FireEye told that the RCE vulnerability affected the company’s Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX) products.
Researchers have earlier also found vulnerabilities in FireEye’s products. In September, FireEye patched vulnerabilities reported by Kristian Erik Hermansen and Ron Perris. Hermansen claimed that he had disclosed the details of a flaw 18 months prior to its public disclosure and before FireEye could release a fix.
In September, five other vulnerabilities were reported by German security firm ERNW. The issues including command injection, code execution, privilege escalation and memory corruption vulnerabilities affected NX, EX, AX, FX, HX (Endpoint Security) and CM (Central Management) products.
FireEye spokesman Kyrksen Storer said that due to the vulnerability’s severity, the company had released an automated remediation to customers just 6 hours after its notification.
“We are thankful for the opportunity to support the Google team in this process, will continue to support their efforts, and fully support the broader security research community’s efforts to test and improve our products,” Storer added.
