A severe vulnerability in Cisco's networking equipment, identified as CVE-2018-0171, has been exploited by attackers, notably by the APT group Salt Typhoon. Despite a patch released in 2018, over 1,200 devices remain unpatched, providing an attack surface for unauthorized remote code execution and configuration theft. The attack chiefly involves using the Smart Install feature to extract sensitive data from networking devices, exacerbating the risk of further infiltrations and potentially catastrophic network breaches. This enduring security oversight, which notably affected telecommunications providers, exemplifies the danger legacy systems pose to the current technology infrastructure.
Source: https://cybersecuritynews.com/seven-years-old-cisco-vulnerability-exposes-cisco-devices/
"id": "cis929041225",
"linkid": "cisco",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"