Two of the cyberweapons were trained on Cisco flaws which would allow the spooks to take over crucial security software used to protect corporate and government networks.
In a statement, Cisco said that it had immediately conducted a thorough investigation of the files released, and has identified two vulnerabilities affecting Cisco ASA devices that require customer attention.
“On Aug. 17, 2016, we issued two Security Advisories, which deliver free software updates and workarounds where possible.”
An unknown group of hackers dubbed the Shadow Brokers posted cyberweapons stolen from the so-called Equation Group, the National Security Agency-linked outfit known as “the most advanced” group of cyberwarriors in the internet’s history.
One of the cyberweapons posted was an exploit called ExtraBacon that can be used to attack Cisco Adaptive Security Appliance (ASA) software designed to protect corporate networks and data centres.
Cisco researchers explained in a security advisory that the vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
ExtraBacon was a zero-day exploit, Cisco confirmed. That means it was unknown to Cisco or its customers, leaving them open to attack by anyone who possessed the right tools.