In recent incidents, CISA has observed that malicious cyber actors have obtained system configuration files by exploiting available protocols or software on devices, including the misuse of the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance.
CISA continues to observe weak password types on Cisco network devices, enabling password cracking attacks that allow threat actors to easily access system configuration files and compromise victim networks. To mitigate this risk, CISA recommends using Type 8 password protection for all Cisco devices, as it is more secure than other types and approved by NIST. Organizations are urged to review the NSA's Cisco Password Types: Best Practices guide for more information and to adhere to best practices for securing administrator accounts and passwords to ensure adequate protection.
- Properly store passwords with a strong hashing algorithm.
- Do not reuse passwords across systems.
- Assign passwords that are strong and complex.
- Do not use group accounts that do not provide accountability.
Find the full alert and guidance at CISA.