The United States, California: After the exploit of NSA sponsored hacking team “Equation Group” by Shadow Brokers, the multinational US technology company “Cisco” has discovered two vulnerabilities which allow hackers to monitor and control the data passing through vulnerable Cisco networks.
Cisco has apparently patched one of the vulnerabilities known as CVE-2016-6366 and is looking forward to release signatures that will identify the exploits and prevent cyber goons from conducting an attack.
The NSA’s exploit unveiled a cyber weapon named as ExtraBacon, which can be utilized to conduct attacks on Cisco ASA (Adaptive Security Appliance) software. The ASA software primarily aims to secure firms’ network infrastructures, but with SNMP (Simple Network Management Protocol)vulnerability in place, an attacker can remotely execute malicious code on vulnerable Cisco network.
In addition to this, a separate attack code “EpicBanana” indexed as “CVE-2016-6367” exploited specific vulnerabilities in the firewall. The vulnerability allows an authenticated attacker to cause DoS (Denial of Service). On another hand, Cisco has confirmed that the ExtraBacon is the zero-day vulnerability that was unidentified to the company itself until the breach occurred.
However, it’s not the first time Cisco is bothered with security concerns. In 2014,”John Chambers” CEO of Cisco reported the US President Barrack Obama about agencies secretly inserting malicious code in Cisco routers.