News

Thrangrycat vulnerability can be used for malware invasion in Cisco equipment

IT-security experts discovered dangerous bug in Cisco protected load mechanism that affected a wide range of products that used in governmental and corporate networks, including routers, commutators and firewalls.

Vulnerability named Thrangrycat (CVE-2019-1649) linked to the range of disadvantages in the design of TAm module (Trust Anchor module) that is function of protected trusted download Secure Boot. This function allows checking program unity of the device and realized in more than 300 company’s products.

Red Balloon Specialists found way to attack TAm and make changes in module via I/O data streams by manipulating a bit stream of a programmable logic array FPGA (Field Programmable Gate Array).

“TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thrangrycat allows an attacker to make persistent modification to the Trust Anchor module via FPGA bitstream modification, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root”, — report Red Balloon Security specialists.

Thrangrycat can be exploited remotely without necessity of physical access to devices

“The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise”, — confess Cisco specialists.

It is noted that for bites stream modification attacker will have to get access with rights of superusers on the device, so vulnerability can be used only is equipment is already compromised, for example, with the use of bug that allows interception of control over the device.

Aside Thrangrycat, researchers discovered such vulnerability. The case is about RCE-bug (CVE-2019-1862) in web-interface of IOS XE that realized in Cisco products and that can be used for access to routers and commutators with the rights of superuser.

Combining listed above vulnerabilities, attackers will have opportunity of intercepting control over devices, get root access, disable TAm check, and block module’s safety updates. In its turn, this will allows them implement backdoors on targeted devices.

Read also: Alpine’s Docker-images were supplied with empty password of “root” user

Specialists tested attack on Cisco routers ASR 1001-X only, but, they say that any device with FPGA-module TAm is vulnerable. Full lists of vulnerable equipment presented in Cisco notification.

Nevertheless, there is no established cases of vulnerability exploitation yet.

Source: https://tools.cisco.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove News-xbuhoxu.store Pop-up Ads

About News-xbuhoxu.store News-xbuhoxu.store pop-ups can not open out of nowhere. If you have actually clicked…

1 hour ago

Remove News-xbadeyo.today Pop-up Ads

About News-xbadeyo.today News-xbadeyo.today pop-ups can not introduce out of nowhere. If you have clicked on…

1 hour ago

Remove News-bbutohu.info Pop-up Ads

About News-bbutohu.info News-bbutohu.info pop-ups can not open out of nowhere. If you have actually clicked…

2 hours ago

Remove News-bbucoxe.today Pop-up Ads

About News-bbucoxe.today News-bbucoxe.today pop-ups can not launch out of the blue. If you have clicked…

2 hours ago

Remove News-xdetake.cc Pop-up Ads

About News-xdetake.cc News-xdetake.cc pop-ups can not expose out of nowhere. If you have clicked on…

5 hours ago

Remove News-bbufiya.today Pop-up Ads

About News-bbufiya.today News-bbufiya.today pop-ups can not expose out of nowhere. If you have clicked some…

5 hours ago