Security researchers uncovered two vulnerabilities in Cisco enterprise routers that could allow hackers to remotely and fully compromise a router's network without alerting the user, Wired reports.
Researchers from Red Balloon tested the vulnerabilities on the Cisco ASR 1001-X router, but noted that the nature of Cisco's security design means it could apply across many Cisco products — full list here.
Here is a breakdown of the two vulnerabilities:
- The first vulnerability affects Cisco's IOS operating system. It allows hackers to gain remote root access, or administrator access, to devices. Cisco announced a patch for this May 13, according to Wired.
- The second vulnerability, which Red Balloon has named with three angry cat emojis or "Thrangrycat," is a hardware flaw that can be exploited remotely. With root access, a hacker can manipulate Cisco's "Trust Anchor module," which is a foundational security framework it uses on routers, firewalls and switches.
- The Trust Anchor module verifies the integrity of a device every time it powers on, and if it detects that something is wrong, it alerts the user and reboots. Thrangrycat bypasses this function, so the user has no indication that they have been hacked.
- The two vulnerabilities together mean "an attacker can remotely and persistently bypass Cisco's secure boot mechanism and lock out all future software updates to the [Trust Anchor module]," according to Red Balloon's vulnerability disclosure.
- This means "it may be possible, with device-specific modifications, to defeat the Trust Anchor on hundreds of millions of Cisco units around the world. That includes everything from enterprise routers to network switches to firewalls," according to Wired.
- Cisco disputes that the two vulnerabilities would affect each other, according to Wired. It plans to issue fixes in the coming months and anticipates having to program them on-premise.
- There is no evidence that this type of hack has been used "in the wild" yet.
Read more here.
More articles on cybersecurity:
Oregon State Hospital alerts patients of phishing attack
Memorial Hermann employee 'improperly' used patients' credit card info
First cybercrime hotline unveiled in Rhode Island