Earlier this month Cisco made available 2 security advisories (please see below for the relevant links) that relate to the public disclosure of security vulnerabilities within their and other vendors’ products by a hacking group known as Shadow Brokers.
This group released exploits that targeted routers and firewalls from vendors such as Cisco, Juniper and Fortinet.
Further coverage of how these exploits were disclosed are available within the following links:
NSA’s Hacking Group Hacked! Bunch of Private Hacking Tools Leaked Online (The Hacker News)
Juniper Acknowledges Equation Group Targeted ScreenOS
Why Should These Issues Be Considered Important?
For the affected Cisco devices (a full list is provided here), the most severe of which could allow remote code execution (where an attacker can remotely target your device and have it carry out any action of their choice). The SNMP (defined) vulnerability is the result of a buffer overflow (defined) which can be exploited by an attacker by sending specifically crafted SNMP packets (piece/unit of data being sent via electronic means e.g. within a cable or in the air e.g. WiFi) to an affected device.
Affected Fortinet devices suffer from a similar overflow within their cookie (defined) parser (a tool that analyzes data in a structured manner in order to create meaning from it). As before successful exploitation results in an attacker obtaining remote access to affected devices.
At a later date Juniper acknowledged that their products were also targeted by the group due to the information found within the files that were disclosed. They have since determined that while the code does target their ScreenOS it cannot be used for a remote attack.
How Can I Protect Myself From These Issues?
The relevant Cisco security advisories are available from the following links (further fixes are also expected):
Cisco provides further security recommendations within their dedicated blog post of these vulnerability disclosures that is being updated as new patches are being made available.
A security advisory for the affected Fortinet devices with suggested upgrades detailed within.
As mentioned above Juniper devices are affected but are not remotely exploitable. They continuing to work on a possible means to tell if malicious code has been installed on devices created by them. More information is available within their dedicated forum post.
I hope that the above information is useful to you in defending your corporate networks against these disclosed vulnerabilities.