nuclei-templates/network/cisco-smi-exposure.yaml

34 lines
1.2 KiB
YAML

id: cisco-smi-exposure
info:
name: Cisco Smart Install Endpoints Exposure
author: dwisiswant0
severity: info
description: |
This template attempts & supports the detection part only by
connecting to the specified Cisco Smart Install port and determines
if it speaks the Smart Install Protocol. Exposure of SMI to
untrusted networks can allow complete compromise of the switch.
reference:
- https://blog.talosintelligence.com/2017/02/cisco-coverage-for-smart-install-client.html
- https://blogs.cisco.com/security/cisco-psirt-mitigating-and-detecting-potential-abuse-of-cisco-smart-install-feature
- https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
- https://github.com/Cisco-Talos/smi_check/blob/master/smi_check.py#L52-L53
- https://github.com/Sab0tag3d/SIET
tags: network,cisco,smi,exposure
network:
- inputs:
- data: "000000010000000100000004000000080000000100000000"
type: hex
host:
- "{{Hostname}}"
- "{{Hostname}}:4786"
matchers:
- type: word
encoding: hex
words:
- "000000040000000000000003000000080000000100000000"