Millions of Cisco devices used by corporate, government and military networks contain a logic vulnerability in their Secure Boot process that could allow local, authenticated actors to bypass and disable critical functionality in the Trust Anchor hardware module (TAm) – the bedrock upon which all other trusted computing mechanisms within the devices are built.
The hardware tampering flaw is officially designated as CVE-2019-1649, but researchers from Red Balloon who made the discovery refer to it as Thrangrycat, or as a series of emojis expressed as "????????????." Adversaries who exploit the issue could also potentially lock out software updates to the TAm's bitstream.
Malicious actors could even execute a remote attack if they combine Thrangrycat with any number of command injection or privilege escalation exploits. For instance, malicious actors might take advantage of CVE-2019-1862, a newly reported command injection vulnerability that Red Balloon researchers also discovered in Cisco's IOS EX operating system.
Cisco on Monday issued a software update to remedy the IOS EX bug, and also began issuing firmware and software patches for Thrangrycat, with updates slated for distribution over a time period ranging from May through November 2019, depending on the product. As of May 14, a Cisco-issued security advisory lists 133 products affected by Thrangrycat, including network and content security devices, routers, switches, firewalls and voice and unified communication devices.
But a true fix may not be as simple as applying a patch, according to Ang Cui, founder and chief scientist of Red Balloon Security, who discovered the vulnerability along with colleagues Jatin Kataria and Richard Housley.
"Fixing this problem isn't easy, because to truly remediate it requires a physical replacement of the chip at the heart of the Trust Anchor system," said Cui in a company press release. "A firmware patch will help to offset the risks, but it won't completely eliminate them. This is the real danger, and it will be difficult for companies, financial institutions and government agencies to properly address this problem."
According to a Thrangrycat informational web page created by Red Balloon, ???????????? "allows an attacker to make persistent modification to the Trust Anchor module [TAm] via FPGA [Field Programmable Gate Array hardware circuit] bitstream modification, thereby defeating the Secure Boot process and invalidating Cisco's chain of trust at its root."
A Cisco product description web page said that Secure Boot "helps ensure that the code running on Cisco hardware platforms is authentic and unmodified." Every time a device resets, the Secure Boot process performs this validation via the TAm, which alerts the user and reboots the device as a security measure if it ever detects a modified bootloader (the program that loads the operating system).
But upon exploiting Thrangrycat, an attacker with root privileges "can modify the contents of the FPGA anchor bitstream, which is stored unprotected in flash memory," Red Balloon's ???????????? description explained. "Elements of this bitstream can be modified to disable critical functionality in the TAm. Successful modification of the bitstream is persistent, and the Trust Anchor will be disabled in subsequent boot sequences."
Red Balloon said it developed a series of Thrangrycat-based bitstream manipulation techniques that "present a range of potential applications for persistent FPGA implants, physical destruction of embedded systems, and attacks against FPGA-based systems, such as software-defined radios, advanced automotive driver assist modules, weapon guidance systems, and more."
The IOS EX command injection vulnerability, discovered by Red Balloon's James Chambers, exists due to improper sanitization of user-supplier input, a Cisco advisory explains. The flaw could allow authenticated remote attackers to execute arbitrary commands, with root privileges, on the underlying Linux shell of affected devices, resulting in system compromise. "An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form," the advisory said.
Red Balloon reported both bugs to Cisco on Nov. 8, 2018.