Dive Brief:
- Cisco and Fortinet announced they have made patches available for exploits made public after an alleged hack of NSA malware.
- The release of patches appears to be further confirmation that at least some of the exploits are legitimate.
- Cisco’s PIX and ASA firewalls and versions of Fortinet’s Fortigate firewalls are affected.
Dive Insight:
On Saturday a hacking group, dubbed the Shadow Brokers, claimed to have stolen hacking tools that belong to the National Security Agency, CSO Online reports. The group was auctioning the tools on the Internet over the weekend. After examining the tools more closely, researchers say they suspect Russia is behind the theft, though they are still not sure how or when the theft occurred.
Cisco says the threat level of one of the vulnerabilities — Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability — is high.
"The vulnerability is due to a buffer overflow in the affected code area," according to Cisco’s advisory. "An attacker could exploit this vulnerability by sending crafted SNMP packets to the affected system."
Fortinet also issued a security advisory for an exploit it rates as high because it enables remote administrative access.