A new hacking group has hijacked Cisco devices belonging to organizations in Russia and Iran. The group is reportedly targeting Cisco Smart Install Client, a legacy plug-and-play utility. Some researchers believe the attack involves a recently disclosed remote code execution vulnerability (CVE-2018-0171) However, Cisco believes hackers have been misusing the Smart Install protocol itself to overwrite the device configuration, instead of exploiting a vulnerability. The attack is caused due to the lack of any authentication in the Cisco smart install protocol, reported in March 2013.
Source: https://thehackernews.com/2018/04/hacking-cisco-smart-install.html