Share This:

Cybersecurity Threat AdvisoryThere has been a surge in malicious cyber activities exploiting the Cisco Smart Install (SMI) legacy feature. This legacy feature if enabled by default on many Cisco devices, allowing threat actors to gain unauthorized access to network devices, allowing them to exfiltrate system configuration files, distribute various malware families, and cause significant disruption. Review this Cybersecurity Threat Advisory to learn how to keep your environment secure.

What is the threat?

Security experts now recognize the SMI feature, primarily intended for automated configuration and deployment of Cisco devices, as a major security vulnerability known as CVE-2018-0171. This feature can be exploited by remote attackers when proper security is not applied. It allows attackers to execute arbitrary code or cause a denial-of-service (DoS) condition on affected devices.

To exploit this vulnerability, attackers are sending specially crafted SMI protocol messages to devices, leading the devices to respond with sensitive configuration details. Bad actors can use these details to map out the network, identify other vulnerable devices, and distribute malware.

Why is it noteworthy?

Due to the fact that the SMI feature is enabled by default, many organizations may still be susceptible without realizing it, significantly increasing their risk of cyberattacks. The ease of exploiting this flaw and the significant impact of a successful attack make it a high-priority issue for network administrators.

What is the exposure or risk?

Organizations that have not disabled the Cisco SMI feature or applied the necessary patches are at significant risk. Successful exploitation of this vulnerability can lead to unauthorized access to network infrastructure, resulting in the exfiltration of sensitive configuration data, network disruption, and the potential spread of malware across the network. In some cases, this could lead to a complete compromise of the organization’s network, allowing attackers to move laterally and escalate privileges. The potential for significant operational downtime, data loss, and reputational damage makes this a critical issue that requires immediate attention.

What are the recommendations?

Barracuda MSP recommends the following actions to keep your environment secure:

References

For more in-depth information about the recommendations, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.


Share This:
Vincent Yu

Posted by Vincent Yu

Vincent is a Cybersecurity Analyst at Barracuda. He's a security expert, working on our Blue Team within our Security Operations Center. Vincent supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *