September 25, 2016
A scan of Cisco networking devices from around the world has revealed that hundreds of thousands of devices are vulnerable to an unpatched security issue that allows attackers to retrieve data from the equipment’s memory.
Cisco has recently acknowledged that a cyber-offensive toolkit leaked online by a group of unknown hackers is also affecting its current device models after initial analysis said that only older (discontinued) PIX firewalls were affected.
The tool, named BENINGCERTAIN, leaked in August when a group calling themselves The Shadow Brokers put it online along with tens of other hacking utilities they claim to have stolen from the server of a cyber-espionage entity named the Equation Group, which some security vendors said to be the NSA.
BENINGCERTAIN could extract VPN keys from Cisco devices
Initial analysis by Mustafa Al-Bassam, aka tFlow, co-founder of the LulzSec hacking crew, showed how someone could use BENINGCERTAIN to extract VPN keys from Cisco PIX firewalls.
Last week, a month after BENINGCERTAIN was leaked, Cisco announced that the tool was also effective against current devices running IOS, IOS XE, and IOS XR software.
At the time of writing, there still is no patch available against BENINGCERTAIN (or Pix Pocket) exploitation.