Not so long ago, Cisco IOS software revealed a potential vulnerability that could allow hacker attacks, as well as remotely execute commands on switches issued by the American multinational IT company Cisco. At present, a powerful attack has already been recorded around the world, leading to the disconnection of the equipment of providers from the Internet, as well as to the malfunction of data centers and some web sites, including Facebook, Twitter, Russian Komsomolskaya Pravda and Fontanka . Hackers have created a bot that scans all addresses on the Internet. After finding unprotected connections, he deleted the settings set on the switch and changed the configuration file, at the end a message appeared with the American flag laid out in ASCII characters: \ Identifier assigned to the vulnerability, CVE-2018-0171. On a scale of Common Vulnerability Scoring System, or CVSS, she scored 9.8 points. Many resources now have problems accessing the Internet. Even recovered Twitter and Facebook. It’s all about a failure in the hosting settings. The SMI, or Smart Install technology, which allows you to automatically configure the network switch and download the firmware for it, turned out to be a hit. It was enough for the hacker to scan the devices on the open port 4786. Cisco Corporation issued an official warning about the vulnerability of hundreds of thousands of devices manufactured by it due to a gap in the SMI. Corrections have already been released. However, companies have not had time to use the patches yet. According to experts, 8.5 million switches from Cisco have an open port 4786. Patches are installed only on 250 thousand of them. The manufacturer published a request for the fastest installation of patches or disabling the SMI protocol. According to Cisco Talos, currently 168 thousand switches with SMI support are available on the Web.