Cisco and Fortinet issue warnings for NSA exploits
Network equipment companies Cisco and Fortinet have issued warnings about vulnerabilities used in recently published exploits. In addition, ex-NSA employees confirmed the authenticity of the exploits.
The Shadowbrokers, the group responsible for the publication, claim that the exploits come from the Equation Group, which is associated with the American security service NSA. Cisco and Fortinet have now issued warnings about the vulnerabilities in their software used in the exploits. Cisco is talking about leaks in ASA devices and Fortinet has issued a warning for its FortiGate firmware. With this, the companies confirm the authenticity of the exploits, which had already been tested by researchers on products of the companies earlier this week. When published by the Shadowbrokers, it was not immediately clear whether the exploits were real.
Cisco says one of the two leaks found was fixed as early as 2011. This concerns a vulnerability that occurs in ASA products with software version 8.4(1) and lower. The vulnerability allowed a local and authenticated attacker to execute arbitrary code. The other leak, with reference cve-2016-6366, is new, Cisco warns. The vulnerability is present in the Simple Network Management protocol of the ASA software and also affects PIX firewalls. It is a buffer overflow, which allows an attacker to execute code and take over a system. Cisco has released signatures with which this can be detected.
The vulnerability in the Fortinet firmware also involves a buffer overflow. By sending a special http request, an attacker could take over a device with this firmware. Fortinet states that version 5 of its firmware is not vulnerable and that the vulnerability occurs in firmware version 4 and below, which was released before August 2012. The Shadowbrokers files also contain exploits for Juniper products. However, that company has not yet issued a warning.
Former employees of the NSA’s TAO department have confirmed to The Washington Post that these are indeed exploits of the NSA. “From what I have seen, there is no doubt that the files are real,” one of them told the newspaper. Security firm Kaspersky also showed this week that there is a clear link between the leaked files and the Equation Group. This had already been mapped by the company before.
The Shadowbrokers claim to auction or sell ‘even better’ files for a sum of 1 million bitcoin. A security researcher told The Washington Post that the auction is “a big joke, meant to be distracting.” He adds that money flows through Bitcoin are so easy to track that laundering such a large sum is “madness.” The NSA has not yet commented on the leaks.