TL;DR 📌

A critical vulnerability in the Smart Install feature of Cisco IOS and IOS XE Software allows unauthenticated remote attackers to execute arbitrary code or trigger a denial of service on affected devices. Immediate action is required to mitigate risks.

What happened 🕵️‍♂️

Cisco has identified a vulnerability in the Smart Install feature of its IOS and IOS XE Software. This flaw allows an unauthenticated remote attacker to send crafted messages to devices, potentially leading to a buffer overflow. Successful exploitation can result in device reloads, arbitrary code execution, or an indefinite loop causing a watchdog crash. Cisco has observed ongoing exploitation attempts and strongly recommends upgrading to fixed software releases.