More serious than Yahoo leaked! 850,000 revealed high risk vulnerabilities-Cisco-Cisco device IT information

History's largest single site in Yahoo after the spill, hacker cosine commented:

Compared to Yahoo's 500 million accounts by leaked information, it deserves even more attention is Cisco-related serious defects in the equipment deal with IKEv1 packet can cause the attacker direct remote access to privacy information in memory (this process is similar to two years ago, sweeping the globe "bleeding heart").

This thread at NSA before formula lies in the Organization leaked code, code named "BENIGNCERTAIN" (betting that this vulnerability is similar to "BENIGNCERTAIN"), it seems we still lag behind the State of alertness, presumably because the only think "BENGINCERTAIN" is the effect of Cisco PIX devices in ancient times ...

At present, nearly 860,000 Cisco devices affected by this vulnerability, risk!

Shadowserver the deep study of the team is fabulous.

According to Softpedia foreign media reports, from the most recent scan of Cisco network devices found, there are still hundreds of thousands of pieces of equipment in the world is not on the security patch, which will face is the security risks of an attacker to retrieve data from memory .

Cisco recently acknowledged this fact: an unnamed online hackers group has released a suite of network attacks, the attack Kit previously thought only to impress older (discontinued) affect PIX firmware, but now found it also spread to other new models.

This tool is named "BENINGCERTAIN" in August this year by a group called The Shadow Brokers Group leaked, the Group also has released dozens of attack tools, they claim that these are obtained from the hacking group equation, as is well known, hackers equation is indescribable with NSA relationship.

BENINGCERTAIN extracted from the Cisco device VPN keys

According to co-founder tFlow LulzSec hacker groups (that is, Mustafa AL-Bassam) initial analysis, BENINGCERTAIN can be used to extract the Cisco PIX firewall, virtual private network (VPN) key.

Last week, which BENINGCERTAIN leaked a month after Cisco announced this tool similarly affecting currently running IOS (Internet operating systems, Cisco network equipment development for system operation and maintenance), IOS XE, IOS XR software equipment.

At Softpedia when issued, still no BENINGCERTAIN (Pix Pocket) effectively patch.

Researchers using IKE found threatened device firmware

At the technical level, vulnerability CVE-2016-6415 used Cisco firewall firmware deal with IKEv1 and IKEv2 (Internet key exchange) packet of a vulnerability.

Cisco engineer's help, Shadowserver Foundation may be at risk from this vulnerability scans the entire network of Cisco equipment. Cisco says:

We are querying all through a specially crafted, with 64 bit ISAKMP packets, Internet firewall, the IPv4 address of the computer, and capture their responses.

Over 850,000 units exposed online

According to Shadowserver Foundation on September 25 (00:12GMT) released the scan results, there 850803 be at risk from this vulnerability on Cisco equipment online, where more than 250,000 units in the United States, other distribution in Russia and the United Kingdom, and Germany, and Canada .

Softpedia, open code because a large number of devices can be found on the Internet, it is highly vulnerable to network attacks.

Therefore, Cisco recommends that is responsible for the management of these devices is best placed behind a firewall device.

比雅虎泄露更严重！85万台思科设备被曝高危漏洞 - 思科 - IT资讯

在雅虎遭遇史上最大规模的单一网站泄露事件后，黑客余弦曾评论：

比起雅虎被泄露5亿账号信息来说，更值得关注的是思科相关设备在处理IKEv1数据包存在严重缺陷导致攻击者可以直接远程获取内存里的隐私信息（这个过程类似两年多前席卷全球的“心脏出血”）。

这个线索之前就在NSA方程式组织被泄露的利用代码里躺着，代号为“BENIGNCERTAIN”（思科认为这次漏洞类似“BENIGNCERTAIN”），看来大家的警觉性还是比较滞后，估计是因为之前只觉得“BENGINCERTAIN”影响的是上古时代的思科PIX设备...

目前，全球近86万思科设备受这个漏洞影响，高危！

Shadowserver团队的这次深挖研究很赞。

而据外媒softpedia报道，从最近一次对思科网络设备的扫描发现，全球仍有几十万台设备未打上安全补丁，这些设备将面临被攻击者从内存中检索数据的安全隐患。

思科公司最近承认了这一事实：网上有一个不具名的黑客团体发布了一款网络攻击套件，该攻击套件此前被认为仅对印象旧款（已停产的）PIX固件产生影响，但现在发现它还波及其他新型号。

这款工具名为“BENINGCERTAIN”，于今年8月由一群名为The Shadow Brokers团体泄露，该团体还同时发布了数十款攻击工具，他们声称这些都是从黑客组织方程式获取，众所周知，黑客组织方程式与NSA有着说不清道不明的关系。

BENINGCERTAIN从思科设备上提取VPN密钥

据LulzSec黑客团体联合创始人tFlow（即Mustafa AL-Bassam）的最初分析，有人可以利用BENINGCERTAIN来提取思科PIX防火墙上的虚拟专用网（VPN）密钥。

上周，也就是BENINGCERTAIN泄露一个月后，思科公司宣布，这款工具同样影响当前运行IOS（即互联网操作系统，思科公司为其网络设备开发的操作维护系统）、IOS XE、IOS XR软件的设备。

在softpedia发文时，依然没有针对BENINGCERTAIN（Pix Pocket）的有效补丁发布。

研究者利用IKE固件发现受威胁设备

在技术层面上，漏洞CVE-2016-6415利用了思科防火墙固件中处理IKEv1和IKEv2（互联网密钥交换）数据包的一个漏洞。

在思科工程师的帮助下，Shadowserver基金对可能受到该漏洞威胁的思科设备进行了全网扫描。思科公司表示：

我们正在查询所有通过专门制作的、带有64比特ISAKMP数据包的、没有互联网防火墙的IPv4地址计算机，并捕获它们的响应。

超85万台设备暴露在线上

根据Shadowserver基金在9月25日（00:12GMT）发布的扫描结果，目前仍有850803台受到该漏洞威胁的思科设备在线上，其中，超过25万台在美国，其他分布在俄罗斯、英国、德国、加拿大。

softpedia称，因为大量设备的公开代码可以在网上查到，所以极易遭受企业网络攻击。

所以，此前思科公司建议，负责这些设备的网管最好把将设备置于防火墙后。