Tech »  Topic »  Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities

Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities


CISA is warning organizations about abuse of Cisco Smart Install feature, as Cisco is notifying customers about critical phone vulnerabilities it’s not patching.

The US cybersecurity agency CISA on Thursday informed organizations about threat actors targeting improperly configured Cisco devices.

The agency has observed malicious hackers acquiring system configuration files by abusing available protocols or software, such as the legacy Cisco Smart Install (SMI) feature.

This feature has been abused for years to take control of Cisco switches and this is not the first warning issued by the US government.

“CISA also continues to see weak password types used on Cisco network devices,” the agency noted on Thursday. “A Cisco password type is the type of algorithm used to secure a Cisco device’s password within a system configuration file. The use of weak password types enables password cracking attacks.”

“Once access is gained a threat actor would be ...


Copyright of this story solely belongs to securityweek . To see the full text click HERE