Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/13/2019
06:15 PM
50%
50%

Thrangrycat Claws Cisco Customer Security

A linked pair of vulnerabilities could allow an attacker to take over many different types of Cisco networking components.

A recently discovered flaw in Cisco IOS XE software with the HTTP Server feature enabled could allow a user with stolen credentials to execute code on a Cisco networking device with root privileges — a significant privilege escalation attack. Dubbed Thrangrycat by the researchers at Red Balloon Security who discovered the linked pair of vulnerabilities, these flaws, designated CVE-2019-1862, would allow an attacker to first bypass the Cisco Trust Anchor module (TAm), then conduct a remote code injection with root execution.

In the first exploit, an attacker would manipulate the bitstream responsible for defining the Field-Programmable Gate Array (FPGA) that holds the code for TAm — code that executes from the FPGA hardware at boot and is designed to insulate the device from boot-time exploits. In addition to bypassing secure boot, the attack code locks all future software updates out of the TAm.

Once the TAm is compromised, the attacker can log into the device and execute code at root privilege. Cisco has released a firmware update that patches the vulnerability, and acknowledges that there are no operational work-arounds to Thrangrycat.

The company plans to present details of the vulnerability and exploit at Black Hat USA 2019 in Las Vegas.

For more, read here and here

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15572
PUBLISHED: 2020-07-15
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
CVE-2020-8178
PUBLISHED: 2020-07-15
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
CVE-2020-8203
PUBLISHED: 2020-07-15
Prototype pollution attack when using _.zipObjectDeep in lodash <= 4.17.15.
CVE-2020-13923
PUBLISHED: 2020-07-15
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04
CVE-2020-15695
PUBLISHED: 2020-07-15
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.