A flaw in Cisco switches was the culprit of critical infrastructure attacks in numerous countries, according to a security report from the Cisco Talos team. The cyberattack reportedly affected 168,000 systems in the process.
The Cisco Talos team reported a protocol issue with the Cisco Small Install Client which allowed hackers to access the switch if it hadn’t been configured yet. If the switch wasn’t configured or turned off, it waits in the background for commands.
If it wasn’t configured, the Smart Install protocol can be used to “modify the TFTP server setting, exfiltrate configuration files via TFTIP, modify the configuration file, replace the IOS image, and set up accounts, allowing for the execution of IOS commands.”
The Talos team stated that they used a search tool named Shodan to assess how many systems were vulnerable. They determined that 168,000 systems could be vulnerable to this attack.
Do you have a Cisco Smart Install Client and want to see if it’s active? Click here to finish reading the article and get instructions on how to do that.
For a hassle free 30 day trial, click the "Free Trial" button, download and deploy a copy of the appliance. No Credit Card required.