nuclei-templates/network/cisco-smi-exposure.yaml

34 lines
1.2 KiB
YAML
Raw Normal View History

2021-08-16 11:27:13 +00:00
id: cisco-smi-exposure
info:
2021-08-16 11:27:13 +00:00
name: Cisco Smart Install Endpoints Exposure
author: dwisiswant0
severity: info
2021-08-16 08:50:55 +00:00
description: |
2021-08-16 11:27:13 +00:00
This template attempts & supports the detection part only by
connecting to the specified Cisco Smart Install port and determines
if it speaks the Smart Install Protocol. Exposure of SMI to
untrusted networks can allow complete compromise of the switch.
reference:
- https://blog.talosintelligence.com/2017/02/cisco-coverage-for-smart-install-client.html
- https://blogs.cisco.com/security/cisco-psirt-mitigating-and-detecting-potential-abuse-of-cisco-smart-install-feature
- https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
- https://github.com/Cisco-Talos/smi_check/blob/master/smi_check.py#L52-L53
- https://github.com/Sab0tag3d/SIET
2021-08-16 08:50:55 +00:00
tags: network,cisco,smi,exposure
network:
- inputs:
- data: "000000010000000100000004000000080000000100000000"
type: hex
host:
- "{{Hostname}}"
2021-12-09 13:06:24 +00:00
- "{{Host}}:4786"
matchers:
- type: word
encoding: hex
words:
- "000000040000000000000003000000080000000100000000"