Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor

Thrangrycat, a new vulnerability has been unveiled for Cisco routers, switches, and firewalls that attackers can leverage to install a persistent backdoor.  Thrangrycat has been identified as CVE-2019-1649 and was discovered by researchers at Red Balloon.  The vulnerability exists on Cisco products that support the Trust Anchor module (TAm) that is implemented on Cisco enterprise devices.  The TAm is used to verify that the firmware operating on the hardware platforms is authentic and unmodified. "By chaining Thrangrycat and remote command injection vulnerabilities, an attacker can remotely and persistently bypass Cisco's secure boot mechanism and lock out all future software updates to the TAm," researchers said.  Further details regarding the vulnerability are expected to be released at Black Hat USA this August.

Relevant URL(s): https://thehackernews.com/2019/05/cisco-secure-boot-bypass.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+TheHackersNews+(The+Hackers+News+-+Cyber+Security+Blog)&_m=3n.009a.1986.nk0ao093p4.18av