By Eduard Kovacs on June 09, 2021
Cisco’s Smart Install protocol is still being abused in attacks — five years after the networking giant issued its first warning — and there are still roughly 18,000 internet-exposed devices that could be targeted by hackers.
Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. Smart Install can be very useful for organizations, but it can also pose a serious security risk.
Once a device has been set up through Smart Install, the feature remains enabled and it can be accessed without authentication. This has allowed malicious actors to remotely target devices on which Smart Install is enabled, including to reload devices, load a new operating system image, and execute arbitrary commands with elevated privileges.