- FBI has warned of Russian hackers who abuse CVE-2018-0171
- Configuration files from “Thousands” of Cisco -Units were already stolen
- The error affects many outdated end points so patch now
Russian state-sponsored threat actors are abusing a year old Cisco vulnerability to spy on organizations in the West, the FBI warns.
In a public service announcement published on the IC3 Web site, FBI said that it saw Center 16 -a threat actor linked to the Russian Federal Security Service (FSB) -utilization of simple Network Management Protocol (SNMP) and a vulnerability in Cisco Smart Install (SMI) that reached the end of life.
The goal, the agency says is to “widely target units in the US and globally”.
The end of life
The vulnerability used here is traced as CVE-2018-0171. Discovered for approx. Seven years ago, this incorrect validation of package data sail in the Smart Install feature of Cisco iOS software and Cisco iOS XE software allows unauthorized, remote opponents, to trigger a reloading of a affected device, resulting in either any incidental code performance or a denial of service (dos) state.
The error affected a large number of Cisco Catalyst -Switches, including models from Catalyst 2000, 3000, 3650, 3850, 4500 and 9000 series.
Cisco Industrial Ethernet -Switches as well as some Nexus data center contacts that had smart installation enabled by default were also affected.
Many of the older units (Catalyst 2960, 3560, 3750, 4500E) have reached the end of life, which means they were never patched for this error and remain vulnerable. Cisco advises users to replace them with newer models, such as those from the Catalyst 9000 series, which remain active product lines.
Over the past year, the FBI Center saw 16 collect configuration files for “thousands” of network devices from US devices, mostly in the critical infrastructure sector.
“On some vulnerable devices, the actors changed configuration files to enable unauthorized access to these devices,” the FBI explained.
“The actors used the unauthorized access to conduct reconnaissance in the victim’s network, which revealed their interest in protocols and applications that are often associated with industrial control systems.”
Via Registered
