Cisco All at Sea Over Trust Anchor Module Vulnerability

  /     /     /  
Publicated : 23/11/2024   Category : security


Cisco All at Sea Over Trust Anchor Module Vulnerability


Researchers have found ways to bypass the entire process of secure booting that the hardware was designed to support.



Cisco has
issued a high-level security advisory
about a “Secure Boot Hardware Tampering Vulnerability.” This advisory affects almost all Cisco products since 2013 that support the Trust Anchor module (TAm).
Researchers have found ways to bypass the entire process of secure booting that the hardware was designed to support.
The researchers,
Red Balloon Security
, made a disclosure along with Cisco on the same subject.
They disclosed that an attacker [could] fully bypass Ciscos Trust Anchor module (TAm) via Field Programmable Gate Array (FPGA) bitstream manipulation. Of course, the attacker must have root to be able to do such manipulation.
They found a way to get that, too. They also found a second vulnerability that is a remote command injection vulnerability against Cisco IOS XE version 16 and will allow remote code execution as root.
Well, you chain one to the other and there you have bypass of TAm. Along with that, Red Balloon says that an attacker can remotely and persistently bypass Ciscos secure boot mechanism and lock out all future software updates to the TAm.
But the problems root may not be due to the software code. The researchers are fairly straightforward as to where they put the blame for the problem.
While everyone is waiting for Cisco to patch, they say the cause of the vulnerability is fundamentally a hardware design flaw, we believe it will be very difficult, if not impossible to fully resolve this vulnerability via a software patch.
They continued that, While the flaws are based in hardware, [the vulnerability] can be exploited remotely without any need for physical access. Since the flaws reside within the hardware design, it is unlikely that any software security patch will fully resolve the fundamental security vulnerability.
So, the researchers dont think software mitigation in any form will be effective to resolve this.
There are a huge amount of vulnerable devices, since the TAm was used extensively by Cisco in enterprise routers, switches and firewalls. The length of the affected list on the advisory was eye-popping. Cisco acknowledges in their advisory that there are no workarounds available at this time.
Yet even the researchers know this problem has not been used in the wild. We are unaware of any use of this exploit in the wild, but the potential danger is severe, they say.
Just how practical an attack that utilizes manipulation of the FPGA as an attack vector remains to be seen. There will be much more information about that aspect going forward. But if the attack works, it works big.
Ciscos efforts to mitigate cant be ignored as well, even if they are not as successful as might be hoped. Cisco will be highly motivated here, to be sure.
— Larry Loeb has written for many of the last centurys major dead tree computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cisco All at Sea Over Trust Anchor Module Vulnerability