Malicious attackers are abusing a Cisco utility to scan the company's switches and change software in order to stage attacks, the Cisco Talos Intelligence Group has warned.
In a blog post, Talos said the Cisco Smart Install Client was a legacy utility that could be used for no-touch installation of new Cisco switches.
But the protocol used by this tool could be abused to modify the settings of the TFTP server, exfiltrate configuration files, and change settings to facilitate the execution of IOS commands.
IOS is a package of routing, switching, inter-networking and telecommunications functions integrated into a multi-tasking operating system.
{loadposition sam08}Additionally, Talos said, a vulnerability had been discovered in the client and though it had been patched, proof-of-concept code had been released.
Talos said it had found about 168,000 switches online that were potential targets of these attacks. An increase in scans looking for Cisco Smart Install Client had been noticed since 9 November last year.
It advised those using the Cisco Smart Install Client to remove it from all devices where it was not in use.