Home / Networking / Thousands of Cisco devices still at risk of unpatched NSA zero-day flaws

Thousands of Cisco devices still at risk of unpatched NSA zero-day flaws


isakmpnorthamericacurrent.jpg
(Image: Shadowserver)

Hundreds of thousands of routers and firewalls are still at risk of exploitation by hacking tools linked to the NSA, which last month were leaked online.

A group calling itself the Shadow Brokers obtained a set of hacking tools from a group dubbed the Equation Group, which researchers say were used as part of surveillance operations carried out by the US intelligence agency. Researchers have shown that the leaked exploits appear to be genuine after the two network equipment makers confirmed the vulnerabilities.

The hacking tools could allow an attacker to extract VPN passwords from devices.

But patches for the vulnerabilities have yet to arrive — more than a month after Cisco confirmed the flaws.

A recent scan of global network traffic showed that 848,753 Cisco devices were affected as of Monday. Most of the vulnerable hardware is in the US, with Russia, the UK, and Canada following behind.

Cisco said in an update on Wednesday that affected device owners should install intrusion detection systems.

There’s still no word on exactly where the tools came from — whether or not the NSA was hacked remains a mystery. The agency has so far declined to return requests for comment on the alleged breach.

According to Reuters, citing sources close to the US government’s probe, investigators are examining a theory that an NSA worker left the tools online by mistake.

The probe is expected to conclude by the end of the year.



Source link

About admin

Check Also

saferthanpasswordsbehaviorrecognition.jpg

Net neutrality: Key zero rating decision made by Germany

The German telecommunications regulator has issued a long-awaited decision on Deutsche Telekom’s “zero-rated” StreamOn offers, ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>