HackDig : Dig high-quality web security articles for hackers

Cisco Patches Zero-Day Included in Shadow Brokers Leak

2016-08-17 21:25

Cisco released two security advisories today, both addressing exploits recently dumped online by The Shadow Brokers, a group/individual selling hacking tools stolen from the Equation Group, a cyber-espionage group believed to have ties with the US National Security Agency (NSA).

Hacking tools from The Shadow Brokers leak named EPICBANANA, JETPLOW, and EXTRABACON, contain exploits that can compromise Cisco devices.

These affect Cisco firewall products such as devices from the ASA line, PIX firewalls, and Cisco Firewall Services Modules (FWSM).

Cisco fixes zero-day leaked by Shadow Brokers

According to Cisco, these hacking tools contain exploits that leverage two vulnerabilities, one that Cisco knew about, and one that they didn't.

The zero-day vulnerability is CVE-2016-6366. According to Cisco, this is a vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) software.

The vulnerability can allow an unauthenticated, remote attacker to cause a reboot of affected products that leads to remote code execution (RCE). RCE flaws are some of the most dangerous security flaws because they allow a skilled attacker to take over the device.

Cisco reminds companies to upgrade their products

Besides the zero-day, Cisco said they've found code that tried to exploit an older Cisco vulnerability CVE-2016-6367, which the company fixed in 2011.

This is a vulnerability in the command-line interface (CLI) parser of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, local attacker to create a denial of service (DoS) condition or potentially execute arbitrary code on the affected device.

The company has now reissued this alert to remind businesses across the world to upgrade the firmware on their devices.

Cisco handled the entire situation very professionally

Cisco responded very well to the Shadow Brokers leak, which was dumped online on August 13, but made news headlines around the world on Monday, August 15.

The company's engineers sifted through all the data dumped online by the hackers, isolated the exploits affected its devices, and analyzed their features.

According to Cisco's Omar Santos, CVE-2016-6366 was found in the Equation Group's EXTRABACON utility, while CVE-2016-6367 was included inside EPICBANANA and JETPLOW. Santos says JETPLOW is an enhanced version of EPICBANANA, with enhanced persistence capabilities.

Fortinet, another firewall equipment vendor for which The Shadow Brokers leaked exploits also said it patched the vulnerabilities and recommended customers to upgrade to FortiGuard versions 5.x.

Other exploits targeted the firewalls of Chinese vendor TOPSEC, who remained quiet, but Chinese hardware vendors rarely put out security advisories.

Cisco products and Equation Group exploits
Cisco products and Equation Group exploits

Source: lmths.014705-kael-srekorb-wodahs-ni-desopxe-yad-orez-sehctap-ocsic/swen/moc.aideptfos.swen

Read:3575 | Comments:0 | Tags:Security Fixes and Improvements

“Cisco Patches Zero-Day Included in Shadow Brokers Leak”0 Comments

Submit A Comment



Blog :

Verification Code: