Critical vulnerability affecting various Cisco devices

A group of specialists from the IICS’s information security course has discovered a critical vulnerability in Cisco equipment that, if exploited, could allow a malicious hacker to install backdoors in various company deployments, such as industrial switches, routers and firewall implementations.

The vulnerability, tracked as CVE-2019-1649, allows threat actors to bypass protection from the Trust Anchor security module, a mechanism that supports all Cisco verification measures. This module stops manipulation of the field programmable gate array (FPGA) bit stream.

When exploiting the vulnerability, malicious hackers can make persistent modifications to the Trust Anchor module by modifying the FPGA bit flow, overriding the safe boot process, and interrupting the verification chain of the company.

In addition, information security course specialists add that, despite the fact that the vulnerability exists in the hardware, it is exploitable remotely without the need for physical access to the devices. As if it is not enough, the possibility of correcting the vulnerability with update patches is minimal or even null.

According to the information security course experts from the International Institute of Cyber Security (IICS), the process of exploiting this vulnerability is similar to that of another critical flaw in a company’s development, the web interface of the Cisco IOS XE operating system. According to the report, this vulnerability (tracked as CVE-2019-1862) allows attackers to execute Linux shell commands on the device with root user privileges.

This is the latest in a series of cybersecurity incidents in Cisco developments; a few days ago, a serious vulnerability was reported in the 1001-X router for industrial, academic, and corporate environments. If exploited, this security issue would allow attackers to take control of any compromised device, leaving in a critical security situation all the data passing through the router, as it is exposed to a series of malicious activities.   

The company shortly released update patches for its IOS system, in addition to providing corrections for all of its potentially vulnerable products.