FireEye flamed: A single email will grant total network access
Google's Project Zero finds flaw, patch arrives to plug gaping information maw
Researchers at the Google's Project Zero security research team have found a brutal hole in FireEye kit that allows attackers to lay waste to corporate networks with a single email.
The flaw, dubbed "666" from its Project Zero vulnerability number, is a passive monitoring hole that respected hacker Tavis Ormandy describes as a "nightmare scenario".
Patches have been released for FireEye's NX, FX and AX boxes.
Ormandy and fellow Google box popper Natalie Silvanovich found the flaw as part of long-running and relentless vulnerability research into major security software.
He credits the security giant for spinning a fix in two days. The patch completely neuters the attacks.
The exploit is very dangerous, as all of the kit above is vulnerable in their default state. FireEye is reportedly providing support even to customers whose contracts have expired.
"For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario," Ormandy says.
"This would mean an attacker would only have to send an email to a user to gain access to a persistent network tap - the recipient wouldn’t even have to read the email, just receiving it would be enough ... an attacker can send an email to a user or get them to click a link, and completely compromise one of the most privileged machines on the network."
Corporations with un-patched boxes are at risk of confidential data theft, traffic tampering, persistent rootkits, attackers moving lateral through networks and, Ormandy says, "even self-propagating internet worms".
Full technical details of the vulnerability are available here. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Patch Tuesday
- Trusted Platform Module
- Zero Day Initiative
- Zero trust