Cisco, Fortinet Issue Security Advisories To Counter NSA Malware

by CXOtoday News Desk    Aug 18, 2016

hackers Firewall solution providers Cisco and Fortinet have both issued security advisories confirming that vulnerabilities exposed by the mysterious Shadow Brokers do exist and affect their products. Both companies have issued fixes addressing the exploits that were recently made public, adding to the mounting evidence that the data exposed in the high-profile leak is legitimate.

According to the report published in ZD Net, a group calling itself the Shadow Brokers, who recently claimed to have hacked and stolen cyber weapons from NSA-linked Equation Group and put them up for auction, claims to have stolen a set of hacking tools from a group dubbed the Equation Group, which researchers believe is an elite unit of the US intelligence agency. The Shadow Brokers described the tools as “cyber weapons” used to attack targets running vulnerable networking hardware, allowing NSA operatives to conduct surveillance.

A number of the exploits were released for verification. But a large portion of the leaked data is up for grabs in an auction, which asks for a million bitcoins. So far, the NSA has remained mum on the matter. But signs are pointing towards a genuine leak after the two network equipment makers confirmed the vulnerabilities.

Cisco said in a note on Wednesday that it “immediately conducted a thorough investigation of the files released,” identifying two flaws affecting Cisco Adaptive Security Appliances (ASA) devices, which are typically used to protect networks and data centers. One of the exploits is a zero-day flaw that can let an unauthenticated attacker to access the firewall without a username and password to remotely execute code on the device. The company said in a blog post that the other vulnerability was fixed in 2011.

Meanwhile, Fortinet warned in an advisory of a “high”-risk vulnerability in older versions of its FortiGate firewalls, in which a hacker could trivially exploit a cookie parser buffer overflow flaw. In other words, an attacker could take over a device by sending a specially crafted HTTP request. The advisory said that devices released after August 2012 are not impacted, but an investigation is “continuing” into its other products.