The company rates this flaw, known as EPICBACON, of which it had no knowledge, as having a high security impact rating and has advised of workarounds until a fix is released.
The vulnerabilities were released by a group called Shadow Brokers which is suspected to have Russian backing. The theft took place from the Equation Group, an outfit that has long been suspected to be an NSA-backed effort.
EPICBACON affects the simple networking management protocol code in Cisco adaptive security appliance software and is new to the company.
The other flaw, EPICBANNA, which affects the command-line interface parser of the same software could permit an authenticated, local attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. An attacker could exploit this vulnerability by invoking certain invalid commands in an affected device.
The hack of the Equation Group has been linked to the hacking and leaks of material from the US Democrat party.
Commenting on the presence of a zero-day flaw — that was unknown to Cisco — in the possession of the Equation Group, NSA whistleblower Edward Snowden said on Twitter that this was why the organisation got hacked: because it left catastrophic flaws in US networks for more than three years to aid offence, rather than fixing them.
Snowden, who worked for the NSA as a contractor before he fled to Russia, revealed in June 2013 that the NSA had been conducting blanket surveillance of Americans. Big technology companies like Microsoft, Google, Yahoo!, Apple and Facebook were revealed to be co-operating with the NSA. Later came the revelation that the NSA was running its spying activities on servers powered by Red Hat Linux, the world's biggest open source company.
Privacy researcher and activist Christopher Soghoian, who works with the American Civil Liberties Union, said on Twitter: "If NSA knew several years ago that its hacking tools were stolen, not notifying Cisco and other vulnerable US firms would be outrageous."
Snowden said in response: "The inevitable consequence of maintaining known vulnerabilities in US products is their discovery by enemies."
After Snowden's initial revelations, Cisco took a hit to its overseas business; along with IBM, the two companies saw business drop by US$1.7 billion. Cisco's sales fell 8.75% in the quarter after the Snowden allegations, compared with just 2.84% in the three months prior to that.