Protect yourself from Cisco Smart Install Attack and others. ToDo list

• Denial of Service (DoS) CVE-2018-0156 .
• Remote code execution (RCE) CVE-2018-0171 .

• RCE  of QoS service CVE-2018-0151 . 
• Unauthenticated attacker can login to device using  default username "cisco" CVE-2018-0150 . 

Exploit is not published for free yet but it is not a reason to ignore these vulnerabilities. Some people have this exploit, one can be sure. And you must protect your devices now because it is not too late yet.
name='more'> I'll describe how to eliminate the danger of Smart Install vulnerabilities  CVE-2018-0156 ,  CVE-2018-0171 , QoS  CVE-2018-0151  and default username cisco  CVE-2018-0150 .

• Analyze you devices software if it is vulnerable to CVE mentioned above. Check software versions with vendor recommended ones.
• Analyze if your network contains hacked devices with unauthorized configuration changes. Restore productive configs, change passwords and keys. Collect logs to inform law enforcement agencies if needed.
• Disable Cisco Smart Install with "no vstack" command. 
• Delete default username "cisco".
• Restrict packets processing with dst port UDP 18999 (QoS) and TCP port 4786 (Smart Install) directed to network device as dst IP.
• Upgrade devices software/firmware to vendor recommended versions. Have in mind that maintenance window is needed.
• Configure equipment monitoring for: 
• - Cisco Smart Install (vstack) activation and port TCP 4786 availability
• - UDP 18999 activation in system (listening state)
• - default username "cisco" appearing in configs
• integrate this monitoring process with incident management system in the organisation. Even if you eliminated bugs they can be back in future. Reason of bugs' appearance may be human factor, software behavior change after upgrade or new bug emersion.