What is ThrangryCat Vulnerability?
Are there Cisco Systems devices on your network? If so, you should be aware of some recent news. Security firm Red Balloon discovered a severe vulnerability dubbed Thrangrycat that allows backdoor entry into your network via Cisco products that can create catastrophic damage to your organization’s network infrastructure.
The vulnerability in question affects millions of Cisco devices including routers, switches, firewalls, as well as voice & unified communication devices that support the Trust Anchor module (TAm). Cisco TAm serves as the root of trust and accounts for the entire security surface of a given Cisco device, including validation services. Thrangrycat allows attackers that possess root privileges to modify TAm via FPGA bitstream modification and subsequently disable the secure boot process for subsequent boot sequences thus nullifying root stature.
Thrangrycat can also exploit another vulnerability linked to the user interface of the Cisco IOS XE software. An attacker can first exploit the web-user interface vulnerability to gain administrative access to the underlying device shell and unleash Thrangrycat on TAm. Additionally, researchers have pointed out that attackers can exploit Thrangrycat and chain other vulnerabilities. IDS/IPS systems can’t detect or block such an attack, so imagine the extent of the damage that could result if the attack surface is a large corporate, government, or military network.
Long-Term and Short-Term Fixes for ThrangryCat Flaw
Classified as high severity, Cisco is releasing software updates to address this vulnerability. While researchers feel, only a hardware replacement can be a long-term fix, FPGA upgrades seem to be the only short term fix available. Upgrading the FPGA across a multi-platform Cisco infrastructure is a daunting task with each platform having a different method of procedure. This includes a different set of CLIs for pre-checks, activation of new packages and post-checks across multiple devices. Additionally, a set of manual approval processes will further add to the delay.
While the upgrade process is going to be tedious, identification of the affected network devices in complex networks presents another challenge. This calls for a platform that integrates with PSIRT systems on the vendor side, identifies the affected network base and delivers automated software upgrades.
Software & FPGA upgrades are easy with ATOM’s Workflow Automation
Anuta Networks ATOM platform helps administrators automate the difficult process of software and FPGA upgrades. Given its open and highly scalable platform, ATOM integrates with PSIRT systems using APIs such as Cisco PSIRT openVuln API, extracts the necessary CVRF files, analyzes the vulnerabilities and runs compliance checks against the networks in question to assess and notify the attack surface.
Using the ATOM’s low-code automation, network teams can create workflows for FPGA and other software upgrades. The workflow editor in ATOM also allows drag and drop of pre-checks, approval calls to OSS/BSS or ITSM tools such as ServiceNow, upgrade tasks upon approval and post-checks to ensure a successful upgrade. ATOM’s extensible microservices platform supports 45+ vendors and 150+ platforms, helping manage the complexity of multi-vendor/multi-platform environments.
With ATOM, organizations can manage simultaneous upgrades of thousands of devices across their network. Finally, with its compliance feature, ATOM periodically audits a multitude of networks, ensuring configuration and software image consistency across the entire domain for not only Thrangycat but a host of future vulnerabilities.
With Anuta ATOM, organizations have a vigilant platform which bridges the gap between the vendor and customer networks, helps to improve the time-to-resolution and ensure no compromise of networks in the event of any attacks or exposed vulnerabilities.