Since some cisco switches gives Role: Client and some cisco switches gives Role: Client Smart Install enabled, the above play will print vstack present even for switch which do not have vstack in it as I am searching for Client and it also takes Role: Client Smartinstall Disabled as Client string is present in it. For all platforms vstack enabled is a default behaviour and auto-disable works when SMI Director is not configured in network. Z.z.x.c : ok=4 changed=1 unreachable=0 failed=0 X.v.b.n : ok=3 changed=0 unreachable=0 failed=0 It appears the suggested fix is just disable it, apparently the new IOS also just disables by default unless you enable it.
#Completely disable vstack cisco full#
It appears this attack gives basically full control to the attacker of the router or switch. I found out over the weekend about a fairly major attack on Cisco devices CVE-2018-0171. When: showvstack.stdout | join('') | search('Client') name: If vstack is enabled on switch disable vstack When: showvstack.stdout | join('') | match('Client (SmartInstall enabled)') or showvstack.stdout | join('') | match('Client') # regex_pattern: "^.*Client (SmartInstall enabled).*$"
# when: showvstack.stdout is regex("'Role.*'") name: Verify whether vstack feature is enabled I need to check if vstack is enabled in each of these hosts, if enabled I need to disable it as a self healing process. I have a use case where I have set of hosts in my inventory file say inventory.txt
0 kommentar(er)
