- The FBI has warned Russian computer pirates who abuse CVE-2018-0171
- The “thousands” configuration files of Cisco devices were already stolen
- The error affects many obsolete final points, so patch now
The threat actors sponsored by the Russian State are abusing a Cisco vulnerability of years to spy organizations in the West, the FBI warns.
In a public service advertisement published on the IC3 website, the FBI said that Centro 16, an actor of threats linked to the Russian Federal Security Service (FSB), exploiting the simple network management protocol (SNMP) and a vulnerability in cases of intelligent Cisco (SMI) installation that reached the end of life.
The objective, says the agency, is “to go widely to entities in the United States already worldwide.”
End of life
The vulnerability that is being exploited here is tracked as CVE-2018-0171. Discovered about seven years ago, this inadequate validation of the package data failure in the intelligent installation function of the Cisco iOS software and the Cisco iOS XE software allows non -authenticated remote adversaries to activate a recharge of an affected device, resulting in an arbitrary code execution or a condition of denial of service (two).
The error affected a wide range of Cisco catalyst switches, including Catalyst 2000, 3000, 3850, 4500 and 9000 series models.
Ethernet Industrial Cisco switches, as well as some Nexus data center switches that had an intelligent installation enabled by default, were also affected.
Many of the oldest devices (Catalyst 2960, 3560, 3750, 4500E) have reached the end of life, which means that they were never repaired for this error and remain vulnerable. Cisco advises users to replace them with newer models, such as those of the Catalyst 9000 series, which remain active products.
During the last year, the FBI Vio Center 16 Collect configuration files for “thousands” of network of American entities, mainly in the critical infrastructure sector.
“In some vulnerable devices, the actors modified configuration files to enable unauthorized access to those devices,” the FBI explained.
“The actors used unauthorized access to recognize in victims’ networks, which revealed their interest in protocols and applications commonly associated with industrial control systems.”
Through The registration