Security firm Red Balloon Security recently discovered a critical vulnerability in Cisco’s products, including routers, switches, and firewalls, which are used among the private and government networks.
Founded in 2011, Red Balloon Security is a cybersecurity provider and research firm focussed on the protection of embedded devices. The New York-based company claims that its advanced suite of host-based firmware security solutions secures embedded systems by continuously monitoring critical elements of the firmware.
Red Balloon stated the vulnerability, codenamed as “Thrangrycat,” is caused due to hardware design flaws within Cisco’s Trust Anchor module (TAm), which is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches, and firewalls.
According to Red Balloon, the vulnerability provides hackers a backdoor into highly secure networks, allowing them to bypass security defenses in order to gain full and persistent access inside the network. Cybercriminals might use this vulnerability to interrupt communications, steal or manipulate data, install stealthy implants, and can make attacks on other connected devices.
Speaking on the latest discovery, Dr. Ang Cui, the founder and chief scientist of Red Balloon Security said, “This is a significant security weakness which potentially exposes a large number of corporate, government and even military networks to remote attacks. We’re talking about tens of millions of devices potentially affected by this vulnerability, many of them located inside of sensitive networks. These Cisco products form the backbone of secure communications for these organizations, and yet we can exploit them to permanently own their networks. Fixing this problem isn’t easy, because to truly remediate it requires a physical replacement of the chip at the heart of the Trust Anchor system. A firmware patch will help to offset the risks, but it won’t completely eliminate them. This is the real danger, and it will be difficult for companies, financial institutions and government agencies to properly address this problem.”
A similar research from RedTeam Pentesting revealed that there are potential vulnerabilities in Cisco’s small business routers that could allow a remote attacker to exploit the devices to get sensitive diagnostic data. The German-based security firm stated the discovered vulnerabilities are located in the web-based management interface used for the routers and can be remotely exploitable.
Cisco stated the issue existed in its RV320 and RV325 Dual Gigabit WAN VPN business routers. The researchers at RedTeam stated the flaw CVE-2019-1652 allows attackers with administrative privileges on an affected device to execute arbitrary commands on the system and another flaw CVE-2019-1653 allows intruders to retrieve sensitive information including the router’s configuration file containing MD5 hashed credentials and diagnostic information. It’s found that approximately 9,657 Cisco routers (6,247 RV320 and 3,410 RV325) worldwide are vulnerable to the information disclosure, according to the researchers.