CVE-2019-1649:Secure Boot Tampering,also known as Thrangrycat The logic that handles the access controls to TAm within Cisco's Secure Boot improperly checks an area of code that manages the Field Programmable Gate Array(FPGA). The TAm is a proprietary hardware chip used for many security services within Cisco products,including nonvolatile secure storage,cryptography services,and as a Secure Unit Device Identifier. The TAm can be bypassed by modifying the bitstream of the FPGA,allowing an authenticated,local attacker to make persistent modification to the TAm. CVE-2019-1862:IOS XE Web UI Command Injection The web user interface of Cisco IOS XE improperly sanitizes user-supplied input. This could allow an authenticated,remote attacker to execute commands as root on the underlying Linux shell.
Support the originator by clicking the read the rest link below.
