Vulnerability in FireEye Products Could Allow for Remote Code Execution

ITS Advisory Number: 
2015-158
Date(s) Issued: 
Thursday, December 17, 2015
Subject: 
Vulnerability in FireEye Products Could Allow for Remote Code Execution
Overview: 

A vulnerability has been discovered in FireEye NX, EX, FX and AX Series products that could allow for remote code execution. The vulnerability exists in how the Malware Input Processor (MIP) module analyzes Java (.jar) files. Successful exploitation could lead to network surveillance activity, root access on the device, privilege escalation, and information disclosure.

Systems Affected: 
  • EX Prior to Security Content Version 427.334
  • NX Prior to Security Content Version 427.334
  • AX Prior to Security Content Version 427.334
  • FX Prior to Security Content Version 427.334
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
N/A
Description: 

A vulnerability has been discovered in FireEye NX, EX, FX and AX Series products that could allow for remote code execution. The vulnerability exists in how the Malware Input Processor (MIP) module analyzes Java (.jar) files.

In order to exploit this vulnerability an attacker would have to send an email with a malicious Java (.jar) attachment or convince a user to follow a link to gain access to the device. In some cases, the recipient would not have to read the email, as receiving it would be sufficient to exploit the vulnerability. Successful exploitation could lead to network surveillance activity, root access on the device, privilege escalation, and information disclosure.

FireEye customers configured for automated security updates, should have received the security content update on 12/5/2015. FireEye is also providing support for out-of-contract customers. These customers should contact the FireEye support team at [email protected].

Actions: 
  • Apply appropriate patches provided by FireEye to vulnerable systems.
  • Enable automatic updates for Security Content on vulnerable systems.
  • Restrict access to the physical and management interfaces to authorized personnel and authorized hosts.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.