FireEye patches critical vulnerability in security devices

By
Follow google news

Could be exploited through emailed attachments.

Security vendor FireEye's network security devices have been found to be vulnerable to a serious flaw that allows attackers full remote access into a target machine.

FireEye patches critical vulnerability in security devices

The security vendor has issued urgent patches for its NX, FX and AX devices, and is imploring customers to patch their installations as soon as possible.

Tavis Ormandy and Natalie Silvanovich of Google's Project Zero discovered FireEye appliances decompiled Java class files that contain low-level byte code. 

The bytecode in classes compressed into Java Archives (JARs) could be used to run arbitrary code thanks to the unsafe decompilation FireEye devices performed on the files in order to check they were safe.

This means that by sending a specially crafted email attachment or making it downloadable via the web, attackers could simply make use of the passive monitoring interface on FireEye devices and gain access to "a persistent network tap".

No user interaction is required to trigger the vulnerability. 

Tricking the FireEye appliance used for testing into running potentially malicious code wasn't difficult.

"... by sending a JAR across the network, we can get FireEye to execute it simply by pretending to use string obfuscation," the researchers said.

Project Zero used a FireEye NX 7500 appliance the security vendor claims can "detect and block malicious files, communications and exploits to improve web and network security".

The researchers found a further vulnerability that allows for privilege escalation in the context of the Malware Input Processor on FireEye devices. This can be abused to escalate to root or superuser privileges with full access to the system.

FireEye said it had requested additional time to issue a patch for the privilege escalation attack.

The security vendor was quick to respond to the issue and deployed mitigation measures to customers "within hours of our report", Google said, and completely fixed the vulnerability in two days. 

Devices from FireEye that have a security content release of 427.334 or higher are safe from the vulnerability.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
fireeyejavaproject zerosecurity

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

The BoM has finally tamed SSL

The BoM has finally tamed SSL
Commercial spyware targeted Samsung Galaxy users for months

Commercial spyware targeted Samsung Galaxy users for months
Westpac factors post-quantum cryptography prep into "secure router" rollout

Westpac factors post-quantum cryptography prep into "secure router" rollout
Researcher trawls cybercrime sites, collects billions of stolen credentials

Researcher trawls cybercrime sites, collects billions of stolen credentials
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?