Lucene search
K

16 matches found

HackRead
HackRead
added 2025/08/20 8:17 p.m.3 views

Russian State Hackers Exploit 7-Year-Old Cisco Router Vulnerability

FBI and Cisco warn Russian hackers are exploiting a 7-year-old Cisco Smart Install vulnerability on outdated routers and…...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/08/20 1:0 p.m.6 views

Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices

Static Tundra is a Russian state-sponsored cyber espionage group linked to the FSB's Center 16 unit that has been operating for over a decade, specializing in compromising network devices for long-term intelligence gathering operations. The group actively exploits a seven-year-old vulnerability...

10CVSS10AI score0.9951EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/08/09 5:41 a.m.41 views

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

The U.S. Cybersecurity and Infrastructure Security Agency CISA has disclosed that threat actors are abusing the legacy Cisco Smart Install SMI feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available...

10CVSS8.6AI score0.80767EPSS
Exploits3
VulnCheck KEV
VulnCheck KEV
added 2022/03/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-0156

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service DoS condition...

7.8CVSS7.1AI score0.08369EPSS
Exploits0References1
Hacker One
Hacker One
added 2021/11/12 10:1 a.m.55 views

Azbuka Vkusa: Мисконфигурация Cisco Smart Install

Closed...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2020/10/01 12:0 a.m.16 views

Cisco Smart Install (SMI) Protocol Detection (TCP)

TCP based detection of services supporting the Cisco Smart Install SMI protocol. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7AI score
Exploits0References1
Hacker One
Hacker One
added 2018/09/18 9:59 p.m.24 views

Informatica: Cisco RCE

The researcher was able to complete RCE attack and download sensitive files. We have mitigated it by hardening the machine and port. There are opened classical cisco smart install service, which was successfully exploited. Informatica is a fAsTeSt!!! bug fixer in my life. Closing vulnerability in...

2.6AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/09 9:48 a.m.2533 views

Here's how hackers are targeting Cisco Network Switches in Russia and Iran

Since last week, a new hacking group, calling itself 'JHT,' hijacked a significant number of Cisco devices belonging to organizations in Russia and Iran, and left a message that reads—"Do not mess with our elections" with an American flag in ASCII art. MJ Azari Jahromi, Iranian Communication and...

10CVSS0.4AI score0.9951EPSS
Exploits2
Check Point Advisories
Check Point Advisories
added 2018/04/02 12:0 a.m.20 views

Cisco Smart Install Remote Code Execution (CVE-2018-0171)

A remote code execution vulnerability exists in Cisco Smart Install. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.2AI score0.9951EPSS
Exploits2
CNVD
CNVD
added 2018/03/29 12:0 a.m.1 views

Cisco Smart Install Remote Command Execution Vulnerability

Smart Install, a plug-and-play configuration and image management feature, provides zero-configuration deployment for switches new to the network, automating the process of initial configuration and operating system image loading, as well as providing backup of configuration files. A remote comma...

10CVSS7.5AI score0.9951EPSS
Exploits2References1
seebug.org
seebug.org
added 2018/03/29 12:0 a.m.1959 views

Cisco Smart Install Remote Code Execution(CVE-2018-0171)

Introduction Application: Cisco IOS, Cisco IOS-XE Vendor: Cisco Bugs: Stack-based buffer overflow CWE-20, CWE-121 Risk: Critical; AV:N/AC:L/Au:N/C:C/I:C/A:C 10.0 A stack-based buffer overflow vulnerability was found in Smart Install Client code. This vulnerability enables an attacker to remotely...

0.1AI score0.9951EPSS
Exploits2
exploitpack
exploitpack
added 2018/03/29 12:0 a.m.23 views

Cisco Smart Install - Crash (PoC)

Cisco Smart Install - Crash PoC smiibcinitdiscoveryBoF.py import socket import struct from optparse import OptionParser Parse the target options parser = OptionParser parser.addoption"-t", "--target", dest="target", help="Smart Install Client", default="192.168.1.1" parser.addoption"-p", "--port"...

0.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2018/03/28 10:0 p.m.14 views

CVE-2018-0171

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition, or to execute arbitrary code on an affected device. The...

8.5AI score0.9951EPSS
Exploits2References6
Metasploit
Metasploit
added 2017/07/13 2:12 a.m.81 views

Identify Cisco Smart Install endpoints

This module attempts to connect to the specified Cisco Smart Install port and determines if it speaks the Smart Install Protocol. Exposure of SMI to untrusted networks can allow complete compromise of the switch. This module requires Metasploit: https://metasploit.com/download Current source:...

7.3AI score
Exploits0
NVD
NVD
added 2016/10/05 8:59 p.m.19 views

CVE-2016-6385

Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service memory consumption via crafted image-list parameters, aka Bug ID CSCuy82367...

7.8CVSS7.3AI score0.03283EPSS
Exploits0References4
NVD
NVD
added 2013/03/28 11:55 p.m.31 views

CVE-2013-1146

The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service device reload via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790...

7.8CVSS6.5AI score0.01328EPSS
Exploits0References1
Rows per page
Query Builder