Russia exploited a 7-year old Cisco flaw to target critical infrastructure, FBI warns

The FBI issued a warning Aug. 20 that the Russian Federal Security Service’s (FSB) Center 16 has exploited a vulnerability in Cisco Smart Install and for the past year has been targeting critical infrastructure sectors in the U.S. and worldwide.

According to the FBI’s public service announcement, the FBI detected Russian FSB cyber actors, which Cisco Talos calls Static Tundra, exploiting simple network management protocol (SNMP) and end-of-life networking Cisco devices running with a CVSS 9.8 remote code execution (RCE) flaw from seven years ago, CVE-2018-0171.

Cisco Smart Install is a plug-and-play feature for “zero-touch” deployment of new switches. The FBI said the Russian cyber actors – also known to cyber pros as “Berserk Bear” and “Dragonfly” – collected modified configuration files to enable unauthorized access to those devices.

READ MORE

Share this article

About Gluware

Gluware is the leader in intelligent network automation, helping organizations improve security, simplify complexity, eliminate toil, and accelerate innovation across digital infrastructure. Trusted by the Global 2000, Gluware’s intent-based, multi-vendor automation platform handles millions of network changes in minutes—flawlessly. Whether used out of the box or as a builder platform, Gluware delivers a 95% reduction in network outages, 100% network security policy compliance, a 300x speed increase for OS upgrades, and self-operating network capabilities in just three months.

Gluware Media Contact
ICR for Gluware
Gluware@icrinc.com

SC Media logo
Want to stay up to date on network automation?

Simply fill out the below information to

Receive the Gluware Newsletter

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Name*

Gluware Accelerate Partner Program
Simply fill out the below form to

Register a Deal

END USER CUSTOMER DETAILS

OPPORTUNITY DETAILS

Are you engaged with a Gluware Sales Resource?
Expected Close Date(Required)