Cisco Vulnerability: CISA Alerts Of Smart Install Exploits
In light of recent cybercrime incidents, the United States (US) Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert pertaining to a Cisco vulnerability. As per recent reports, the Cisco vulnerability prevails within the Smart Install (SMI) feature and can be exploited for access to sensitive data. In this article, we’ll explore the vulnerability and what the company plans to do about it. Let’s begin!
Critical Cisco Vulnerability Uncovered
Providing details about the vulnerability, the CISA has stated that threat actors were seen abusing the traditional Cisco Smart Install (SMI) feature, helping them acquire system configuration files. These files contain password types which are basically algorithms used to secure the password of Cisco devices.
It’s worth mentioning here the development pertaining to this Cisco vulnerability came to light after the company announced the public availability of a proof-of-concept (PoC) for a different vulnerability. That Cisco vulnerability was associated with the Smart Software Manager On-Prem (Cisco SSM On-Prem) and was tracked as CVE-2024-20419.
Given that CVE-2024-20419 could allow threat actors to gain unauthenticated remote access and change user passwords, it had a critical vulnerability severity score (CVSS) of 10.0.
Cisco Network Device Security Flaws
Apart from this vulnerability, Cisco has also issued alerts of multiple critical shortcomings, having a CVSS of 9.8. These Cisco vulnerabilities are being tracked as CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454 and currently prevail in Business SPA300 Series and SPA500 Series IP Phones.
If exploited, these vulnerabilities could allow an attacker to execute arbitrary commands or even cause a denial-of-service (DOS) condition. Cisco has stated that incoming HTTP packets not being examined properly for errors could be a contributing factor to the prevalence of these vulnerabilities.
Given this, such vulnerabilities could be exploited if a threat actor sends malicious HTTP requests to a target device. Once the device is compromised, the hacker would be able to overflow an internal buffer and execute arbitrary commands at the root privilege level.
Safeguarding Against The Cisco Flaw
As far as safety measures or protocols being implemented by Cisco are concerned, the company does not plan software updates addressing the Cisco vulnerability. Instead, they have stated that the devices have reached end-of-life (EOL) status and that users should transition to newer models.
Given that the Cisco vulnerability pertains to the malicious acquisition of configuration files pertaining to password types, government bodies have recommended using Type 8 password protection. The password type uses the PBKDF2 algorithm with SHA-256, making it difficult to crack and does not have any known vulnerabilities.
Organizations should also develop a comprehensive strategy for securing admin account credentials. It’s essential to comprehend that such a strategy must follow certain best practices that include:
- Avoiding group accounts.
- Avoiding password reuse.
- Developing strong and complex passwords.
- Storing passwords with a hashing algorithm.
Conclusion
In light of these significant Cisco vulnerabilities, it’s clear that robust cybersecurity practices are more crucial than ever. As threat actors become increasingly sophisticated, organizations must upgrade outdated systems, enforce strong password protocols, and stay ahead of potential risks to protect their networks and sensitive data.
The sources for this piece include articles in The Hacker News and Bleeping Computer.