https://www.wired.com/story/cisco-router-bug-secure-boot-trust-anchor/
By Lily Hay Newman
Security
Wired.com
05.13.19
THE CISCO 1001-X series router doesn't look much like the one you have in your
home. It's bigger and much more expensive, responsible for reliable
connectivity at stock exchanges, corporate offices, your local mall, and so on.
The devices play a pivotal role at institutions, in other words, including some
that deal with hypersensitive information. Now, researchers are disclosing a
remote attack that would potentially allow a hacker to take over any 1001-X
router and compromise all the data and commands that flow through it.
And it only gets worse from there.
To compromise the routers, researchers from the security firm Red Balloon
exploited two vulnerabilities. The first is a bug in Cisco’s IOS operating
system—not to be confused with Apple's iOS—which would allow a hacker to
remotely obtain root access to the devices. This is a bad vulnerability, but
not unusual, especially for routers. It can also be fixed relatively easily
through a software patch.
The second vulnerability, though, is much more sinister. Once the researchers
gain root access, they can bypass the router's most fundamental security
protection. Known as the Trust Anchor, this Cisco security feature has been
implemented in almost all of the company’s enterprise devices since 2013. The
fact that the researchers have demonstrated a way to bypass it in one device
indicates that it may be possible, with device-specific modifications, to
defeat the Trust Anchor on hundreds of millions of Cisco units around the
world. That includes everything from enterprise routers to network switches to
firewalls.
In practice, this means an attacker could use these techniques to fully
compromise the networks these devices are on. Given Cisco's ubiquity, the
potential fallout would be enormous.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
