Cisco has disclosed a pair of high-severity bugs affecting its IOS XE software and its proprietary Secure Boot system that researchers broke and demonstrated attackers could write a modified firmware image to Cisco’s routers and switches.
Both bugs were found by researchers from the firm Red Balloon Security, which today published a detailed report on the bugs under a coordinated release with Cisco.
Secure Boot is Cisco’s system that checks the integrity of the firmware on Cisco devices while IOS XE is a Cisco networking device operating system. The researchers found a web command UI injection flaw in IOS XE that allows a remote attacker to execute commands with root privileges.
According to Red Balloon, combining the two flaws would allow an attacker to remotely bypass Cisco Secure Boot and potentially block all future updates to a proprietary hardware security module known as the Cisco Trust Anchor module or TAm.
Cisco lists over 100 routers and switches that are affected by the Secure Boot tampering flaw, which has been given the identifier CVE-2019-1649.
Affected devices include its enterprise and industrial routers and switches, Connected Grid Routers, Firepower security devices, Cisco ASR routers, and Catalyst switches — basically any device that relies on hardware-based Secure Boot.
Cisco explains the flaw is due to “an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation.”
Patching is going to be a pain and tricky for many affected organizations since a botched update could brick the device.
“In most cases, the fix will require an on-premise reprogramming of a low-level hardware component that is required for normal device operation,” Cisco warns.
“A failure during this reprogramming process may cause the device to become unusable and require a hardware replacement,” it adds.
Cisco notes some mitigating factors, such as that an attacker would need research each affected platform and then develop a platform-specific exploit.
However some products got fixed firmware this month, others aren’t due to receive fixed firmware updates until as late as November.
Red Balloon researchers have nicknamed the bug Thrangrycat or 😾😾😾and say that an attacker can bypass Cisco’s TAm trust anchor by modifying the content of the FGPA’s bitstream.
“An attacker with root privileges on the device can modify the contents of the FPGA anchor bitstream, which is stored unprotected in flash memory. Elements of this bitstream can be modified to disable critical functionality in the TAm,” Red Balloon explains.
“Successful modification of the bitstream is persistent, and the Trust Anchor will be disabled in subsequent boot sequences. It is also possible to lock out any software updates to the TAm’s bitstream.”
The researchers demonstrated their attack on a Cisco ASR 1001-X device, which Cisco notes is the only device it is aware of that there is proof of concept code in the public. It's not currently aware of any malicious usage, however given the number of affected devices across the world that could change over coming months as researchers or attackers begin scanning for vulnerable devices.
Red Balloon will present its detection and mitigation technique at BlackHat USA 2019, which kicks off in Las Vegas in August.