Thinking...
[get complete service list]
Top of page
Port Information
Protocol Service Name
tcp install Smart
tcp smart-install Smart Install Service
Top IPs Scanning
Today Yesterday
185.94.111.1 (149)18.222.255.237 (70)
85.217.149.54 (41)85.217.149.33 (52)
3.23.104.96 (35)13.58.114.74 (35)
18.191.69.170 (35)3.19.223.104 (28)
165.22.206.56 (32)18.221.18.194 (28)
85.217.140.40 (29)3.137.146.232 (24)
185.242.226.72 (28)3.14.84.197 (21)
3.15.179.241 (21)3.144.120.14 (21)
18.221.214.151 (14)18.190.152.179 (21)
79.124.56.110 (11)3.16.148.58 (21)
Port diary mentions
URL
Request for Packets TCP 4786 - CVE-2016-6385
Top of page
User Comments
Submitted By Date
Comment
Chris Elgee 2017-09-19 02:05:17
Cisco Smart Install uses TCP 4786 and can often be abused to execute arbitrary commands. See: http://www.cvedetails.com/cve/CVE-2016-1349/ https://github.com/Sab0tag3d/SIET https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
Top of page
CVE Links
CVE # Description
CVE-2018-0156 A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.
CVE-2018-0171 A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.
Top of page