After the apparent NSA hack by the ‘group’ known as Shadow Brokers, that Edward Snowden claimed to be a “treasure trove of ‘cyber weapons’ he said belong to the Equation Group”, the three companies have confirmed that they are investigating reports of zero-days.
Cisco confirmed that two exploits in the leaked archive are legitimate. Listed in the archive directory, the first vulnerability is Cisco Adaptive Security Appliance SNMP Remote Code Execution and rated it as high as it could allow execution of remote code on affected devices and obtain full control. The second is Cisco ASA CLI Remote Code Execution and Cisco has issued a fresh security advisory for it.
Also, Fortinet has issued a security advisory for the Cookie Parser Buffer Overflow Vulnerability, which is rated as high as it allows remote administrative access. This affects FortiGate firmware released before August 2012 and “when exploited by a crafted HTTP request, can result in execution control being taken over”.
Also, according to Forbes, Juniper has confirmed that it is looking into the leaks. A spokesperson said that it is reviewing all available information related to the disclosures allegedly from the Equation Group, and will analyze any new information that becomes available.
The Shadow Brokers group released a 256MB compressed archive containing around 4000 files that mainly appear to be installation scripts, configuration files, and exploits targeting a range of routers and firewall appliances.
According to Symantec, it will take some time to assess all of the released files. However, early indications are that at least some of the tools released are functioning exploits.