ISC analysts identified that the vulnerability allows attackers to craft specially designed Smart Install packets that bypass validation checks, permitting unauthorized command execution on affected devices. A seven-year-old vulnerability in Cisco networking equipment continues to pose significant security risks, enabling attackers to execute remote code on unpatched systems. “This vulnerability remains particularly dangerous because networking infrastructure often operates on longer update cycles than other enterprise systems,” noted researchers from the SANS Internet Storm Center in their analysis of recent exploitation attempts. The vulnerability exploits a critical flaw in Cisco’s Smart Install protocol, which by design lacks authentication requirements and comes enabled by default on numerous Cisco devices. Using publicly available tools like Smart Install Exploit Tool (SIET), attackers can extract device configurations without authentication. Discovered initially in 2018, CVE-2018-0171 targets Cisco’s Smart Install feature, a plug-and-play configuration utility designed to simplify network device deployment. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Despite patch availability since 2018, organizations continue to operate vulnerable systems, presenting attackers with readily available targets requiring minimal exploitation effort. Recent scans on Censys identified over 1,200 devices with Smart Install publicly accessible, demonstrating the continued prevalence of potentially vulnerable systems worldwide. The age of this vulnerability demonstrates how legacy security issues continue to pose significant threats to modern infrastructure. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. With extracted configurations, attackers can identify administrative accounts, network layouts, and security policies. Despite its age, recent evidence shows this vulnerability remains actively exploited in the wild, highlighting the persistent danger of unpatched legacy vulnerabilities. Security researcher Prizm Labs has discovered a serious flaw in the SuperNote A6 X2 Nomad, a well-known 7.8-inch E-Ink tablet made by Ratta Software. The exploitation process involves connecting to the Smart Install port and sending specially crafted commands. The vulnerability has gained renewed attention after being linked to Salt Typhoon, an Advanced Persistent Threat (APT) actor based in China. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.
This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 12 Apr 2025 15:40:26 +0000