Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities

Share This Post

The US cybersecurity agency CISA on Thursday informed organizations about threat actors targeting improperly configured Cisco devices.

The agency has observed malicious hackers acquiring system configuration files by abusing available protocols or software, such as the legacy Cisco Smart Install (SMI) feature. 

This feature has been abused for years to take control of Cisco switches and this is not the first warning issued by the US government. 

“CISA also continues to see weak password types used on Cisco network devices,” the agency noted on Thursday. “A Cisco password type is the type of algorithm used to secure a Cisco device’s password within a system configuration file. The use of weak password types enables password cracking attacks.” 

“Once access is gained a threat actor would be able to access system configuration files easily. Access to these configuration files and system passwords can enable malicious cyber actors to compromise victim networks,” it added.

After CISA published its alert, the non-profit cybersecurity organization The Shadowserver Foundation reported seeing over 6,000 IPs with the Cisco SMI feature exposed to the internet

On Wednesday, Cisco informed customers about three critical- and two high-severity vulnerabilities found in Small Business SPA300 and SPA500 series IP phones. 

The flaws can allow an attacker to execute arbitrary commands on the underlying operating system or cause a DoS condition. 

While the vulnerabilities can pose a serious risk to organizations due to the fact that they can be exploited remotely without authentication, Cisco is not releasing patches because the products have reached end of life.

Advertisement. Scroll to continue reading.

Also on Wednesday, the networking giant told customers that a proof-of-concept (PoC) exploit has been made available for a critical Smart Software Manager On-Prem vulnerability — tracked as CVE-2024-20419 — that can be exploited remotely and without authentication to change user passwords. 

Shadowserver reported seeing only 40 instances on the internet that are impacted by CVE-2024-20419. 

Related: Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies

Related: Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM

Related: Cisco Patches Webex Bugs Following Exposure of German Government Meetings

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .