Cisco warns its switch flaw is used for attacks on critical infrastructure

Cisco Smart Install (SMI) Client, a legacy utility allowing simple “no touch” configuration of switches, is being exploited in attacks against systems, including critical infrastructure, Cisco Talos warns. According to the US CERT alert, some of the attacks are believed to be conducted with support of nation-state actors. The abuse of the feature allows modifying the general configurations of the switch by a third party, allowing it to log-in and execute IOS commands which can serve as an attack vector. The problem prevails in spite of Cisco’s report with recommendations, issued in February.