Analysts working on the Google’s Project Zero security team have found a severe flaw in the FireEye kit that is capable to allow the attackers to spam corporate networks by the help of a single email.
The flaw which has been named as “666”, due to its origin from the Project Zero vulnerability number, is a passive monitoring hole that is with respect to hacker Tavis Ormandy description is a “nightmare scenario”. Patches have been made and launched for FireEye’s NX, FX and AX boxes.
Ormandy along with Google box popper Natalie Silvanovich discovered the hole as part of tideous vulnerability research for major security software flaws. He credits the security firm for fixing the breach in two days. The patch completely neutralises the effect of the attacks. The exploit is very severe, as all of the kit above are vulnerable in their classic, primitive state. FireEye is reportedly providing support to the customers with expired contracts as well.
Earlier, Ormandy stated that “For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario,”. “This would mean an attacker would only have to send an email to a user to gain access to a persistent network tap – the recipient wouldn’t even have to read the email, just receiving it would be enough … an attacker can send an email to a user or get them to click a link, and completely compromise one of the most privileged machines on the network.”
Corporations without the patched boxes are at higher risk of confidential data theft, traffic tampering, persistent root-kits, attackers moving lateral through networks and, Ormandy believes, “even self-propagating internet worms” will be out at large.
More details on the vulnerability can be found here.