#CISCO DEVICES RUNNING VSTACK ASR1001X INSTALL#
“It is noteworthy that we are seeing an increase in scanning for the Cisco Smart Install Client,” Biasini wrote. That said, there was a spike in scanning starting in November 2017, which has peaked in April, according to numbers compiled by Talos. Still, it’s a lot of systems, and scanning by potential bad actors for the Smart Install technology has been ongoing since Cisco’s initial disclosure 14 months ago.
Without the right security controls, hackers can send new commands to the switches running Cisco’s IOS or IOS XE network operating system.Īccording to the blog post by Nick Biasini, a threat researcher at Cisco Talos, the Smart Install protocol can be misused to “modify the TFTP server setting exfiltrate configuration files via TFTP, modify the configuration file, replaces the IOS image, and set up accounts, allowing for the execution of IOS commands.” Biasini added that “although this is not a vulnerability in the classic sense, the misuse of this protocol is an attack vector that should be mitigated immediately.”Ĭisco used the Shodan tool to find that more than 168,000 systems worldwide are potentially exposed to threats through the Smart Install Client, a number that is smaller than the 251,000 cyber-security firm Tenable found were exposed in 2016. government agencies and organizations in such critical areas as nuclear, water, aviation, energy, commercial facilities and manufacturing.Ĭisco in February 2017 issued an alert after discovering a rise in the number of internet scans for systems where the Smart Install Client was not turned off or configured with the property security controls. Cert that alleged hackers associated with the Russian government were targeting U.S. The Talos unit is blaming nation-states for the bulk of these attacks, saying they are similar to those detailed in a release last month by U.S.
#CISCO DEVICES RUNNING VSTACK ASR1001X SOFTWARE#
Attackers are taking aim at critical infrastructure in multiple countries by exploiting a software flaw in some Cisco switches that has been a point of concern for more than a year.Īccording to a blog post issued April 5 by Cisco’s Talos security unit, the cyber-attacks are exploiting what Cisco officials are calling a “protocol misuse” situation in Cisco’s Smart Install Client, which is designed to enable the no-touch installation and deployment of new Cisco hardware, in particular Cisco switches.