According to this article from ThreatPost and this one from The Register, we’re already starting to see the first trickle of patches resulting from the Shadow Brokers. Looking at the information available though, this doesn’t look too bad (so far). Some important things that jumped out to me about the Cisco vulnerability (there’s also a blurb about Fortinet, but we’ll try to stay focused on Cisco since that’s in the title) are below. If you have a Cisco ASA, this may be worth a quick read:
- Two Cisco flaws are noted are named EPICBANANNA and EXTRABACON
- EPICBANANNA seems specific to IOS versions 8.4.1 or earlier and can lead to remote code execution. It was apparently fixed in 2011.
- EXTRABACON is a new flaw in SNMP that depends on a) the snmp-server being enabled, the attacker knowing the community string and seems to require that the attacker already be authenticated to the device (in which case, you’ve got bigger problems)
- There is also a mention in the ThreatPost article of a vulnerability in Fortigate firmware versions 4.x, but there really aren’t any additional details. Fortinet users are urged to update to v5.x immediately, so it’s likely not good.
The take away here seems to be that the breach and the tool dump were legitimate. I will be surprised if we’re looking at another exploit dump like we saw with Hacking Team but I won’t be surprised to see at least a few pretty significant bugs.
Misc / Errata