There is a newly discovered vulnerability in multiple Cisco networking devices. Known as the Cisco Boot Hardware Vulnerability, this problem has been found in the logic that handles access control to one of the hardware components in Cisco’s Secure Boot implementation. It all the conditions are met, an authenticated local attacker can write a modified firmware image to the component.
Impact for ALI Clients
For those clients on ALI Managed IT Services, our engineering team will be proactively patching and addressing the Cisco Boot Hardware Vulnerability on impacted equipment under management. This will happen as patches are released from Cisco.
For our other clients, we are providing notification and resource links. If you would like assistance assessing or remediating your vulnerability, our team can be scheduled to take care of these issues.Request Support
In our opinion, there is some good news. In order for an attacker to succeed, they have to fulfill 3 conditions that start with privilege administrative access to the device.
That’s something most IT personnel can control with good password practices. That is not to say it is impossible for that password to be stolen and exploited, but good password hygiene goes a long way. In addition to the password, the hacker must also:
- Access the underlying operating system running on the device. This can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide access.
- Develop or have access to a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a specific hardware type is unlikely to work on different hardware.
The list of products affected by this vulnerability is fall into the categories of:
- Network Content & Security Devices (e.g. Cisco ASA & Firepower series)
- Routing & Switching
- Voice & Unified Communication Devices