11:00AM, 18 Apr 2018

TLP Rating: White

Cisco Smart Install misuse

CERT NZ is aware of an active campaign targeting Cisco devices with Smart Install (SMI) enabled.

Attackers are identifying these devices by scanning for public IP addresses that have specific SMI ports open and services running. Once a device is identified, the SMI protocol is misused and an attacker is able to access and control the device.