Safe Boot Violation Failure Found on Cisco Devices

Researchers have discovered a critical flaw in Cisco equipment, which could allow intruders to implement backdoors on a number of Cisco devices, such as routers, switches and firewalls.

resize-bandwidth-close-up-connection-1148820

The failure known as "😾😾😾" (CVE-2019-1649) allows an attacker to perform a bypass on the Trust Anchor module (TAm). The TAm is a mechanism that is considered the "root of trust" which supports all of Cisco's other trusted security and computing mechanisms. The module stops manipulation of the Field Programmable Gate Array (FPGA) bit stream.

The researchers said the flaw allows "attackers to make persistent modifications to the Trust Anchor module via FPGA bitstream modification, thus defeating the safe boot process and invalidating the Cisco trust chain. Although failures are hardware-based, '😾😾😾' can be exploited remotely, without the need for physical access. Because failures reside in hardware design, it is unlikely that any software security patch will fully resolve the vulnerability of fundamental security."

A good example of how the "😾😾😾" fault can be exploited remotely is the other fault (CVE-2019-1862) encountered by the same team of researchers in the Cisco IOS XE web interface. The fault allows an attacker (already authenticated) to execute commands in the device's Linux shell, with root privileges.

More details on these vulnerabilities will be reported in this year's Black Hat USA Security Conference.

Did you enjoy this blog article? Comment below with your feedback.

 

About CIPHER

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of services: Managed Security Services (MSS), Managed Detection and Response (MDR), Cyber Intelligence Services (CIS), Red Team Services (RTS), Governance, Risk and Compliance (GRC) and Cybersecurity Technology Integration (CTI). These services are supported by the Cipher Lab, an elite threat and cyber intelligence research and development lab, and also by five 24x7 Security Operations Centers (SOC).

Cipher is a highly accredited company holding ISO 27001, ISO 22301, ISO 20000, ISO 9001, SOC I, SOC II, PCI QSA, PCI ASV and CREST certifications. The quality of service has led Cipher to win many awards from world-renowned research companies such as Gartner, Frost & Sullivan and Forrester. Clients consist of companies from mid-size enterprises to world-renowned corporations and government agencies, with countless success stories.

Recent Security Posts

Essential-Cyber-Security-Tips-Guide.jpg

Twitter Feed