The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that hackers are exploiting the legacy Cisco Smart Install (SMI) feature to gain unauthorized access to sensitive data. This exploitation enables attackers to acquire system configuration files, potentially leading to a deeper compromise of networks. CISA urges organizations to use stronger password protection, specifically recommending type 8 password encryption for Cisco devices. The alert coincides with Cisco’s disclosure of a proof-of-concept for a critical vulnerability (CVE-2024-20419) and other serious flaws in certain end-of-life devices, for which no patches will be released.