Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cisco IOS/IOS XE Smart Install actively exploited remote code execution flaw (CVE-2018-0171)

Vulnerability
First reported
Last updated
Happening score
H score 62
2 unique sources, 2 articles

Summary

Hide ▲

CVE-2018-0171 is being actively exploited against Cisco IOS and Cisco IOS XE devices, creating remote code execution and denial-of-service risk on exposed network gear. The flaw sits in the Smart Install feature and is especially dangerous on unpatched and often end-of-life appliances. Cisco has refreshed its advisory and is urging customers to move to a fixed software release or disable Smart Install if patching is not possible.

Related Happenings

FCC Barix radio equipment hardening notice

Advisory/Mitigation
First: 27.11.2025 18:45 Last: 27.11.2025 18:45 Sources 1

About this happening: The **FCC** urged **broadcasters using Barix network audio devices** to harden exposed radio transmission paths after hijacking incidents enabled **bogus emergency tones** and off...

Open Happening

Cisco Secure Firewall ASA/FTD mitigation for CVE-2025-20333 and CVE-2025-20362

Advisory/Mitigation
First: 06.11.2025 16:58 Last: 06.11.2025 16:58 Sources 1

About this happening: **Cisco** urged customers to **apply updates** for **Cisco Secure Firewall ASA** and **FTD** devices susceptible to **CVE-2025-20333** and **CVE-2025-20362**, after a new attack v...

Open Happening

Cisco IOS XE BadCandy exploitation wave

Exploitation Wave
First: 31.10.2025 17:38 Last: 31.10.2025 17:38 Sources 1

About this happening: Ongoing **BadCandy** exploitation of **unpatched Cisco IOS XE devices** in **Australia** has left **over 150 devices** compromised and enabled repeat re-infection on previously al...

Open Happening

DrayTek Vigor router CVE-2025-10547 mitigation advisory

Advisory/Mitigation
First: 02.10.2025 20:37 Last: 02.10.2025 20:37 Sources 1

About this happening: **DrayTek** issued mitigation guidance for **CVE-2025-10547** affecting multiple **Vigor router** models, because unauthenticated remote requests to the **WebUI** can lead to memo...

Open Happening

Cisco ASA and FTD active exploitation wave (CVE-2025-20333, CVE-2025-20362)

Exploitation Wave
First: 30.09.2025 19:58 Last: 30.09.2025 19:58 Sources 1

About this happening: **Cisco ASA and FTD** appliances are still under an **active exploitation wave** for **CVE-2025-20333** and **CVE-2025-20362**, with a new attack variant now causing **unexpected...

Open Happening

Timeline

  1. 20.08.2025 18:59 2 articles · 9mo ago

    Static Tundra exploits Cisco Smart Install flaw CVE-2018-0171

    Initial Disclosure

    Cisco Talos and the FBI described ongoing exploitation of CVE-2018-0171 in Cisco IOS Software and Cisco IOS XE software, where a Russian FSB-linked group known as Static Tundra used Smart Install abuse to gain persistent access to unpatched and often end-of-life network devices. The activity targeted telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, and Cisco advised customers to apply the fixed release for CVE-2018-0171 or disable Smart Install if patching is not possible.

    Show sources
    Open in new tab
  2. 20.08.2025 18:59 2 articles · 9mo ago

    Static Tundra exploits Cisco Smart Install flaw CVE-2018-0171

    Initial Disclosure

    Cisco Talos and the FBI described ongoing exploitation of CVE-2018-0171 in Cisco IOS Software and Cisco IOS XE software, where a Russian FSB-linked group known as Static Tundra used Smart Install abuse to gain persistent access to unpatched and often end-of-life network devices. The activity targeted telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, and Cisco advised customers to apply the fixed release for CVE-2018-0171 or disable Smart Install if patching is not possible.

    Show sources
    Open in new tab