Security News > 2024 > August > CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature
2024-08-09 05:41

The U.S. Cybersecurity and Infrastructure Security Agency has disclosed that threat actors are abusing the legacy Cisco Smart Install feature with the aim of accessing sensitive data.

The agency said it has seen adversaries "Acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."

Password types refer to algorithms that are used to secure a Cisco device's password within a system configuration file.

"Organizations must ensure all passwords on network devices are stored using a sufficient level of protection," CISA said, adding it recommends "Type 8 password protection for all Cisco devices to protect passwords within configuration files."

Additional best practices include the use of a strong hashing algorithm to store passwords, avoiding password reuse, assigning strong and complex passwords, and refraining from using group accounts that do not provide accountability.

The development comes as Cisco warned of the public availability of a proof-of-concept code for CVE-2024-20419, a critical flaw impacting Smart Software Manager On-Prem that could enable a remote, unauthenticated attacker to change the password of any users.


News URL

https://thehackernews.com/2024/08/cisa-warns-of-hackers-exploiting-legacy.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751