Cisco starts patching firewall devices against NSA-linked exploit

Cisco has released some fixed versions of its Adaptive Security Appliance firewalls, and more patches are expected

Cisco Systems has started releasing security patches for a critical flaw in Adaptive Security Appliance (ASA) firewalls targeted by an exploit linked to the U.S. National Security Agency.

The exploit, dubbed ExtraBacon, is one of the tools used by a group that the security industry calls the Equation, believed to be a cyberespionage team tied to the NSA.

ExtraBacon was released earlier this month together with other exploits by one or more individuals who use the name Shadow Brokers. The files were provided as a sample of a larger Equation group toolset the Shadow Brokers outfit has put up for auction.

ExtraBacon exploits a buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) implementation from Cisco's ASA software. It allows attackers to remotely execute rogue code on the affected devices, as long as they can send traffic to their SNMP interface. This typically requires being on the same internal network as the targeted devices.

Even though the ExtraBacon exploit was designed to work for versions 8.4(4) and earlier of the ASA software, other researchers demonstrated that it can be modified to also work on newer versions. Cisco confirmed in an advisory that all versions of SNMP in Cisco ASA software contain the flaw.

On Wednesday, the company updated its advisory to announce the availability of patched versions for different Cisco ASA branches, namely 9.1.7(9), 9.5(3), and 9.6.1(11).

Devices using ASA software versions from the 8.x and 7.x branches should be migrated to version 9.1.7(9), according to the vendor. Also, patched releases for the 9.0, 9.2, 9.3, and 9.4 branches are expected Thursday and Friday. These will be 9.0.4(40), 9.2.4(14), 9.3.3(10) and 9.4.3(8).

In addition to ASA software, which is used in different stand-alone devices and security modules for routers and switches, the Cisco Firepower Threat Defense (FTD) Software, the Cisco Firewall Services Module (FWSM), and Cisco PIX Firewalls are also affected by this vulnerability.

Software version 6.0.1(2) was released for Cisco FTD, but Cisco Firewall Service Modules and Cisco PIX Firewalls have reached their end of life, and no patches will be provided for them.

Security researchers have so far established links between the code in the tools leaked by Shadow Brokers and those previously found in the wild and attributed to the Equation group. Furthermore, 14 files leaked by Shadow Brokers contain a 16-character string that NSA operatives are known to have used in their malware and which is listed in an NSA manual leaked by Edward Snowden, The Intercept reported.

There is a second Equation exploit in the Shadow Brokers leak that targets ASA software. It is called EpicBanana and exploits a vulnerability that Cisco claims was patched back in 2011 in version 8.4(3). Nevertheless, the company published a new advisory for the flaw in order to increase its visibility.

A third exploit, BenignCertain, affects legacy Cisco PIX firewalls that are no longer supported. Cisco investigated the exploit and said only versions 6.x and earlier of the PIX software are affected. Users who still have such devices on their networks should make sure they're running software versions 7.0 and later, which are not affected.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?