A group of specialists from the IICS’s information
security course has discovered a critical vulnerability in Cisco
equipment that, if exploited, could allow a malicious hacker to install backdoors
in various company deployments, such as industrial switches, routers and
firewall implementations.
The vulnerability, tracked as CVE-2019-1649,
allows threat actors to bypass protection from the Trust Anchor security
module, a mechanism that supports all Cisco verification measures. This module
stops manipulation of the field programmable gate array (FPGA) bit stream.
When exploiting the vulnerability, malicious
hackers can make persistent modifications to the Trust Anchor module by modifying
the FPGA bit flow, overriding the safe boot process, and interrupting the
verification chain of the company.
In addition, information security course specialists
add that, despite the fact that the vulnerability exists in the hardware, it is
exploitable remotely without the need for physical access to the devices. As if
it is not enough, the possibility of correcting the vulnerability with update
patches is minimal or even null.
According to the information security course experts
from the International Institute of Cyber Security (IICS), the process of
exploiting this vulnerability is similar to that of another critical flaw in a
company’s development, the web interface of the Cisco IOS XE operating system.
According to the report, this vulnerability (tracked as CVE-2019-1862) allows
attackers to execute Linux shell commands on the device with root user
privileges.
This is the latest in a series of cybersecurity
incidents in Cisco
developments; a few days ago, a serious vulnerability was reported in the
1001-X router for industrial, academic, and corporate environments. If
exploited, this security issue would allow attackers to take control of any
compromised device, leaving in a critical security situation all the data
passing through the router, as it is exposed to a series of malicious
activities.
The company shortly released update patches for
its IOS system, in addition to providing corrections for all of its potentially
vulnerable products.
