- The FBI warned against the abusing Russian pirates of the CVE-2018-0171
- “Thousands” configuration files of Cisco devices have already been stolen
- The bug affects many points of obsolete ending, so patch now
The threats of the threat sponsored by the Russian state abuse a vulnerability of Cisco aged years to the spy of organizations in the West, the FBI is in warning.
In a public service announcement published on the IC3 website, the FBI said that it had seen Center 16 – a threat player linked to the Russian Federal Security Service (FSB) – operating the Simple Network Management Protocol (SNMP), and a vulnerability in the instances of Cisco Smart Installer (SMI) which have reached end -of -life status.
The objective, according to the agency, is to “largely target entities in the United States and in the world”.
End of life
The vulnerability used here is followed under the name of CVE-2018-0171. Discovered approximately seven years ago, this poor validation of the data defect in the intelligent installation function of Cisco iOS software and Cisco iOS X software allows non -authenticated distant opponents, to trigger a recharging of an affected device, which leads to the execution of the arbitrary code, that is a condition of service denial (DO).
The bug assigned a wide range of Cisco catalyst switches, including models from the Catalyst 2000, 3000, 3650, 3850, 4500 and 9000 series.
The Cisco Industrial Ethernet switches, as well as certain Nexus data center switches which had an intelligent installation activated by default, were also affected.
Many older devices (Catalyst 2960, 3560, 3750, 4,500th) have reached the end of life, which means that they have never been corrected for this bug and remained vulnerable. Cisco advises users to replace them with new models, such as those in the Catalyst 9000 series, which remain ranges of active products.
In the past year, the FBI Saw Center 16 collects configuration files for “thousands” of American entities networking, mainly in the critical infrastructure sector.
“On some vulnerable devices, the actors have changed configuration files to allow unauthorized access to these devices,” said the FBI.
“The actors used unauthorized access to carry out recognition in victims networks, which has revealed their interest in protocols and applications generally associated with industrial control systems.”
Via The register
