FireEye patches critical vulnerability in security devices

By

Could be exploited through emailed attachments.

Security vendor FireEye's network security devices have been found to be vulnerable to a serious flaw that allows attackers full remote access into a target machine.

FireEye patches critical vulnerability in security devices

The security vendor has issued urgent patches for its NX, FX and AX devices, and is imploring customers to patch their installations as soon as possible.

Tavis Ormandy and Natalie Silvanovich of Google's Project Zero discovered FireEye appliances decompiled Java class files that contain low-level byte code. 

The bytecode in classes compressed into Java Archives (JARs) could be used to run arbitrary code thanks to the unsafe decompilation FireEye devices performed on the files in order to check they were safe.

This means that by sending a specially crafted email attachment or making it downloadable via the web, attackers could simply make use of the passive monitoring interface on FireEye devices and gain access to "a persistent network tap".

No user interaction is required to trigger the vulnerability. 

Tricking the FireEye appliance used for testing into running potentially malicious code wasn't difficult.

"... by sending a JAR across the network, we can get FireEye to execute it simply by pretending to use string obfuscation," the researchers said.

Project Zero used a FireEye NX 7500 appliance the security vendor claims can "detect and block malicious files, communications and exploits to improve web and network security".

The researchers found a further vulnerability that allows for privilege escalation in the context of the Malware Input Processor on FireEye devices. This can be abused to escalate to root or superuser privileges with full access to the system.

FireEye said it had requested additional time to issue a patch for the privilege escalation attack.

The security vendor was quick to respond to the issue and deployed mitigation measures to customers "within hours of our report", Google said, and completely fixed the vulnerability in two days. 

Devices from FireEye that have a security content release of 427.334 or higher are safe from the vulnerability.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
fireeyejavaproject zerosecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?