LTS Secure Warning: Critical Vulnerability Allows Hacker To Plant Backdoor On Cisco Devices

A recently discovered vulnerability that has been found in the logic that takes care of access control of a few  hardware components in Cisco’s proprietary Secure Boot implementation, which if exploited would allow an authenticated attacker to modified the firmware image to the component. This Vulnerability is named “Thrangrycat” and it affects multiple Cisco products, which supports the hardware-based Secure boot Functionality. The identified vulnerability is has been assigned a CVSS score of 6.7.

The vulnerability exist because of the way the Field Programmable Gate Array (FPGA) part of the secure boot hardware is been implemented. There is an improper check on the area of the code that manages the on-premise updates for the FPGA. So, an attacker who has both elevated privileges & access to the underlying OS which are used by these devices can exploit this vulnerability to modify the FPGA’s firmware image.

 

Technical Details

The Thrangrycat (CVE-2019-1649) vulnerability can be combined with the (CVE-2019-1862) vulnerability, which is the remote code execution flaw, to allow an hacker located anywhere on the internet, to take control over multiple cisco devices, gain root access, and then disable the Trust Anchor module (TAm) boot process verification, and even stop future TAm security updates from reaching the exploited devices. This also allows the hacker to modify the firmware image & plant backdoors on exploited devices.

 

Impact

  • Attacker may install malicious image on the affected Cisco devices
  • As commands can be executed as root attacker can damage / disrupt the environment.
  • It affects your Business Performance as well as functionality.

 

Recommended Actions

Currently, there is no fix for the given vulnerability. It is highly recommend that if any of your Cisco product is affected by the above mentioned vulnerability then please consult Cisco’s official security advisory.

Since the vulnerability exists because of a hardware design flaw, it is highly unlikely to be fixed via a software patch.

 

LTS Secure Locations
  • Florida: 407-965-5509
    Los Angeles: 323-544-5013
    Mid West: 800 689 4506

  • Chicago/Midwest– 2406 Schumacher Drive, Mishawaka, IN, 46545

    201, Tower S4, Phase II, Cybercity, Magarpatta Township, Hadapsar, Pune-411013

Leave us a messages Leave us a messages

← Prev Step

Thanks for contacting us. We'll get back to you as soon as we can.

Please provide a valid name, email, and question.

Powered by LivelyChat
Powered by LivelyChat Delete History