Web application security course specialists have reported a critical vulnerability in the Cisco 1001-X series router that, if exploited, would allow threat actors to take control of any compromised device, putting all data that pass through the router at risk.
Unlike domestic routers, the Cisco 1001-X is a much larger and expensive device, designed for industrial environments, shopping centers, academic institutions, corporate offices, etc.
To exploit this vulnerability, two other flaws are required to be abused:
- A Cisco IOS operating system failure that would allow an attacker to access root remotely
- Once root access is obtained, attackers can bypass Trust Anchor, a vital security measure in Cisco products; according to experts, all of the company’s products could be exposed to this vulnerability, from switches and routers to firewall implementations
This process could allow an attacker to fully compromise the networks connected to the device, so the specialists consider that the potential scope of these attacks is immense. “Malicious changes could be made in Trust Anchor and the system would be unable to recognize unauthorized activity”, added web application security course experts.
Companies have deployed more and more security mechanisms similar to Trust Anchor. This is an area isolated from the rest of the computer equipment or the chip; users cannot modify it, regardless of the administrator privileges they have. Because of this, this secure enclave can verify the integrity of the rest of the systems.
Although this may be useful, specialists from the International Institute of Cyber Security (IICS) consider that the security of a whole system should not depend solely on the integrity of the secure enclave, because if a hacker manages to manipulate this security measure, a system could be completely compromised without the administrators even noticing that there is a problem.
In this case, web application security course specialists showed how to compromise the secure boot process of the Cisco 1001-X (which protects the fundamental code of hardware and software) to prevent detection of an attacker who has taken control of the device.
The company will shortly release patch updates for its IOS system, in addition to providing corrections for all of its potentially vulnerable products to exploit this flaw.