Millions of Cisco devices used by corporate, government and military networks contain a logic vulnerability in their Secure Boot process that could allow local, authenticated actors to bypass and disable critical functionality in the Trust Anchor hardware module (TAm) – the bedrock upon which all other trusted computing mechanisms within the devices are built.
The hardware tampering flaw is officially designated as CVE-2019-1649, but researchers from Red Balloon who made the discovery refer to it as Thrangrycat, or as a series of emojis expressed as "????????????." Adversaries who exploit the issue could also potentially lock out software updates to the TAm's bitstream.
Malicious actors could even execute a remote attack if they combine Thrangrycat with any number of command injection or privilege escalation exploits. For instance, malicious actors might take advantage of CVE-2019-1862, a newly reported command injection vulnerability that Red Balloon researchers also discovered in Cisco's IOS EX operating system.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.