Skip to main content

NSA Vulnerabilities Trove Reveals 'Mini-Heartbleed' For Cisco PIX Firewalls

The Shadow Brokers group, which seems to have hacked one of NSA’s own hacking teams called the “Equation Group,” published a set of exploits that the NSA was using to hack technology companies. One of the vulnerabilities looks to be a “mini-Heartbleed,” which allows attackers to extract RSA private keys from Cisco PIX security appliances.

Two years ago, security researchers uncovered the so called “Heartbleed” bug in the OpenSSL software library for the TLS encryption protocol that’s used by most companies to secure their communications. The vulnerability could allow attackers to steal private keys and other sensitive information from a server’s memory, without its owner even realizing.

NSA’s exploit that the Shadow Brokers published, called BENIGNCERTAIN, also allows the attackers to send an an Internet Key Exchange (IKE) packet to the victim machine, causing it to dump some of its memory. Then, the memory dump can be analyzed, and RSA keys and other sensitive server configuration information can be extracted from it.

The exploit references Cisco devices running the PIX OS versions 5.2(9) to 6.3(4), which was released in 2004. The PIX devices are at the end of their lifecycles, so it’s likely that the exploit may also be at the end of a long and possibly quite fruitful life (for the NSA). However, considering not all companies refresh their hardware when the software is no longer supported, it’s possible that many of them may still be using these vulnerable and still exploitable security appliances.

One security researcher even called the exploit the equivalent of an "Internet God Mode," so it likely still has quite some value left, if many companies keep using these security appliances.

Cisco, just like Juniper and other networking equipment makers, are likely high priority targets for the NSA and other hacking groups, state-sponsored or otherwise. They make the networking devices used by large and small organizations, which then provide services to billions of people.

Therefore, one major vulnerability could provide these groups access to all of those people’s communications. That’s why it’s critical that the networking equipment makers are that much more vigilant about the security of their products; they're responsible for everyone else’s security, too.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.