Cisco Patches Zero-Day Included in Shadow Brokers Leak

August 17, 2016

Cisco has released two security advisories today, both addressing exploits recently dumped online by The Shadow Brokers, a group/individual selling hacking tools stolen from the Equation Group, a cyber-espionage organization believed to have ties with the US National Security Agency (NSA).

Hacking tools from The Shadow Brokers leak named EPICBANANA, JETPLOW, and EXTRABACON, contain exploits that can compromise Cisco devices.

These affect Cisco firewall products such as devices from the ASA line, PIX firewalls, and Cisco Firewall Services Modules (FWSM).

According to Cisco, these hacking tools contain exploits that leverage two vulnerabilities, one that Cisco knew about, and one they didn’t.

The zero-day vulnerability is CVE-2016-6366. According to Cisco, this is a vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) software.

The vulnerability can allow an unauthenticated, remote attacker to cause a reboot of affected products, which leads to remote code execution (RCE). RCE flaws are some of the most dangerous security flaws because they enable a skilled attacker to take over the device.

Read full story…