Investigators security Tavis Ormandy and Natalie Silvanovich working on Google's Project Zero discovered a simple method that compromises better safety of FireEye's products, which, paradoxically, have been developed for the protection networks.
According to Google researchers' findings, attackers can create malicious files or trick users into click in malicious connections to exploit a security flaw in various FireEye security products.
Using these errors, attackers can execute malicious code on FireEye devices as highly privileged mip (Malware Input Processor) users, but can also gain administrative privileges if needed.
The FireEye devices are vulnerable to NX, FX, AX, and EX series network security equipment. The company has already released patches and has pledged to provide assistance even to end-of-service businesses.
All the devices listed above are highly specialized equipment that will do just one thing: control internet traffic and try to detect malware and other types of attacks.
This type of equipment is usually present in large corporate networks, and there is between corporate Intranet and incoming / outgoing Internet connections.
Devices monitor Internet traffic on specific ports/protocols such as HTTP, FTP, SMTP, and others. Every time it is detected File Transfer, η συσκευή της FireEye παρακολουθήσει τα δεδομένα και σαρώνει για κακόβουλο λογισμικό ή άλλα γνωστά exploits.
Attackers reportedly exploit this behavior by sending malicious JAR files either as an email attachment post officeor as files hosted on a malicious website.
The vulnerability is extremely dangerous for two main reasons. First, the device has access to all of one's sensitive data businessς, και δεύτερο, η συσκευή διαθέτει επίσης μια δευτερεύουσα σύνδεση στο Internet, μέσω της οποία λαμβάνει αναβαθμίσεις του firmware. This connection can be used by attackers as a backdoor to intercept information from compromised networks.