Security Market Segment LS
Friday, 19 August 2016 08:51

Cisco remote flaws revealed in NSA group hack Featured


Networking giant Cisco has said it will release a security update to patch one of two remotely exploitable flaws in its products. Both flaws were leaked following a hack of a group strongly suspected to be an NSA front.

The company rates this flaw, known as EPICBACON, of which it had no knowledge, as having a high security impact rating and has advised of workarounds until a fix is released.

It has released a fix for the second flaw, known as EPICBANNA, also remotely exploitable, the risk of which it terms medium. Detailed explanations of the two flaws are on the Cisco blog.

The vulnerabilities were released by a group called Shadow Brokers which is suspected to have Russian backing. The theft took place from the Equation Group, an outfit that has long been suspected to be an NSA-backed effort.

The Equation Group's retention of flaws without disclosing them to Cisco appears to run contrary to published American government policy.

EPICBACON affects the simple networking management protocol code in Cisco adaptive security appliance software and is new to the company.

The other flaw, EPICBANNA, which affects the command-line interface parser of the same software could permit an authenticated, local attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. An attacker could exploit this vulnerability by invoking certain invalid commands in an affected device.

The hack of the Equation Group has been linked to the hacking and leaks of material from the US Democrat party.

Commenting on the presence of a zero-day flaw — that was unknown to Cisco in the possession of the Equation Group, NSA whistleblower Edward Snowden said on Twitter that this was why the organisation got hacked: because it left catastrophic flaws in US networks for more than three years to aid offence, rather than fixing them.

Snowden, who worked for the NSA as a contractor before he fled to Russia, revealed in June 2013 that the NSA had been conducting blanket surveillance of Americans. Big technology companies like Microsoft, Google, Yahoo!, Apple and Facebook were revealed to be co-operating with the NSA. Later came the revelation that the NSA was running its spying activities on servers powered by Red Hat Linux, the world's biggest open source company.

Privacy researcher and activist Christopher Soghoian, who works with the American Civil Liberties Union, said on Twitter: "If NSA knew several years ago that its hacking tools were stolen, not notifying Cisco and other vulnerable US firms would be outrageous."

Snowden said in response: "The inevitable consequence of maintaining known vulnerabilities in US products is their discovery by enemies."

After Snowden's initial revelations, Cisco took a hit to its overseas business; along with IBM, the two companies saw business drop by US$1.7 billion. Cisco's sales fell 8.75% in the quarter after the Snowden allegations, compared with just 2.84% in the three months prior to that.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments