In light of the recent
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability, we created a report which can be used to find possible vulnerable Cisco switches.
Cisco switches will in most cases have their software name and version in the description once scanned by Lansweeper. Based on the description, the report below will display all switches that have "IOS" or "IOS XE" software.
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename,
tblAssetCustom.Manufacturer,
tblAssets.IPAddress,
tblAssets.Mac,
tblAssets.Description,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblSNMPInfo On tblAssets.AssetID = tblSNMPInfo.AssetID
Where (tblAssets.Description Like '%IOS%' Or tblAssets.Description Like
'%IOS%XE%') And tblAssetCustom.State = 1
Order By tblAssets.AssetName
To use the report, do the following:
- Add the report to Lansweeper. Instructions can be found here.
- Find the software type (IOS or IOS XE) and version numbers of the switches in the report's "Description" column.
- Enter the version numbers in Cisco's software checker here: https://tools.cisco.com/security/center/softwarechecker.x
- Click Continue twice and check if "Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability" is in the list of affected security advisories.