![]() When those are brought to our attention - whether it's Cisco or anybody else - we're going to act as quickly as possible to address any potential risks or vulnerabilities that are out there and deliver to our customers best-in-class security capabilities." "However, there are times when potential vulnerabilities may be found externally, for anyone in the industry. "We see more threats every day than Google sees searches every day via our threat intelligence engine," said Sheth. In an interview with CRN, Nirav Sheth, vice president of architectures, solutions and engineering in Cisco's global partner organization, said the company often stays ahead of attacks with its threat intelligence engine and Cisco Talos team. However, the team did say it was an improvement from the reported numbers in 2016, when security firm Tenable observed 251,000 exposed Cisco Smart Install Clients. "The results were extremely troubling," wrote Cisco Talos in its advisory. During Cisco Talos' investigation, the company identified more than 168,000 systems that are potentially exposed via the Cisco Smart Install Client. Throughout the end of 2017 and early 2018, Cisco Talos observed attackers trying to scan clients using this vulnerability. "Although this is not a vulnerability in the classic sense, the misuse of this protocol is an attack vector that should be mitigated immediately," said Cisco. ![]() The protocol can be abused to modify the TFTP (Trivial File Transfer Protocol) server setting, exfiltrate configuration files via TFTP, modify the configuration file, replace the IOS image and set up accounts, allowing for the execution of IOS commands, according to Cisco Talos. "We are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths."Ĭisco's Smart Install Client is a legacy utility designed to allow zero-touch installation of new Cisco equipment, specifically Cisco switches. "Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol," wrote Cisco Talos, the company's threat intelligence group, in an advisory warning April 5. The protocols being targeted include Telnet, Hypertext Transport Protocol, Simple Network Management Protocol and Cisco Smart Install.Ĭisco issued its own advisory warning this month regarding its Smart Install Client solution being leveraged to compromise customer devices. Russian hackers are leveraging a number of legacy or weak protocols and service ports associated with network administration activities to identify vulnerable devices, extract device configurations, gain login credentials, modify device firmware and operating systems, and copy or redirect traffic through Russian-controlled infrastructure, according to the alert. Such scanning allows these actors to identify enabled Internet-facing ports and services, conduct device fingerprinting, and discover vulnerable network infrastructure devices," said the April 16 alert, which was based on results of analytic efforts between the Department of Homeland Security, the FBI and the United Kingdom's National Cyber Security Centre. "Russian state-sponsored cyber actors have conducted both broad-scale and targeted scanning of Internet address spaces. Computer Emergency Readiness Team said Russian hackers are attacking networking devices, network management protocols and the Cisco Smart Install Client that belong to governments, infrastructure providers and businesses. government said is being targeted by Russian state-sponsored hackers. Cisco Systems has identified more than 168,000 systems that are potentially exposed via its Cisco Smart Install Client, which the U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |