Tuesday, November 19, 2024

HomeCyberSecurityAttackers target legacy Cisco Smart Install features
CyberSecurity

Attackers target legacy Cisco Smart Install features

David Jones
By David Jones
0
51
Attackers target legacy Cisco Smart Install features

Dive Brief:

  • Federal authorities and security researchers warn malicious hackers are targeting legacy Cisco Smart Install features to steal system configuration files and compromise enterprise networks. 
  • The Cybersecurity and Infrastructure Security Agency advised organizations to disable the Smart Install feature and said it continues to see enterprises using weak passwords on Cisco network devices, in an advisory released Thursday. Weak passwords can leave a user vulnerable to password cracking attacks, according to CISA. 
  • Shadowserver on Friday said it sees more than 6,000 IPs with the Cisco Smart Install feature still exposed to the internet. This figure is down from more than 14,000 instances about two years ago.  

Dive Insight:

Abuse of Cisco Smart Install has been a known issue for more than five years. Cisco Talos issued a blog about it in 2017, and Cisco released an advisory in 2018

Researchers from Cisco Talos said they are aware of the CISA advisory and advised users to disable the legacy Smart Install feature, a spokesperson said via email. 

Cisco on Friday said customers need to make sure their network switches are properly protected against this abuse, through a spokesperson. 

Cisco Talos also has a scanning utility to help customers determine if they are vulnerable to this type of abuse. 

CISA recommends the use of type 8 password protection for Cisco devices. Type 8 password protection is a more secure form of password for Cisco that is hashed with password-based key derivation function version 2. 

The agency also encouraged users to review a July 2019 advisory from the National Security Agency about Smart Install abuse. 

Cisco in July separately released an advisory about a critical vulnerability in the authentication system of Cisco Smart Software Manager On-Prem. 

The vulnerability, listed as CVE-2024-20419 and with a severity score of 10, could allow an unauthenticated, remote attacker to change the password of any user, including administrators. The vulnerability is due to improper implementation of the password change process, according to Cisco.

Cisco said it released updates for the vulnerability, however noted there were no workarounds. 


Source link

Bookmark (0)
Please login to bookmarkClose
Previous article
FDNY hooks new boss after commissioner threatened to ‘hunt’ firefighters who booed Letitia James
Next article
Planet Fitness added as new long idea at Hedgeye (NYSE:PLNT)
David Jones
David Jones
RELATED ARTICLES
- Advertisment -spot_img

Most Popular

Load more

Sponsored Business

- Advertisment -spot_img

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

Market World’s portal of services include news, marketing, development and ecommerce. We strive to meet the needs and provide high value for all visitors and customers. We offer digital services for small, mid-sized and large enterprise platforms. We treat our customers as partners and offer the tools and services for growth and success for your journey.

Become a Market World Entrepreneur

FOLLOW US              

© 2022 Market World LLC. All rights reserved