CATEGORIES
home IT/Enterprise

Crispy EXTRABACON Cisco Router Exploit Exposed By NSA Cyber Toolkit Heist

by Rob WilliamsThursday, August 18, 2016, 12:38 PM EDT

We wrote a couple of days ago about a huge treasure trove of alleged NSA-derived exploits that were hitting the market. That gold mine was accessed by a group calling itself Shadow Brokers, and it's been said that their source was Equation Group, which is believed to be an extension of the NSA.

At that time, there was no proof that any of the exploits contained in the collection were still valid. Quickly, some noted that a few of the targets were already patched, leading the rest of us to believe that the entire collection came a bit too late. However, anyone who thought that might have to back it up a wee bit, as Cisco has today confirmed that one of the exploits contained within that collection is valid.

The two valid exploits are EPICBANANA and EXTRABACON (yes, really), and while the former was patched years ago, the super delicious latter one had gone under Cisco's radar. That means that if this collection did in fact come from NSA-based sources, the agency could have been exploiting the flaw all of this time. It wasn't a proof-of-concept, and the exploit was never reported to Cisco.

Cisco HyperFlex

Cisco shows the vulnerability as "High" on the severity scale, and as of yet, there are no fixes. However, we can imagine that Cisco engineers will be working around the clock until a fix gets out the door. Vulnerable products include:

  • Cisco ASA 5500 Series Adaptive Security Appliances
  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco ASA 1000V Cloud Firewall
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Firepower 9300 ASA Security Module
  • Cisco PIX Firewalls
  • Cisco Firewall Services Module (FWSM)

If the attack is successful, attackers would gain enough access to the devices to remotely execute code, which could lead to a variety of issues - from downed services to sensitive information leaked.

Is this the beginning of interesting things to come out of this trove? Those who want to sell it are said to be willing to let loose some more of its contents in order to help persuade buyers, so we might not be through this yet. Perhaps even more interesting than the collection of exploits itself is finding out for certain whether they came from the NSA or not. At this point, it's still all hearsay.

Tags:  server, security, Enterprise, Cisco, vulnerability, exploit, NSA
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment