Cyber security news for all

More

    CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Vulnerabilities

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that malicious entities are exploiting the antiquated Cisco Smart Install (SMI) functionality to gain unauthorized access to sensitive data.

    CISA disclosed that adversaries have been “harvesting system configuration files by manipulating available protocols or software on devices, including exploiting the deprecated Cisco Smart Install feature.”

    The agency further noted the persistent use of inadequate password types on Cisco network devices, leaving them vulnerable to password-cracking schemes. These password types pertain to the algorithms employed to secure a Cisco device’s password within its system configuration file.

    Should threat actors succeed in compromising the device, they can effortlessly access system configuration files, thereby enabling more profound breaches of the victim’s networks.

    “Organizations must guarantee that all passwords on network devices are safeguarded with an adequate level of protection,” CISA advised, recommending “type 8 password protection for all Cisco devices to shield passwords within configuration files.”

    The agency also encourages enterprises to consult the National Security Agency’s (NSA) Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration best practices.

    Additional recommendations include employing robust hashing algorithms for password storage, avoiding password reuse, assigning complex and formidable passwords, and eschewing group accounts that lack accountability.

    This warning coincides with Cisco’s alert regarding the public disclosure of proof-of-concept (PoC) code for CVE-2024-20419 (CVSS score: 10.0), a severe vulnerability affecting Smart Software Manager On-Prem (Cisco SSM On-Prem), which could allow a remote, unauthenticated attacker to alter user passwords.

    Cisco has also flagged several critical vulnerabilities (CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454, CVSS scores: 9.8) in the Small Business SPA300 Series and SPA500 Series IP Phones, which could enable an attacker to execute arbitrary commands on the underlying operating system or induce a denial-of-service (DoS) condition.

    “These flaws arise due to improper error checking of incoming HTTP packets, potentially leading to a buffer overflow,” Cisco stated in a bulletin issued on August 7, 2024.

    “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful attack could allow the attacker to overflow an internal buffer and execute arbitrary commands with root privileges.”

    The company indicated it does not plan to release software updates to address these flaws, as the affected devices have reached their end-of-life (EoL) status, necessitating user migration to newer models.

    Recent Articles

    Related Stories