The group called Shadow Brokers claimed to possess and put up for auction NSA materials that affected Cisco’s PIX and Adaptive Security Appliance (ASA) firewalls and Fortinet’s Fortigate firewalls.
Cisco classified the Simple Network Management Protocol (SNMP) code breach as high vulnerability because it could allow an unauthenticated, remote attacker to cause a reload of the system or to execute code.
“An attacker could exploit this vulnerability by sending crafted SNMP packets to the affected system,” the advisory said. “An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. The attacker must know the SNMP community string to exploit this vulnerability.”
Cisco’s affected products are:
- Cisco ASA 5500 Series Adaptive Security Appliances
- Cisco ASA 5500-X Series Next-Generation Firewalls
- Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
- Cisco ASA 1000V Cloud Firewall
- Cisco Adaptive Security Virtual Appliance (ASAv)
- Cisco Firepower 4100 Series
- Cisco Firepower 9300 ASA Security Module
- Cisco Firepower Threat Defense Software
- Cisco Firewall Services Module (FWSM)
- Cisco Industrial Security Appliance 3000
- Cisco PIX Firewalls
Cisco plans to release software updates to address this vulnerability.
Fortinet also classified the breach on its software as high because it can affect remote administrative access.
Fortinet’s affected products are:
- FOS 4.3.8 and below
- FOS 4.2.12 and below
- FOS 4.1.10 and below
Fortinet is continuing to investigate any impact on its other products.