IOS Smart Install Configuration File Upload Remote Code Execution Vulnerability

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790.

La funcionalidad Smart Install del cliente de Cisco IOS v12.2 y v15.0 hasta v15.3 en los switches Catalyst permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de una lista de parámetros imagen en los paquetes de Smart Install, conocido como ID de error alias CSCub55790.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco IOS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Smart Install client. A specially crafted packet can be sent to the SMI IBC server to instruct it to download the IOS config file and IOS image file(s). The vulnerability allows the attacker to replace the startup configuration file and the booting IOS image on Cisco switches running as a Smart Install client. The attacker can specify a user account with highest access in the config file, allowing them to take complete control of the switch.

*Credits: Tenable Network Security

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-01-11 CVE Reserved
2013-03-28 CVE Published
2024-09-17 CVE Updated
2024-10-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall	2013-03-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				12.2 Search vendor "Cisco" for product "Ios" and version "12.2"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				15.0 Search vendor "Cisco" for product "Ios" and version "15.0"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				15.0\(1\)se Search vendor "Cisco" for product "Ios" and version "15.0\(1\)se"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				15.1 Search vendor "Cisco" for product "Ios" and version "15.1"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				15.2 Search vendor "Cisco" for product "Ios" and version "15.2"		-		Affected
Cisco Search vendor "Cisco"		Ios Search vendor "Cisco" for product "Ios"				15.3 Search vendor "Cisco" for product "Ios" and version "15.3"		-		Affected