430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco, Fortinet issue fixes against Equation Group exploits

Customers of Cisco and Fortinet security firms need to patch their products to fix the flaws exploited by the Equation Group exploits and hacking tools. While security experts are analyzing the hacking tools leaked in the data dump by the Shadow Brokers, security firms are working to fix the vulnerabilities exploited by the Equation Group toolsets. Both […]

Cisco, Fortinet issue fixes against Equation Group exploits

Customers of Cisco and Fortinet security firms need to patch their products to fix the flaws exploited by the Equation Group exploits and hacking tools.

While security experts are analyzing the hacking tools leaked in the data dump by the Shadow Brokers, security firms are working to fix the vulnerabilities exploited by the Equation Group toolsets.

Both Fortinet and Cisco have issued patches to address exploits that were leaked online, the list of affected products includes versions of Cisco’s PIX and ASA firewalls and versions of Fortinet Fortigate firewalls.

nsa hack equation group Comparison

Cisco has confirmed that the two exploits EPICBANANA and EXTRABACON can be used to achieve remote code execution on Cisco firewalls.

Cisco confirmed that the code leaked by the “Shadow Brokers” includes exploits for the following flaws:

The Cisco ASA SNMP Remote Code Execution vulnerability is a newly found vulnerability, both TALOS and Cisco IPS have produced signatures to detect them:

  • Snort Rule ID: 3:39885
  • Legacy Cisco IPS Signature ID: 7655-0

The Cisco ASA CLI Remote Code Execution Vulnerability was addressed in a defect fixed in 2011.

Fortinet also confirmed the bugs in its systems in a security advisory, the flaw is present in versions prior to 2012 of the FortiGate firmware.

The company informed its customers of the presence of a cookie parser buffer overflow, confirming that Versions 5.x are not affected.

“FortiGate firmware (FOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerability, when exploited by a crafted HTTP request, can result in execution control being taken over.” states the advisory.
 
“Affected firmware versions are lower versions of 4.x firmware release.  
FOS 5.x firmware is NOT affected.”

“This vulnerability, when exploited by a crafted HTTP request, can result in execution control being taken over”, the advisory says. If a product can support 5.x firmware, that should be installed; if not, version 4.3.9 or above also fixes it.”

Customers of the company targeted by the exploits included in the leaked archive are invited to read the security advisory from the security vendors and to adopt the necessary countermeasure.

Let’s remind that despite the vast majority of the files is dated back 2013, in some cases the hacking tools could result still effective.

Stay Tuned

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  The Equation Group, ATP)