After the disclosure of hackers’ Equation Group which fulfilled its attacks using exploits, malware and other tools of virtual attacks, many companies has undertook their products testing. Particularly, Cisco Company has confirmed the high-quality operation of its two exploits: EPICABANA and ExtraBacon.
Unfortunately, this disturbing story has legs. We will focus on a product which service was brought to an end in 2009. That is Cisco PIX. Although it is no longer supported, many companies still use it all over the word. It has turned out that an attacker can send a specially crafted packet and gain access to confidential information, including a VPN authentication password. This problem exists in versions CiscoPIX 5.2(9)-6.3(4). Moreover, some experts in the sphere of online security claim that the number of vulnerable versions may be even bigger that it has been assumed.
A piece of good news is the company has stated that up to date version contains no holes. According to the testing results, all outputs are vulnerable up to version 7.