Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/13/2019
06:15 PM
50%
50%

Thrangrycat Claws Cisco Customer Security

A linked pair of vulnerabilities could allow an attacker to take over many different types of Cisco networking components.

A recently discovered flaw in Cisco IOS XE software with the HTTP Server feature enabled could allow a user with stolen credentials to execute code on a Cisco networking device with root privileges — a significant privilege escalation attack. Dubbed Thrangrycat by the researchers at Red Balloon Security who discovered the linked pair of vulnerabilities, these flaws, designated CVE-2019-1862, would allow an attacker to first bypass the Cisco Trust Anchor module (TAm), then conduct a remote code injection with root execution.

In the first exploit, an attacker would manipulate the bitstream responsible for defining the Field-Programmable Gate Array (FPGA) that holds the code for TAm — code that executes from the FPGA hardware at boot and is designed to insulate the device from boot-time exploits. In addition to bypassing secure boot, the attack code locks all future software updates out of the TAm.

Once the TAm is compromised, the attacker can log into the device and execute code at root privilege. Cisco has released a firmware update that patches the vulnerability, and acknowledges that there are no operational work-arounds to Thrangrycat.

The company plans to present details of the vulnerability and exploit at Black Hat USA 2019 in Las Vegas.

For more, read here and here

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
GDPR Enforcement Loosens Amid Pandemic
Seth Rosenblatt, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11018
PUBLISHED: 2020-05-29
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.
CVE-2020-13634
PUBLISHED: 2020-05-29
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xF1002558
CVE-2020-12675
PUBLISHED: 2020-05-29
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-202...
CVE-2020-11017
PUBLISHED: 2020-05-29
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0.
CVE-2020-4306
PUBLISHED: 2020-05-29
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 17...