Skip to content

Horizon3.ai Docs

Cisco Smart Install

Horizon3.ai Docs

Welcome
Getting Started
Getting Started
- Register an Account
  Register an Account
- Run an External Pentest
  Run an External Pentest
- Setup NodeZero Host
  Setup NodeZero Host
- (Optional) Manual Proxy Setup
  (Optional) Manual Proxy Setup
- Run an Internal Pentest
  Run an Internal Pentest
- Run an AD Password Audit
  Run an AD Password Audit
- Run 1-click Verify
  Run 1-click Verify
- NodeZero Portal Access Control
  NodeZero Portal Access Control
  - User Personas
  - User Management
  - Single Sign-On (SSO)
  - Identity Provider Guides
    Identity Provider Guides
    
    Azure
    
    Okta
Reference
Reference
- API
  API
  - CLI Tool
    
    CLI Tool
    
    Getting Started
    
    Guides
    Guides
    
    Automate NodeZero Deployment
    
    Scheduling from CLI
    
    Monitor Pentests
    
    Paginate Results
  - API Reference
    
    API Reference
    
    Authenticate
    
    Getting Started
    
    GraphQL API
- Automate Scheduling
  Automate Scheduling
- Attack Configuration
  Attack Configuration
  - Remote Access Tool
- BloodHound
  BloodHound
- Co-Branding
  Co-Branding
- Glossary
  Glossary
- Horizon 3 Weaknesses
  Horizon 3 Weaknesses
- Sensitive Data Exposure
  Sensitive Data Exposure
- Injecting Credentials
  Injecting Credentials
  - Injecting an AWS Role
- Phishing Impact Test
  Phishing Impact Test
  - The NodeZero Phishing Script
- NodeZero Modules
  NodeZero Modules
  - Cyanide
    
    Cyanide
- Notifications
  Notifications
- Media
  Media
- Templates
  Templates
- Release Notes
  Release Notes
  - 2024.06
  - 2024.05
  - 2024.04
  - 2024.03
  - 2024.02
  - 2024.01
Downloads
Downloads

Cisco Smart Install

Table of Contents

Option 1: Upgrade IOS to a Secure Version
Option 2: Disable the Smart Install Service
Option 3: Apply Firewall Whitelist Rules

Option 1: Upgrade IOS to a Secure Version

If the hardware and licensing supports upgrading to a newer IOS version, follow the official “Software Installation and Upgrade Procedures” from Cisco here. Otherwise follow Option 2 for disabling the Smart Install service.

Option 2: Disable the Smart Install Service

It is recommended, that if the Smart Install service is not in use, to completely disable the service by issuing the following command from an elevated Cisco prompt: no vstack

Option 3: Apply Firewall Whitelist Rules

It is recommended that if the Smart Install service is not in use to apply firewall rules limiting access to the service on port 4876/tcp. The following command from an elevated Cisco prompt will limit all access to that port:

ip access-list extended CFC_DISABLE_ALL_SMI deny tcp any any eq 4786 permit ip any any