Cisco Finds New Zero-Day Exploit Linked To NSA Hackers

The company of Vendor Cisco warned its customers of another zero-day vulnerability in the trove of NSA’s hacking exploits. Likewise, it also implants the leaked by the group calling itself “The Shadow Brokers.” The Shadow Brokers had stolen the hacking tools from the NSA’s Equation Group for the sake of targeting to the major vendors including Juniper, Cisco, and Fortinet.

Dubbed extra bacon, a hacking exploit, leveraged a zero-day vulnerability (CVE-2016-6366) resided in the SNMP (Simple Network Management Protocol), a code of Cisco ASA software to allow remote attackers to cause a reload of the affected system or execute malicious code. At present Vendor, Cisco has found another Zero-day exploit, dubbed “Being certain” targeting to PIX firewalls. It has also analyzed the feat and noted that it had not disclosed any new flaws related to this exploit. During his further analysis, he found that the exploit had also affect severely to the CISO products including IOS, IOS XE, and IOS XR software.

The vulnerability (CVE-2016-6415) was leveraged by Benigncertain which resides in the IKEv1 packet processing code and affects several CISO devices running IOS operating system and all Cisco PIX firewalls. IKE (Internet Key Exchange) is a protocol used primarily for the firewalls, to provide VPNs (Virtual Private Networks) and even used to manage industrial control systems.

The attacker uses this vulnerability to retrieve memory contents from traffic and disclose all critical or confidential information such as RSA private keys and configuration information by sending specially crafted IKEv1 packets to the affected areas or devices.

Although the company has not supported PIX since 2009, CISCO’S IOS OS XR versions 4.3x,5.0x, 5.1x and 5.2x as well as PIX firewalls versions 6.x and earlier are found vulnerable to this flaw. So, neither Cisco has developed a patch for the deficiency, nor any workarounds are available for this. However, the company said that vulnerability is currently under exploit, advising its customers to employ intrusion detection system (IDS) and intrusion prevention systems (IPS) to stop possible attacks. For this reason, Cisco has promised to release software updates to Patch CVE-2016-6415.