Cisco Event Response: Cisco ASA and IOS Vulnerabilities
2016 August 17 18:50 GMT
2016 September 21 18:39 GMT
On August 15, 2016, Cisco was alerted to information posted online by the alleged Shadow Brokers group, which claimed to possess disclosures from the Equation Group. The posted materials included exploits for firewall products from multiple vendors. The Cisco products mentioned were the PIX and ASA firewalls.
On September 16, 2016 Cisco identified an IKEv1 Information Disclosure Vulnerability in Cisco IOS that is related to variations of the exploits published.
The Cisco PSIRT has investigated the published information and determined it provides exploits of two Cisco product vulnerabilities in ASA and one vulnerability in Cisco IOS.
(17 August 2016) Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability: This vulnerability is a known defect that was addressed in a Release Note Enclosure in 2011.
(17 August 2016) Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability: This vulnerability is a newly found defect, and TALOS and Cisco IPS have produced signatures to detect this issue: