Last week, FireEye has silently pushed out a patch for an extremely easy-to-exploit remote code execution bug affecting its NX, EX, FX and AX Series security appliances in their default configuration. “For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario. This would mean an attacker would only have to send an email to a user to gain access to a persistent network tap – the recipient wouldn’t even have to read the email, just receiving it would be enough,” Google researcher Tavis Ormandy explained in a blog post published on Tuesday. “A network tap is one of the most privileged machines on the network, with access to employee’s email, passwords, downloads, browsing history, confidential attachments, everything. In some deployment configurations an attacker could tamper with traffic, inserting backdoors or worse.” This would allow the attacker to tamper with network traffic, exfiltrate sensitive enterprise data, more laterally across the network, load a rootkit, and more.
View full story
ORIGINAL SOURCE: Help Net Security