NSA-linked Cisco exploit poses bigger threat than previously thought

From ArsTechnica:

Recently released code that exploits Cisco System firewalls and has been linked to the National Security Agency can work against a much larger number of models than many security experts previously thought.

An exploit dubbed ExtraBacon contains code that prevents it from working on newer versions of Cisco Adaptive Security Appliance (ASA), a line of firewalls that’s widely used by corporations, government agencies, and other large organizations. When the exploit encounters 8.4(5) or newer versions of ASA, it returns an error message that prevents it from working. Now researchers say that with a nominal amount of work, they were able to modify ExtraBacon to make it work on a much newer version. The finding means that ExtraBacon poses a bigger threat than many security experts may have believed.

The newly modified exploit is the work of SilentSignal, a penetration testing firm located in Budapest, Hungary. In an e-mail, SilentSignal researcher Balint Varga-Perke wrote:

We first started to work on the exploit mainly to see how easy it would be to add support for other (newer) versions. Turns out it is very easy, that implies two things:

As Ars previously reported, the zero-day exploit allows remote attackers who have already gained a foothold in a targeted network to take full control of a firewall. It was one of more than a dozen highly advanced attacks that was part of a mysterious leak by a previously unknown group calling itself the ShadowBrokers. Researchers say digital fingerprints left inside the code all but prove the …

Continue Reading