Cisco Systems has confirmed that recently-leaked malware tied to the National Security Agency exploited a high-severity vulnerability that had gone undetected for years in every supported version of the company’s Adaptive Security Appliance firewall.
The previously unknown flaw makes it possible for remote attackers who have already gained a foothold in a targeted network to gain full control over a firewall, Cisco warned in an advisory published Wednesday. The bug poses a significant risk because it allows attackers to monitor and control all data passing through a vulnerable network. To exploit the vulnerability, an attacker must control a computer already authorized to access the firewall or the firewall must have been misconfigured to omit this standard safeguard.
“It’s still a critical vulnerability even though it requires access to the internal or management network, as once exploited it gives the attacker the opportunity to monitor all network traffic,” Mustafa Al-Bassam, a security researcher, told Ars. “I wouldn’t imagine it would be difficult for the NSA to get access to a device in a large company’s internal network, especially if it was a datacenter.”