The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. has alerted that cybercriminals are exploiting the outdated Cisco Smart Install (SMI) feature to gain unauthorized access to sensitive information.
According to the agency’s report, malicious actors have been successful in extracting system configuration files through exploiting available protocols or software on devices, particularly by misusing the outdated Cisco Smart Install feature.
CISA has also noticed prevalent use of weak password algorithms on Cisco network hardware, making them susceptible to brute-force attacks aimed at cracking passwords. These algorithms are used to secure device passwords within system configuration files.
If attackers manage to exploit this access, they can easily obtain system configuration files, leading to a significant compromise of the affected networks.
“It is crucial for organizations to ensure that all passwords on network devices are encrypted using robust security measures,” emphasized CISA, recommending the use of “type 8 password” encryption for all Cisco devices in order to safeguard passwords stored within configuration files.
Enterprises are urged to refer to the National Security Agency’s (NSA) guide on Smart Install Protocol Misuse and the Network Infrastructure Security Guide for comprehensive configuration recommendations.
Further recommendations include the adoption of robust cryptographic hashing techniques for password storage, avoidance of password duplication, enforcement of strong and intricate passwords, and refraining from utilizing unaccountable group accounts.
This development coincides with Cisco’s notification of the availability of a Proof of Concept (PoC) code for CVE-2024-20419 (CVSS score: 10.0), a critical vulnerability affecting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable unauthorized users to alter passwords.
About Author
