Two security flaws, one dubbed “Thrangrycat,” in “tens of millions” of Cisco enterprise routers, switches, and firewalls could allow hackers to remotely attack corporate networks, steal data, and attack other devices connected to the networks, according to Red Balloon Security.
The embedded device security company disclosed the two flaws on Monday. The first, “Thrangrycat” (like the emoji), allows an attacker to bypass Cisco’s Trust Anchor module (TAm) via field programmable gate array (FPGA) bitstream manipulation. The TAm is a proprietary hardware security module used in a wide range of Cisco products and the root of trust that underpins all of the security mechanisms in these devices.
The second vulnerability is in the web-based user interface of Cisco IOS XE software and could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges.
By chaining Thrangrycat and the remote command injection vulnerabilities, a hacker could remotely bypass Cisco’s secure boot process and lock out all future software updates to the TAm, Red Balloon Security says.
“This is a significant security weakness which potentially exposes a large number of corporate, government, and even military networks to remote attacks,” said Dr. Ang Cui, founder and chief scientist of Red Balloon Security in a statement. “We’re talking about tens of millions of devices potentially affected by this vulnerability, many of them located inside of sensitive networks.”
Cisco classified both as high-impact vulnerabilities. The vendor is developing and will release software updates to fix Thrangrycat, and has already released patches for the second security flaw. There are no workarounds, and Cisco also said it’s “not aware of malicious use” of either vulnerability.
However, since the flaws are with the hardware design, Red Balloon Security says it is unlikely that any software security patch will fully resolve vulnerability.
“Fixing this problem isn’t easy, because to truly remediate it requires a physical replacement of the chip at the heart of the Trust Anchor system,” Cui said. “A firmware patch will help to offset the risks, but it won’t completely eliminate them. This is the real danger, and it will be difficult for companies, financial institutions, and government agencies to properly address this problem.”
When asked if a firmware patch will fix the problem, a Cisco spokesperson, via email, said: “Cisco uses FPGAs as a foundational component within the product’s base hardware design. These components, along with their configuration, provide building blocks for product functionality as well as for the Secure Boot capability. Cisco’s fixes address the Secure Boot hardware tampering vulnerability by implementing additional protection schemes locking the FPGA to further assure authentic Cisco firmware is used in the system. These protections address both remote and privilege escalation-based attacks from the product’s operating system. We constantly review and adapt Cisco product security requirements as the threat landscape evolves. Cisco is committed to advanced security research by continuing to innovate and develop new trustworthy technologies.”