A high-risk vulnerability in Cisco's secure boot process was disclosed earlier this week by Cisco and Red Balloon Security and is believed to have affected an estimate 100 or more devices.
The vulnerability (CVE-2019-1649) is “in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality,” Cisco reported.
Additionally, Cisco reported that another vulnerability (CVE-2019-1862) in the “web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges.”
The vulnerability, called Thrangrycat, affects millions of Cisco devices (including routers, switches and firewalls) and exposes a large number of corporate and government networks to remote attacks, according to Red Balloon Security.
Cisco also noted in regard to the Secure Boot vulnerability that it will release software patches, but there are no workarounds to address the issue.
An attacker could exploit this to gain full and permanent access to those networks. It also can't be fixed with a software patch, so it will be difficult for affected organizations to fully mitigate the threats this poses, according to Red Balloon Security.
“ ..
