tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesVulnerability in FireEye Products Could Allow for Remote Code Execution

Vulnerability in FireEye Products Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2015-153

DATE(S) ISSUED:

12/16/2015

OVERVIEW:

A vulnerability has been discovered in FireEye NX, EX, FX and AX Series products that could allow for remote code execution. The vulnerability exists in how the Malware Input Processor (MIP) module analyzes Java (.jar) files. Successful exploitation could lead to network surveillance activity, root access on the device, privilege escalation, and information disclosure.

THREAT INTELLIGENCE:

There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:

  • EX Prior to Security Content Version 427.334
  • NX Prior to Security Content Version 427.334
  • AX Prior to Security Content Version 427.334
  • FX Prior to Security Content Version 427.334

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
N/A

TECHNICAL SUMMARY:

A vulnerability has been discovered in FireEye NX, EX, FX and AX Series products that could allow for remote code execution. The vulnerability exists in how the Malware Input Processor (MIP) module analyzes Java (.jar) files.

In order to exploit this vulnerability an attacker would have to send an email with a malicious Java (.jar) attachment or convince a user to follow a link to gain access to the device. In some cases, the recipient would not have to read the email, as receiving it would be sufficient to exploit the vulnerability. Successful exploitation could lead to network surveillance activity, root access on the device, privilege escalation, and information disclosure.

FireEye customers configured for automated security updates, should have received the security content update on 12/5/2015. FireEye is also providing support for out-of-contract customers. These customers should contact the FireEye support team at support@fireeye.com.

RECOMENDATIONS:

We recommend the following actions be taken:
Apply appropriate patches provided by FireEye to vulnerable systems.
Enable automatic updates for Security Content on vulnerable systems.
Restrict access to the physical and management interfaces to authorized personnel and authorized hosts.
Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories