Cisco Warning Smart Install Client Users to Patch and Securely Configure the Software

DooKey

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,554
Cisco has released a warning to their customers to patch their Smart Install client software (Warning auto play video) because hackers are exploiting a "protocol misuse" issue in the client. These attacks are primarily to critical infrastructure providers according to Cisco and CERT has linked them to nation-state attackers. Cisco has discovered 168K systems in the wild that are potentially exposed due to improper configuration and there are probably many more.

"Although this is not a vulnerability in the classic sense, the misuse of this protocol is an attack vector that should be mitigated immediately. Throughout the end of 2017 and early 2018, Talos has observed attackers trying to scan clients using this vulnerability. Recent information has increased the urgency of this issue."
 
IT staff setting things up insecurely? Well I never!

Too bad there's many Sys admins out there that would rather keep their ego than admit they made a mistake, or need help.
 
Yeah I am patching our IOS and IOS-XE devices this weekend/next weekend for this. The problem why this is easily overlooked by sysadmins is because Smart Install is not limited to the management interface by default nor is many other common management features like SSH, etc. IOS-XE being on many of the non Nexus Cisco routers and if those routers have public interfaces, it is there on the internet by default. So when people are deploying ASR's, etc and terminating ISP's into them, then those interfaces are on the internet and so is Smart Install and other management protocols.

I learned this the hard why many years ago and didn't realize SSH was also enabled on all the interfaces by default on IOS and IOS-XE devices. I was used to working on the ASA line where you have to explicitly say what interface to allow SSH on and from what IP...I overlooked it. We had AAA RADIUS enabled and saw many attempts to try log in....they never got thru, but they were there. These days, I learned from that and have a whole hardening procedure and ACL's to apply.
 
You must log in or register to reply here.
Back
Top