Cisco’s ExtraBacon Exploit

BaconPileLast week we reported on the newly found exploit in Cisco System firewalls that was part of the data dump of stolen files from the NSA’s Equation Group. Well, it turns out the vulnerability affects more Cisco models than was previously thought.

Dubbed ExtraBacon, the exploit has code that keeps it from working on newer versions of Cisco’s Adaptive Security Appliance (ASA), their line of firewalls used by corporations, government agencies, and any other large organizations. When used on a version 8.4(5) or newer of ASA, ExtraBacon sends back an error message, but security experts have been able to do a little tweaking and get it to work on newer versions.

When ExtraBacon works, it allows an attacker to take control over a firewall remotely, though they already have to have access to the network to do so. This slightly modified version is a perfect example of how difficult vulnerabilities in code can be to get rid of and how even if found in older versions, they be trouble for newer ones.

Considering using ExtraBacon requires already having access to a network and the effort required to modify it, it’s probably not an issue for most organizations running newer versions of ASA. While Cisco has yet to release a patch for the vulnerability, they have released software that allows customers to detect and stop ExtraBacon attacks.


Leave a Reply