Red Balloon Specialists found way to attack TAm and make changes in module via I/O data streams by manipulating a bit stream of a programmable logic array FPGA (Field Programmable Gate Array).
“TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thrangrycat allows an attacker to make persistent modification to the Trust Anchor module via FPGA bitstream modification, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root”, — report Red Balloon Security specialists.
Thrangrycat can be exploited remotely without necessity of physical access to devices
“The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise”, — confess Cisco specialists.
It is noted that for bites stream modification attacker will have to get access with rights of superusers on the device, so vulnerability can be used only is equipment is already compromised, for example, with the use of bug that allows interception of control over the device.
Aside Thrangrycat, researchers discovered such vulnerability. The case is about RCE-bug (CVE-2019-1862) in web-interface of IOS XE that realized in Cisco products and that can be used for access to routers and commutators with the rights of superuser.
Combining listed above vulnerabilities, attackers will have opportunity of intercepting control over devices, get root access, disable TAm check, and block module’s safety updates. In its turn, this will allows them implement backdoors on targeted devices.
Read also: Alpine’s Docker-images were supplied with empty password of “root” user
Specialists tested attack on Cisco routers ASR 1001-X only, but, they say that any device with FPGA-module TAm is vulnerable. Full lists of vulnerable equipment presented in Cisco notification.
Nevertheless, there is no established cases of vulnerability exploitation yet.
Source: https://tools.cisco.com
About News-xbuhoxu.store News-xbuhoxu.store pop-ups can not open out of nowhere. If you have actually clicked…
About News-xbadeyo.today News-xbadeyo.today pop-ups can not introduce out of nowhere. If you have clicked on…
About News-bbutohu.info News-bbutohu.info pop-ups can not open out of nowhere. If you have actually clicked…
About News-bbucoxe.today News-bbucoxe.today pop-ups can not launch out of the blue. If you have clicked…
About News-xdetake.cc News-xdetake.cc pop-ups can not expose out of nowhere. If you have clicked on…
About News-bbufiya.today News-bbufiya.today pop-ups can not expose out of nowhere. If you have clicked some…