{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Cisco Firewall Services Module (FWSM)","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco ASA Services Module pour Cisco Catalyst 6500 Series Switches et Cisco 7600 Series Routers","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco ASA 1000V Cloud Firewall","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Adaptive Security Virtual Appliance (ASAv)","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco ASA 5500 Series Adaptive Security Appliances","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco ASA 5500-X Series Next-Generation Firewalls","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Firepower 4100 Series","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Firepower 9300 ASA Security Module","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Industrial Security Appliance 3000","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Firepower Threat Defense Software","product":{"name":"Firepower Threat Defense","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco PIX Firewalls","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}}],"affected_systems_content":null,"closed_at":"2016-09-05","content":"## Description\n\nLe samedi 13 ao\u00fbt, des attaquants se faisant appeler les Shadow Brokers\nont publiquement r\u00e9v\u00e9l\u00e9 des outils offensifs, qu'ils affirment provenir\nd'Equation, un groupe d'\u00e9lite li\u00e9 \u00e0 la NSA.  \nParmi ces outils se trouve du code malveillant dont la fonction est\nd'exploiter des vuln\u00e9rabilit\u00e9s dans les pare-feux Cisco afin d'en\nprendre le contr\u00f4le.  \nDans ses bulletins de s\u00e9curit\u00e9 cisco-sa-20160817-asa-snmp et\ncisco-sa-20160817-asa-cli (cf. Section Documentation), l'\u00e9quipementier\n\u00e9num\u00e8re la liste de produits pour lesquels un correctif est\ndisponible.  \nLe CERT-FR recommande de durcir ses \u00e9quipements tout en respectant les\nbonnes pratiques (cf. Section Documentation).  \nDes r\u00e8gles de d\u00e9tection r\u00e9seau sont \u00e9galement disponibles, soit de\nmani\u00e8re payante (Cisco, cf. Section Documentation), soit \u00e0 titre gratuit\n(Emerging Threats, cf. Section Documentation).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation)\n","cves":[{"name":"CVE-2016-6366","url":"https://www.cve.org/CVERecord?id=CVE-2016-6366"},{"name":"CVE-2016-6367","url":"https://www.cve.org/CVERecord?id=CVE-2016-6367"}],"links":[{"title":"Avis CERTFR-2016-AVI-295","url":"http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-295"},{"title":"R\u00e8gle de d\u00e9tection r\u00e9seau Emerging Threats 2","url":"http://doc.emergingthreats.net/bin/view/Main/2023071"},{"title":"Guide de durcissement des pare-feux Cisco ASA","url":"http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200150-Cisco-Guide-to-Harden-Cisco-ASA-Firewall.html"},{"title":"Blog Cisco : Analyse de l'int\u00e9grit\u00e9 d'une image IOS","url":"https://blogs.cisco.com/security/offline-analysis-of-ios-image-integrity"},{"title":"Guide de v\u00e9rification d'int\u00e9grit\u00e9 ASA","url":"http://www.cisco.com/c/en/us/about/security-center/intelligence/asa-integrity-assurance.html"},{"title":"Bulletin de s\u00e9curit\u00e9 cisco-sa-20160817-asa-cli Cisco du 17    ao\u00fbt 2016","url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli"},{"title":"Guide de durcissement des \u00e9quipements Cisco","url":"https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html"},{"title":"Blog Cisco : The Shadow Brokers","url":"http://blogs.cisco.com/security/shadow-brokers"},{"title":"Bulletin de s\u00e9curit\u00e9 cisco-sa-20160817-asa-snmp Cisco du 17    ao\u00fbt 2016","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp"},{"title":"R\u00e8gle de d\u00e9tection r\u00e9seau Emerging Threats 1","url":"http://docs.emergingthreats.net/bin/view/Main/2023070"},{"title":"Annonce de fin de vie des Cisco Firewall Services Modules    (FWSM)","url":"http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/catalyst-6500-series-firewall-services-module/eol_c51-699134.html"},{"title":"Annonce de fin de vie des Cisco PIX Firewalls","url":"http://www.cisco.com/c/en/us/products/security/pix-500-series-security-appliances/eos-eol-notice-listing.html"},{"title":"Change logs des r\u00e8gles Snort soumises \u00e0 abonnement","url":"https://www.snort.org/advisories/talos-rules-2016-08-16"}],"reference":"CERTFR-2016-ALE-005","revisions":[{"description":"version initiale.","revision_date":"2016-08-18T00:00:00.000000"},{"description":"ajout de produits sur la liste des syst\u00e8mes affect\u00e9s ainsi que les annonces de fin de vie des produits Cisco Firewall Services Module et Cisco PIX Firewalls.","revision_date":"2016-08-23T00:00:00.000000"},{"description":"cl\u00f4ture de l'alerte.","revision_date":"2016-09-05T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les pare-feux Cisco</span>. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les pare-feux Cisco","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 cisco-sa-20160817-asa-snmp Cisco du 17 ao\u00fbt 2016","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 cisco-sa-20160817-asa-cli Cisco du 17 ao\u00fbt 2016","url":null}]}