The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has disclosed that menace actors are abusing the legacy Cisco Good Set up (SMI) characteristic with the goal of accessing delicate knowledge.
The company mentioned it has seen adversaries “acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature.”
It additionally mentioned it continues to look at weak password sorts used on Cisco community units, thereby exposing them to password-cracking assaults. Password sorts check with algorithms which can be used to safe a Cisco system’s password inside a system configuration file.
Menace actors who’re capable of achieve entry to the system on this method would have the ability to simply entry system configuration information, facilitating a deeper compromise of the sufferer networks.
“Organizations must ensure all passwords on network devices are stored using a sufficient level of protection,” CISA mentioned, including it recommends “sort 8 password safety for all Cisco units to guard passwords inside configuration information.”
Additionally it is urging enterprises to evaluation the Nationwide Safety Company’s (NSA) Good Set up Protocol Misuse advisory and Community Infrastructure Safety Information for configuration steerage.
Further greatest practices embody using a robust hashing algorithm to retailer passwords, avoiding password reuse, assigning sturdy and complicated passwords, and refraining from utilizing group accounts that don’t present accountability.
The event comes as Cisco warned of the general public availability of a proof-of-concept (PoC) code for CVE-2024-20419 (CVSS rating: 10.0), a important flaw impacting Good Software program Supervisor On-Prem (Cisco SSM On-Prem) that might allow a distant, unauthenticated attacker to vary the password of any customers.
The networking gear main has additionally alerted of a number of important shortcomings (CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454, CVSS scores: 9.8) in Small Enterprise SPA300 Collection and SPA500 Collection IP Telephones that might allow an attacker to execute arbitrary instructions on the underlying working system or trigger a denial-of-service (DoS) situation.
“These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow,” Cisco mentioned in a bulletin printed on August 7, 2024.
“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.”
The corporate mentioned it doesn’t intend to launch software program updates to handle the issues, because the home equipment have reached end-of-life (EoL) standing, necessitating that customers transition to newer fashions.
