It is currently 26-09-2017 15:41

Cisco has confirmed the authenticity of two of the published exploits of the Shadow Brokers group archive

Cisco has confirmed the authenticity of two of the published exploits of the Shadow Brokers group archive

by sigismund » 2016-08-18 13:14:29


we are Talking about two exploits - EPICBANANA and ExtraBacon that allows you to remember proekspluatirovat vulnerabilities in the firewalls of the company and to execute arbitrary code on the system.


Cisco has confirmed the authenticity of two of the exploits contained in files published by the hacker group The Shadow Brokers. Earlier, the hackers announced the successful hacking of the servers of the group Equation Group, a suspect in connection with the national security Agency of the United States, and placed in a free access a number of tools in her Arsenal. In addition, The Shadow Brokers separately put up for sale an array of files that members of the group described as "the best weapon".

In the case of Cisco we are talking about two exploits - EPICBANANA and ExtraBacon that allows you to remember proekspluatirovat vulnerabilities in the firewalls of the company and to execute arbitrary code on the target system. According to experts from Cisco, one of the vulnerabilities has been fixed in 2011, but the others became known only now. Presumably, the problems existed in the software manufacturer at least 2013.

One of the exploits, plays in files titled ExtraBacon designed to exploit buffer overflows in firewalls Cisco ASA, Cisco PIX and Firewall service module Services Module (FWSM). For work of exploit requires certain conditions, in particular, supports SNMP (Simple network management Protocol, Simple Network Management Protocol) and SNMP knowledge of the attacker's password. In case of successful run of the exploit, the attackers can upload malware and execute arbitrary code on the target system.

Another exploit (EPICBANANA) from the Equation Group's Arsenal can be used to attack Cisco ASA version 8.4.1 and below) to execute arbitrary code. To do this, the attacker must be authenticated locally on the system (for example, cracking the account of one of the users) and know the password for telnet or SSH.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5