Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Cisco PIX
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Security vulnerabilities == The '''Cisco PIX''' VPN product was hacked by the [[National Security Agency|NSA]]-tied<ref>{{cite web |url=https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/ |title=The NSA leak is real, Snowden Documents confirm |date=19 August 2016 |accessdate=2016-08-19}}</ref> group [[Equation Group]] sometime before 2016. Equation Group developed a tool code-named BENIGNCERTAIN that reveals the pre-shared password(s) to the attacker ({{CVE|2016-6415}}<ref>{{cite web|url=https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6415|title=National vulnerability database record for BENIGNCERTAIN|website=web.nvd.nist.gov}}</ref>). Equation Group was later hacked by another group called [[The Shadow Brokers]], which published their [[Exploit (computer security)|exploit]] publicly, among others.<ref>{{cite web |url=https://www.vice.com/en/article/researcher-grabs-cisco-vpn-password-with-tool-from-nsa-dump/ |title=Researcher Grabs VPN Password With Tool From NSA Dump |date=19 August 2016 | access-date=2016-08-19}}</ref><ref>{{cite web |url=https://www.theregister.co.uk/2016/08/20/cisco_pix_6_nsa_hack/ |title=NSA's Cisco PIX exploit leaks|website=www.theregister.co.uk}}</ref><ref>{{cite web|url=http://news.softpedia.com/news/did-the-nsa-have-the-ability-to-extract-vpn-keys-from-cisco-pix-firewalls-507459.shtml |title=Did the NSA Have the Ability to Extract VPN Keys from Cisco PIX Firewalls?|website=news.softpedia.com|date=19 August 2016 }}</ref><ref>{{cite web |url=http://www.tomshardware.com/news/nsa-vulnerabilities-mini-heartbleed-cisco,32519.html |title=NSA Vulnerabilities Trove Reveals 'Mini-Heartbleed' For Cisco PIX Firewalls|website=www.tomshardware.com|date=19 August 2016 }}</ref> According to [[Ars Technica]], the NSA likely used this vulnerability to wiretap VPN-connections for more than a decade, citing the [[Edward Snowden|Snowden]] leaks.<ref>{{cite web |url=http://arstechnica.co.uk/security/2016/08/cisco-firewall-exploit-shows-how-nsa-decrypted-vpn-traffic/ |title=How the NSA snooped on encrypted Internet traffic for a decade |date=19 August 2016 | accessdate=2016-08-22}}</ref> The '''Cisco ASA'''-brand was also hacked by Equation Group. The vulnerability requires that both [[Secure Shell|SSH]] and [[Simple Network Management Protocol|SNMP]] are accessible to the attacker. The codename given to this exploit by NSA was EXTRABACON. The bug and exploit ({{CVE|2016-6366}}<ref>{{cite web |url=https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6366 |title=National vulnerability database record for EXTRABACON |website=web.nvd.nist.gov}}</ref>) was also leaked by The ShadowBrokers, in the same batch of exploits and backdoors. According to Ars Technica, the exploit can easily be made to work against more modern versions of Cisco ASA than what the leaked exploit can handle.<ref>{{cite web |url=http://arstechnica.co.uk/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/ |title=NSA-linked Cisco exploit poses bigger threat than previously thought |date=23 August 2016 |accessdate=2016-08-24}}</ref> On the 29th of January 2018 a security problem at the '''Cisco ASA'''-brand was disclosed by [[Cedric Halbronn]] from the NCC Group. A [[Dangling pointer|use after free]]-bug in the [[Secure Sockets Layer]] (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated remote attacker to cause a reload of the affected system or to remotely execute code. The bug is listed as {{CVE|2018-0101}}.<ref>{{cite web |url=https://nvd.nist.gov/vuln/detail/CVE-2018-0101 |title=National vulnerability database record - CVE-2018-0101|website=web.nvd.nist.gov}}</ref><ref>{{cite web |url=https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 |title=Advisory - Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability|website=tools.cisco.com}}</ref><ref>{{cite web |date=2023-08-15 |title=CVE-2018-0101 - A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security A - CVE-Search |url=http://cve.circl.lu/cve/CVE-2018-0101 |access-date=2023-09-05 |website=cve.circl.lu |language=en}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)