August 9, 2024 at 07:54AM
The US cybersecurity agency CISA warned about threat actors targeting improperly configured Cisco devices. Malicious actors abuse features like Smart Install to acquire system configuration files and exploit weak password types. Meanwhile, Cisco faces critical vulnerabilities in its IP phones, without releasing patches due to end-of-life products. Multiple exploits and risks were highlighted.
From the meeting notes, the key takeaways are:
1. CISA (Cybersecurity and Infrastructure Security Agency) has issued a warning about threat actors targeting improperly configured Cisco devices. They have observed malicious hackers abusing protocols or software, such as the legacy Cisco Smart Install feature, to acquire system configuration files.
2. Weak password types are being used on Cisco network devices, making them vulnerable to password cracking attacks. If access is gained, malicious actors could compromise victim networks.
3. The non-profit cybersecurity organization The Shadowserver Foundation reported over 6,000 IPs with the Cisco Smart Install feature exposed to the internet following CISA’s alert.
4. Cisco informed customers about three critical- and two high-severity vulnerabilities found in Small Business SPA300 and SPA500 series IP phones. These flaws can allow attackers to execute arbitrary commands or cause a DoS condition, posing a serious risk to organizations as patches are not being released due to the products reaching end of life.
5. A proof-of-concept exploit has been made available for a critical Smart Software Manager On-Prem vulnerability, which can be exploited remotely and without authentication to change user passwords. Shadowserver reported only 40 instances on the internet impacted by this vulnerability.
This information highlights the importance of addressing the vulnerabilities and weaknesses in Cisco devices to prevent potential cyber threats and attacks.