The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about threat actors exploiting the outdated Cisco Smart Install (SMI) feature to access sensitive data.

Description

Hackers are targeting weak password types on Cisco network devices, allowing them to obtain system configuration files and potentially compromise victim networks [2]. Adversaries can exfiltrate copies of configuration files using the Smart Install feature [4], compromising infrastructure device integrity [4]. CISA recommends using Type 8 password protection for all Cisco devices and disabling the SMI feature for increased security. In addition, Cisco has disclosed critical vulnerabilities in Smart Software Manager On-Prem (CVE-2024-20419) and Small Business SPA300/SPA500 Series IP Phones [2], which could enable remote attackers to execute arbitrary commands or cause denial-of-service conditions [1] [2]. The company has announced that it will not release software updates for the affected appliances [2], as they have reached end-of-life status [1] [2]. Organizations are advised to consult the NSA’s Smart Install Protocol Misuse advisory for further guidance on securing network infrastructure [3]. Cybercriminals have been exploiting the vulnerability to compromise network devices and steal critical data [3]. The exploitation of the SMI protocol remains a significant concern [3], with hacking groups such as the Russian-backed Dragonfly APT group using it to manipulate configuration files, create rogue accounts [3], and exfiltrate sensitive information [3]. Regularly updating and securing network devices is crucial to protect against evolving cyber threats [1], especially when legacy features and outdated equipment are involved [1].

Conclusion

It is imperative for organizations to take immediate action to secure their network infrastructure by implementing recommended security measures, such as using Type 8 password protection and disabling the SMI feature. Failure to do so could result in severe consequences, including unauthorized access to sensitive data and potential network compromise. Staying vigilant and proactive in addressing cybersecurity threats is essential to safeguarding against malicious actors and ensuring the integrity of network systems.

References

[1] https://cybermaterial.com/cisa-warns-of-legacy-smart-install-exploits/
[2] https://thehackernews.com/2024/08/cisa-warns-of-hackers-exploiting-legacy.html
[3] https://www.cybaverse.co.uk/threat-reports/cisa-issues-warning-on-hackers-exploiting-cisco-smart-install-feature
[4] https://cybersecuritynews.com/cisco-smart-install-feature-exploited/