CMIT Solutions experts discovered a security flaw in nearly all of Cisco’s networking products manufactured since 2013.
The flaw allows a “backdoor” to be implanted on affected devices. Unauthorized processes are able to update code in the Trusted Anchor module (Cisco’s version of TPM), bypass SecureBoot features, disabling security functionality and locking out future software updates to the TAm.
Cisco documents the flaw here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot.
This vulnerability cannot be exploited remotely, so Cisco has downplayed it. However, security research has linked the vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-webui which does allow remote exploitation of the flaw, using the IOS web interface.
Security researchers believe that these internal flaws in the design make it unlikely that a patch will resolve the issue, making it more important that devices be kept up to date with other security patches, particularly those patches addressing remote code execution. Edge devices will be particularly vulnerable if not patched, and could allow a persistent presence in your, or your clients’ networks.
Contact CMIT Solutions of Stamford with any concerns, or to check if your Cisco devices are up to date and as secure as possible: 203-595-9091 Opt 2.
With Vincent Dentice, CMIT Solutions Marietta GA
