Cisco devices have been affected by a serious vulnerability. Red Balloon security researchers discovered the problem in 2018, but have now announced it. For the vast majority of the affected devices, it will take months before the problem can be solved.
The problem is called Thrangrycat and uses an error in the hardware security module Trust Anchor module (TAm), which is used in a range of products. These include enterprise routers, switches and firewalls, according to the researchers. The hardware must ensure that the device in question can be started up safely.
Hackers can take over this part of the device remotely, as long as they have administrator rights. They can acquire these rights with yet another vulnerability that the security researchers found. This is a problem in IOS XE, the Cisco operating system. Someone can pretend to be an administrator, after which Thrangrycat can be abused.
If a hacker manages to take over a device via Thrangrycat, in some cases the attacker can also install and start up malware. There is also the possibility that a device may become unusable as a result of an attack. Attackers can also attribute a custom firmware image to the component.
150 devices affected
Cisco itself says that more than 150 devices have been affected by the problem. A number of devices will be updated this month to solve the problem. The vast majority, however, will have to wait for this for some time to come. For some devices, the update will not arrive until August, November or later.
Red Balloon states that it is unlikely that the problem can be completely solved with a software update because it is in a hardware component of the routers. The researchers are going to analyze the updates that Cisco is releasing.
Cisco and Red Balloon both report that they have no evidence that the vulnerability in the wild has been abused to manipulate routers.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.