Skip to main content

Cisco and Fortinet confirm vulnerabilities from the Shadow Brokers' leak

Following the hacking group Shadow Brokers' claim that it had breached the Equation Group (which is suspected to be an NSA operation), Cisco and Fortinet have both issued warnings and fixes for bugs that were exposed in the leak.

At the onset, both companies had believed that the leak would not affect their products. However, researchers were able to show how Cisco and Fortinet's technologies could be exploited, which has led both companies to devise ways to protect their customers. This has also made the claims that the leak released by the Shadow Brokers contains information stolen from an NSA server much more credible.

Cisco was able to find two vulnerabilities in the leak that affect its Adaptive Security Appliance using remote code execution flaws. The first was listed in the Equation leak as EXTRABACON and is a recently discovered buffer overflow issue. This bug would allow hackers to write malicious code on any system running Adaptive Security Appliance.

The second leaked exploit, known as EPICBANANA, was fixed by Cisco in 2011 but the company decided to alert users of it anyway. In its blog, the company detailed how the weakness could be used by hackers, saying: “An attacker could exploit this vulnerability by invoking certain invalid commands in an affected device. The attacker must know the telnet or SSH password in order to successfully exploit an affected device.”

Fortinet meanwhile, found a “cookie parser buffer overflow vulnerability” in the firmware of its FortiGate firewall released before August 2012. The company explained how users running updated firmware are protected from the vulnerability, saying: “Customers running FortiGate firmware 5.0 and above, released in August 2012 are not impacted. For customers running version 4.x, please see the advisory for details.”

“We are actively working with customers and strongly recommend that all customers running 4.x versions update their systems with the highest priority. We continue to investigate this exploit and are conducting and additional review of all of our Fortinet products.

"If we identify any new information useful to our customers, we will share it through our responsible disclosure policy.”

Image Credit: Ken Wolter / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.