Two serious vulnerabilities have been found in one of Cisco's most ubiquitous enterprise routers that enable hackers to remotely control Cisco's enterprise-grade 1001-X kit.
According to Red Balloon Security, a group known for exposing vulnerabilities in Cisco products, the security flaw can be exploited by two interoperating vulnerabilities.
The first is a flaw in Cisco's IOS XE operating system. The vulnerability allows hackers to gain root access to a device remotely - this isn't uncommon, but it's still worrying.
The second and more damning flaw is called Thrangrycat, a vulnerability that allows hackers to bypass Cisco's Trust Anchor Module (TAm) via Field Programmable Gate Array (FPGA) bitstream manipulation.
Combining the two vulnerabilities together gives the attacker the chance to control the router and persistently block updates to the TAm which could act as a gateway to an attack on an entire network.
There is huge worry about the ramifications of the findings because the TAm is the core security provision in nearly every Cisco product. Attackers can quietly assume control of a device that can act as a portal to the network and do so while the device continues to report itself as 'trustworthy'.
In a summary report issued by Red Balloon Security, the researchers say that "since the flaws reside within the hardware design, it is unlikely that any software security patch will fully resolve the fundamental security vulnerability."
"Make no mistake, the vulnerabilities have the potential to disrupt global internet traffic and the recent disclosures of Cisco 1001-X router bugs have short and long term ramifications," Sam Curry, chief security officer at Cybereason. "The second vulnerability is analogous to a bank leaving their vault doors open with all the security guards on lunch break creating a free-for-all."
"The troubling news is that researchers are reporting that Cisco's Trust Anchor security feature has been compromised," he added. "It is essentially the security stamp that Cisco puts on hundreds of millions of products. If the hackers can bypass this security feature, consider that there are at least 6 years of routers out there potentially affected, all eyes are on Cisco for what their response will be."
Red Balloon researchers have said that a simple software patch probably won't be sufficient to protect against the threat they uncovered. They said that an absolute workaround would be to implement an FPGA with an encrypted bitstream to all future products. It would be more financially and computationally demanding but would offer protection from this type of attack.
Cisco has said that it's currently working on a software fix for all the affected products and of those that are vulnerable, some have estimated patch dates as far away as October 2019.
It said that in most cases, customers will have to perform a physical, on-prem repair to some low-level hardware when the relevant patch is released. It warns that a failure during this process can lead to total hardware failure, requiring the customer to purchase a replacement.
There is currently no evidence to suggest that the proof of concept code provided by Red Balloon to Cisco has been made available in the wild.
Cisco claimed to have successfully patched remote-code execution and information disclosure bugs found in its SMB routers, but in March it was found the company did so erroneously.
-
Acemagic Matrix Mini M1 Mini PC reviewReviews The Intel-powered Acemagic is a smart-looking machine with plenty of connectivity options and a reasonable price
-
Google CEO Sundar Pichai says vibe coding has made software development ‘exciting again’News Google CEO Sundar Pichai claims software development has become “exciting again” since the rise of vibe coding, but some devs are still on the fence about using AI to code.
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
