Intel has been in the news several times over the last 18 months due to serious security flaws that have been found in their chipsets, beginning with the dreaded Spectre and Meltdown flaws. Now with MDS attacks, they’re not the only ones. Recently, researchers have discovered serious flaws in Cisco products that would allow a determined hacker the ability to attack a wide range of devices.
These would be devices used by businesses and government agencies, including routers, switches and firewalls. The new vulnerability is being tracked as CVE-2019-1649, and has been dubbed ‘Thrangrycat’ by researchers from Red Balloon Security, who first discovered it.
The research team had this to say about the vulnerability:
“An attacker with root privileges on the device can modify the contents of the FPGA anchor bitstream, which is stored unprotected in flash memory. Elements of this bitstream can be modified to disable critical functionality in the Trust Anchor module (Tam).
Successful modification of the bitstream is persistent, and the Trust Anchor will be disabled in subsequent boot sequences. It is also possible to lock out any software updates to the Tam’s bitstream.”
Ominously, the research team added the following note:
“By chaining the Thrangrycat and remote command injection vulnerabilities, and attacker can remotely and persistently bypass Cisco’s secure boot mechanism and lock out all future software updates to the Tam. Since the flaws reside within the hardware design, it is unlikely that any software security patch will fully resolve the fundamental security vulnerability.”
Even so, we can expect Cisco to do something along those lines to at least blunt the risk, and they’re no doubt already looking at the hardware architecture to find a solution going forward. To this point, the company notes that they’ve not detected any attacks exploiting these vulnerabilities, but now that the research has been made public, that may change.