A flaw affecting “tens of millions” of Cisco devices, including firewalls and routers, was discovered mid- May 2019 by Red Balloon Security. Imaginatively dubbed “Thrangrycat” by the device security company, the flaw affects all vulnerable devices on both a hardware and software level, making it a more difficult than usual for Cisco to provide an exhaustive fix.
The flaw itself is a two-parter, requiring the combined exploitation of Cisco’s web-based OS - Cisco IOS XE – and what’s called the “Trust Anchor” module, something of a ‘gatekeeping’ chip that ensures only legitimate software can be executed.
The exploit requires that any opportunists first log into the vulnerable device as administrators, using the Cisco IOS XE Software. From there, the user can make amendments to the firmware and compromise the Trust Anchor module.
Whilst any attacker will already be able to compromise your business security once they’ve accessed your admin account, the vulnerabilities here give them worrying new powers over your Cisco device – ones that go much further than your typical admin privileges. They can, for example, alter the Trust Anchor to run spyware on bootup, which cannot be removed or patched out.
While tests were initially carried out on the Cisco ASR 1001-X, the widespread use of this Trust Anchor module means several other Cisco products are vulnerable.
It’s not all chaos, however. As we mentioned, this vulnerability:
Firstly, requires attackers to gain unauthorised access to admin accounts – which a strong security setup will defend against.
Secondly, updates already exist to patch the holes in the affected Cisco devices’ security.
So far, there’s no known instances of any organisations affected by this exploit – the shrewd action would be to get patching quickly and avoid being the first.
To better understand the effect of an attack on business operations, see our blogs on the recent attacks at Norsk Hydro, which disrupted business operations for several weeks, and the ransomware attack on the Police Federation of England and Wales.
Whether it be Careless or Calculated, a Data Breach can be Disastrous for Your Business.
Our Data Breach and Disaster Recovery eBook details everything you need to prevent and recover from data breaches – so you can respond quickly and compliantly in the event of a major incident.