US authorities warn of an uptick in state-sponsored exploitation of a seven-year-old vulnerability in Cisco’s operating system software.
US authorities warn of an uptick in state-sponsored exploitation of a seven-year-old vulnerability in Cisco’s operating system software.
Threat actors linked to the Russian government are falling back on a seven-year-old vulnerability in Cisco equipment that was first uncovered in 2018, according to a new warning from the FBI.
The flaw in question, tracked as CVE-2018-0171, exists in the Smart Install (SMI) feature of Cisco’s Internetwork Operating System (IOS) and IOS XE. It arises through the improper validation of packet data and is exploited by sending a specially-crafted Smart Install message to a vulnerable device on TCP port 4786.
If left unpatched, enables an unauthenticated, remote attacker to achieve a denial of service (DoS) condition, or to conduct remote code execution (RCE).
In the past year, the feds said they had detected threat actors collecting configuration files for thousands of end-of-life network devices vulnerable to CVE-2018-0171, which it said are still in use at multiple critical national infrastructure (CNI) operators in the US.
