We have received information about potential active reconnaissance for TCP 4786 which might be related to CVE-2016-6385 (Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability) an advisory released 28 Sep 2016. This vulnerability could allow an unauthenticated user to cause a memory leak that could lead to a Denial of Service (DoS). If you are using Cisco IOS XE Software, "Cisco has released free software updates that address the vulnerability described in this advisory."[4] So far we have very little information but this is the type of IOS activity you should be looking for: Oct 21 20:12:46 MDT: %SM-4-BADEVENT: Event 'ibcs_e_download_msg_req_recv' is invalid for the current state 'ibcs_s_accept': smi_ibc_serv SMI IBCS sm If you have packets or logs that might help assess if this is related to this vulnerability, use our contact page to send them to us.
----------- |
Guy 523 Posts ISC Handler Oct 22nd 2016 |
Thread locked Subscribe |
Oct 22nd 2016 5 years ago |
Sign Up for Free or Log In to start participating in the conversation!