The data dump leaked online by ShadowBrokers is a treasure for security experts and hackers that are analyzing every tool it contains.
Cisco and Fortinet have confirmed their network appliance are vulnerable to the exploits listed in the leaked dump.
Recently security researchers tested the BENIGNCERTAIN tool included in the precious archive belonging to the NSA Equation Group that allows attackers to extract VPN passwords from certain Cisco devices.
Now the Hungary-based security consultancy SilentSignal has focused his analysis on another exploit that could be used against the newer models of Cisco’s Adaptive Security Appliance (ASA).
We successfully ported EXTRABACON to ASA 9.2(4) #ShadowBrokers #Cisco pic.twitter.com/UPG6yq9Km2
— SilentSignal (@SilentSignalHU) 23 agosto 2016
The security firm has demonstrated that the NSA-linked Cisco exploit dubbed ExtraBacon poses a bigger threat than previously thought.
Initially, the ExtraBacon exploit was restricted to versions 8.4.(4) and earlier of the CISCO ASA boxes and has now been expanded to 9.2.(4).
An attacker who has already gained a foothold in a targeted network could use the zero-day exploit to take full control of a firewall.
In an e-mail sent to ArsTechnica, SilentSignal researcher Balint Varga-Perke wrote:
“We first started to work on the exploit mainly to see how easy it would be to add support for other (newer) versions. Turns out it is very easy, that implies two things:
Experts from the IT vendor Juniper also confirmed that one of the exploits in the Equation Group archive could be used to hack the Juniper NetScreen firewalls, they also confirmed that are conduction further investigation on the exploit.
The tool codenamed FEEDTROUGH and ZESTYLEAK could be used by attackers to target Juniper Netscreen firewalls, the company is investigating their efficiency.
“As part of our analysis of these (Equation Group) files, we identified an attack against NetScreen devices running ScreenOS,” explained the company incident response director Derrick Scholl.
“We are examining the extent of the attack, but initial analysis indicates it targets the boot loader and does not exploit a vulnerability on ScreenOS devices.”
“We will continue to evaluate exactly what level of access is necessary in order to execute the attack, whether it is possible to detect the attack, and if other devices are susceptible.”
(Security Affairs – CISCO ASA, ExtraBacon exploit)