Cisco, Fortinet patch flaws used by alleged NSA hacking group

Confirming the vulnerabilities suggests the leak may in fact be genuine.

nationalsecurityagency2013.jpg
Image: File photo

Cisco and Fortinet have issued security advisories confirming that exploits created by a hacking group, thought to be associated with the National Security Agency, affect their products.

A group calling itself the Shadow Brokers claims to have stolen a set of hacking tools from a group dubbed the Equation Group, which researchers believe is an elite unit of the US intelligence agency. The Shadow Brokers described the tools as "cyber weapons" used to attack targets running vulnerable networking hardware, allowing NSA operatives to conduct surveillance.

A number of the exploits were released for verification. But a large portion of the leaked data is up for grabs in an auction, which asks for a million bitcoins.

So far, the NSA has remained mum on the matter. But signs are pointing toward a genuine leak after the two network equipment makers confirmed the vulnerabilities.

Cisco said in a note on Wednesday that it "immediately conducted a thorough investigation of the files released", identifying two flaws affecting Cisco Adaptive Security Appliances (ASA) devices, which are typically used to protect networks and datacenters.

One of the exploits is a zero-day flaw that can let an unauthenticated attacker access the firewall without a username and password to remotely execute code on the device.

The company said in a blog post that the other vulnerability was fixed in 2011.

Meanwhile, Fortinet warned in an advisory of a "high"-risk vulnerability in older versions of its FortiGate firewalls, in which a hacker could trivially exploit a cookie parser buffer overflow flaw. In other words, an attacker could take over a device by sending a specially crafted HTTP request.

The advisory said that devices released after August 2012 are not impacted, but an investigation is "continuing" into its other products.

Some companies, like Juniper, which have hardware thought to be affected by the exploits, have yet to make any public comment.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All