Security News Over 840,000 Cisco Devices Affected by NSA-Linked Flaw

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
An IOS software vulnerability identified recently by Cisco while analyzing the firewall exploits leaked by the group calling itself Shadow Brokers has been found to affect hundreds of thousands of devices located around the world.

The flaw, tracked as CVE-2016-6415, exists in the Internet Key Exchange version 1 (IKEv1) packet processing code of Cisco’s IOS, IOS XE and IOS XR software, and it can be exploited by a remote, unauthenticated attacker to access memory content that could contain sensitive information.

In order to determine how many devices are affected by this vulnerability, The Shadowserver Foundation has conducted an Internet scan for the Internet Security Association and Key Management Protocol (ISAKMP), which is part of IKE.

“We are querying all computers with routable IPv4 addresses that are not firewalled from the internet with a specifically crafted 64 byte ISAKMP packet and capturing the response,” the organization explained.

As of the last scan, conducted on Wednesday, more than 840,000 unique IP addresses responded as vulnerable to Shadowserver’s probe. The highest percentage of affected devices was in the United States (255,000), followed by Russia (42,000), United Kingdom (42,000), Canada (41,000), Germany (35,000), Japan (33,000), Mexico (26,000), France (26,000), Australia (22,000), China (22,000) and Italy (21,000). Based on autonomous system numbers (ASNs), many of the IPs are on Comcast and AT&T’s network.

According to Shadowserver, there is no evidence that the products of vendors other than Cisco are affected by the vulnerability, but the organization noted that it is not a conclusive test.

Cisco discovered the security hole while analyzing an exploit dubbed “BENIGNCERTAIN.” This and other exploits were allegedly stolen by Shadow Brokers from the NSA-linked Equation Group. The company has warned that the vulnerability has been exploited against some of its customers.

For the time being, most of the affected IOS software versions remain unpatched. Cisco has released a simple online tool that allows customers to determine if their products are affected.

Read more: http://www.securityweek.com/over-840000-cisco-devices-affected-nsa-linked-flaw
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top