The vulnerability could allow hackers to extract potentially sensitive information from devices' memory More than 840,000 Cisco networking devices from around the world are exposed to a vulnerability that’s similar to one exploited by a hacking group believed to be linked to the U.S. National Security Agency.The vulnerability was announced by Cisco last week and it affects the IOS, IOS XE, and IOS XR software that powers many of its networking devices. The flaw allows hackers to remotely extract the contents of a device’s memory, which can lead to the exposure of sensitive information.The vulnerability stems from how the OS processes IKEv1 (Internet Key Exchange version 1) requests. This key exchange protocol is used for VPNs (Virtual Private Networks) and other features that are popular in enterprise environments.Cisco discovered the vulnerability internally after analyzing an exploit for Cisco PIX firewalls that was leaked last month by a hacking outfit called Shadow Brokers. The exploit was part of a larger set of attack tools that Shadow Brokers claimed are being used by a cyberespionage group known in the security industry as the Equation, believed to be linked to the NSA. Because other hackers could find the same flaw by analyzing the exploit leaked by Shadow Brokers, Cisco decided to inform its customers about it through a security advisory, even though the company is still working on developing and releasing patches.Many of the affected IOS, IOS XE, and IOS XR releases don’t yet have fixed versions, but Cisco released detection signatures for intrusion prevention systems that could be used to protect networks from potential attacks. The Shadowserver Foundation, an organization that tracks cybercrime and assists with botnet takedowns, has started an internet-wide scan to find Cisco devices affected by this vulnerability with the goal of reporting them to their owners.Its latest scan, which ran for two and a half hours on Wednesday, identified devices with 840,681 distinct IP addresses that responded as vulnerable to the probe.The U.S. is the country with the largest number of vulnerable devices — 255,606 — followed by Russia with 42,281, and the United Kingdom with 42,138. Canada, Germany, Japan, Mexico, France, Australia, and China complete the top 10. Related content opinion Cybersecurity is dead – long live cyber awareness Let's face it: anyone who depends solely on prevention is doomed. By Scott Goldman Oct 17, 2017 6 mins Data Breach Ransomware Hacking opinion Your data has been kidnapped… now what? If you think you're not a target for a cyberattack recent 'ransomware' incidents should make you think again. By Scott Goldman May 15, 2017 6 mins Data Breach Social Engineering IT Skills opinion The keyboard and the Colt Today's hackers are yesterday's gunslingers and should prompt our country into a more serious cybersecurity posture By Scott Goldman Apr 10, 2017 3 mins Technology Industry Cloud Security Cybercrime opinion Is your family's cybersecurity worth $20 a month? Unlimited data plans offer convenience and cost efficiency, but also provide a level of cybersecurity that WiFi can't match By Scott Goldman Mar 13, 2017 5 mins Cyberattacks Mobile Security Technology Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe