The top two countries affected are the US and the Russian Federation, the report said.
The attack code, one of many exfiltrated from the NSA-associated Equation Group by Shadow Brokers, is dubbed BENIGNCERTAIN. Shadow Brokers is suspected of being a Russian-backed operation.
Confirmation that the code could be used to remotely extract decryption keys from the PIX firewall was posted by researcher Mustafa Al-Bassam, a former associate of the hacking group Anonymous, who now works with the payments processing company Secure Trading.
A search using the Shodan search engine brought up 9079 devices in the Russian Federation, 2740 in the US and 1527 in Australia using the PIX firewall.
Ars said it had asked Cisco to investigate the exploit but the company declined, citing its policy on products which have reached their end-of-life.
Later, however, Cisco updated an existing blog post and wrote: "Even though the Cisco PIX is not supported and has not been supported since 2009..., out of concern for customers who are still using PIX we have investigated this issue and found PIX versions 6.x and prior are affected. PIX versions 7.0 and later are confirmed to be unaffected by BENIGNCERTAIN. The Cisco ASA is not vulnerable."