Hackers Using the Legacy Cisco Smart Install Feature, CISA Warns

0
110
Hackers Using the Legacy Cisco Smart Install Feature, CISA Warns
Hackers Using the Legacy Cisco Smart Install Feature, CISA Warns

In an effort to obtain sensitive data, threat actors are misusing the outdated Cisco Smart Install (SMI) capability, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data.

The agency said it has seen adversaries “acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature.”

It also said it continues to notice weak password types used on Cisco network devices, thereby exposing them to password-cracking assaults. Password types refer to techniques that are used to secure a Cisco device’s password within a system configuration file.

Threat actors who are able to gain access to the device in this manner would be able to easily access system configuration files, facilitating a deeper compromise of the victim networks.

“Organizations must ensure all passwords on network devices are stored using a sufficient level of protection,” CISA said, adding it recommends “type 8 password protection for all Cisco devices to protect passwords within configuration files.”

It is also recommending organizations consult the National Security Agency’s (NSA) Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration suggestions.

Additional best practices include the use of a strong hashing mechanism to save passwords, minimizing password reuse, assigning strong and difficult passwords, and refraining from using group accounts that do not provide accountability.

This development coincides with Cisco’s alert regarding the public release of a proof-of-concept (PoC) code for CVE-2024-20419 (CVSS score: 10.0), a critical vulnerability affecting Cisco SSM On-Prem (Smart Software Manager On-Prem) that could allow an unauthenticated, remote attacker to modify any user’s password.

Additionally, the networking equipment major has made note of several critical flaws in the Small Business SPA300 Series and SPA500 Series IP Phones (CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454, CVSS scores: 9.8) that could allow an attacker to take control of the underlying operating system or result in a denial-of-service (DoS) condition.

“These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow,” Cisco said in a bulletin published on August 7, 2024. “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.” The company said it does not intend to release software updates to address the flaws, as the appliances have reached end-of-life (EoL) status, necessitating that users transition to newer models.

Also readAchieving Rapid Outcomes with AI-Driven Cloud Analytics

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.