The gist is that the Shadow Brokers claim to possess some of the NSA’s exploits for commercially popular firewalls, including products from Cisco, Fortinet, and Juniper. The group posted some of their spoils to Github last weekend and offered to auction off more of the code.
Two of the posted exploits, named Extrabacon and Epicbanana, are the subject of Cisco‘s security advisory. A third, Jetplow, is a “persistent implant of Epicbanana,” writes Omar Santos, an engineer with Cisco‘s Product Security Incident Response Team (PSIRT), in a blog entry posted today.
Epicbanana and Jetplow were fixed by Cisco in 2011, but Extrabacon is a new vulnerability affecting Cisco’s ASA, PIX, and Firewall Services Module. It allows an attacker to gain control of the firewall by sending simple network management protocol (SNMP) packets that are crafted in a particular way.