Cisco patches IOS XE remote command injection flaw

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
But a Secure Boot vulnerability is harder to fix.

Cisco has released patches for products that are vulnerable to a remotely exploitable command injection flaw.
The vulnerability has been given the Common Exposures and Vulnerabilities index of CVE-2019-1649, and was discovered by security researchers Red Balloon.
It affects the Linux-based Cisco IOS XE operating system version 16.x, and allows remote command injection with root superuser privileges via the web user interface in the software.

An attacker would have to be authenticated as administrator on the target system, however, to take advantage of the vulnerability.
The vulnerability is caused by improper handling of user input, allowing attackers to supply a specially crafted parameter on a web form.

Red Balloon notified Cisco of the above vulnerability in November last year, and says it can be chained with another hardware design flaw, in a combo attack that it calls Thrangrycat (denoted by three angry cat emojis). Thrangrycat targets the Cisco Trust Anchor proprietary hardware security module in a large number of the company's enterprise routers, switches and firewalls.

Red Balloon found it was possible to make a persistent modification to the Trust Anchor module, through manipulating a field programmable gate array (FPGA) bitstream.
This defeats the Secure Boot process for devices, Red Balloon said, and invalidates Cisco's chain of trust at its root.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top