NSA Vulnerabilities Trove Reveals 'Mini-Heartbleed' For Cisco PIX Firewalls

The Shadow Brokers group, which seems to have hacked one of NSA’s own hacking teams called the “Equation Group,” published a set of exploits that the NSA was using to hack technology companies. One of the vulnerabilities looks to be a “mini-Heartbleed,” which allows attackers to extract RSA private keys from Cisco PIX security appliances.

Two years ago, security researchers uncovered the so called “Heartbleed” bug in the OpenSSL software library for the TLS encryption protocol that’s used by most companies to secure their communications. The vulnerability could allow attackers to steal private keys and other sensitive information from a server’s memory, without its owner even realizing.

NSA’s exploit that the Shadow Brokers published, called BENIGNCERTAIN, also allows the attackers to send an an Internet Key Exchange (IKE) packet to the victim machine, causing it to dump some of its memory. Then, the memory dump can be analyzed, and RSA keys and other sensitive server configuration information can be extracted from it.

The exploit references Cisco devices running the PIX OS versions 5.2(9) to 6.3(4), which was released in 2004. The PIX devices are at the end of their lifecycles, so it’s likely that the exploit may also be at the end of a long and possibly quite fruitful life (for the NSA). However, considering not all companies refresh their hardware when the software is no longer supported, it’s possible that many of them may still be using these vulnerable and still exploitable security appliances.

One security researcher even called the exploit the equivalent of an "Internet God Mode," so it likely still has quite some value left, if many companies keep using these security appliances.

Cisco, just like Juniper and other networking equipment makers, are likely high priority targets for the NSA and other hacking groups, state-sponsored or otherwise. They make the networking devices used by large and small organizations, which then provide services to billions of people.

Therefore, one major vulnerability could provide these groups access to all of those people’s communications. That’s why it’s critical that the networking equipment makers are that much more vigilant about the security of their products; they're responsible for everyone else’s security, too.

Create a new thread in the News comments forum about this subject
This thread is closed for comments
4 comments
Comment from the forums
    Your comment
  • Kimonajane
    Bwaaaa hahahaha the fascist hacks at the NSA were to busy bullying MS and other companies to put back doors in for them and too busy hacking grandma Miller instead of worrying about real security for all.
    2
  • Hydrotricithline
    This country isn't worried about public security, hasn't been since pre-snowden. It's worried that it might not beable to easly spy on 'everything' in the country/world whenever they want to. The fact they can keep exploits like this 'to themselves' is ludacris. Hell the fact that they got hacked proves they can't be trusted to keep them private. GJ NSA, want to see the conference on this one and who they're blaming instead of taking responsibility for their actions.. it's like dealing with a 12 year old.. let the finger pointing ensue..
    0
  • f-14
    KIMONAJANE Aug 20, 2016, 8:35 AM
    "Bwaaaa hahahaha the fascist hacks at the NSA were to busy bullying MS and other companies to put back doors in for them and too busy hacking grandma HILLARY instead of worrying about real security for all."

    there fixed it for you, good job NSA no way hillary can delete your 33,000 copies of her private server emails evidence that she destroyed.
    -1