Cisco confirmed that its ASA and PIX firewalls were targeted to by exploit code posted online by the “Shadow Brokers” purporting to be stolen infiltration tools of the National Security Agency (NSA).
There were three references to exploits that affect Cisco ASA, Cisco PIX, and Cisco Firewall Services Module: EXTRABACON, EPICBANANA, and JETPLOW.
Specifically, the Cisco Product Security Incident Response Team (PSIRT) has published an event response page (ERP) and the security advisories addressing the vulnerabilities that could be exploited by the code released by the “Shadow Brokers”:
- Cisco ASA SNMP Remote Code Execution Vulnerability
- Cisco ASA CLI Remote Code Execution Vulnerability
- The Cisco ASA SNMP Remote Code Execution vulnerability is a newly found defect, and TALOS and Cisco IPS have both produced signatures to detect this issue.