Home Security CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

by


Aug 09, 2024Ravie LakshmananVulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data.

The agency said it has seen adversaries “acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature.”

It also said it continues to observe weak password types used on Cisco network devices, thereby exposing them to password-cracking attacks. Password types refer to algorithms that are used to secure a Cisco device’s password within a system configuration file.

Cybersecurity

Threat actors who are able to gain access to the device in this manner would be able to easily access system configuration files, facilitating a deeper compromise of the victim networks.

“Organizations must ensure all passwords on network devices are stored using a sufficient level of protection,” CISA said, adding it recommends “type 8 password protection for all Cisco devices to protect passwords within configuration files.”

It is also urging enterprises to review the National Security Agency’s (NSA) Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance.

Additional best practices include the use of a strong hashing algorithm to store passwords, avoiding password reuse, assigning strong and complex passwords, and refraining from using group accounts that do not provide accountability.

The development comes as Cisco warned of the public availability of a proof-of-concept (PoC) code for CVE-2024-20419 (CVSS score: 10.0), a critical flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users.

The networking equipment major has also alerted of multiple critical shortcomings (CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454, CVSS scores: 9.8) in Small Business SPA300 Series and SPA500 Series IP Phones that could permit an attacker to execute arbitrary commands on the underlying operating system or cause a denial-of-service (DoS) condition.

Cybersecurity

“These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow,” Cisco said in a bulletin published on August 7, 2024.

“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.”

The company said it does not intend to release software updates to address the flaws, as the appliances have reached end-of-life (EoL) status, necessitating that users transition to newer models.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex