Cisco reveals Salt Typhoon used CVE-2018-0171 to breach target networks It needed login credentials, first The attackers are highly sophisticated and well-funded, Cisco said Chinese state-sponsored threat actor Salt Typhoon was abusing a vulnerability in the Smart Install feature of Cisco IOS software and Cisco IOS XE software to compromise US telecoms networks, experts have confirmed. In a new blog post, Cisco said it found evidence of Salt Typhoon abusing CVE-2018-0171, a 9.8/10 (critical) vulnerability that allows threat actors to execute arbitrary code on an affected device. "The threat actor then demonstrated their ability to persist in target environments across...