11:00AM, 18 Apr 2018
TLP Rating: White
Cisco Smart Install misuse
CERT NZ is aware of an active campaign targeting Cisco devices with Smart Install (SMI) enabled.
Attackers are identifying these devices by scanning for public IP addresses that have specific SMI ports open and services running. Once a device is identified, the SMI protocol is misused and an attacker is able to access and control the device.