Thrangrycat – Flaws in Millions of Cisco Devices Let Hackers Remotely Bypass Cisco Device Security Future

Two critical vulnerabilities named as Thrangrycat affected millions of Cisco products that deployed in private and government entities allow hackers to bypass Cisco’s secure boot mechanism called Trust Anchor module (TAm).

Cisco Trust Anchor module (TAm) proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls and it helps to ensure the code running on Cisco hardware platforms is authentic and unmodified.

The pair of vulnerabilities named as Thrangrycat also know as 😾😾😾 affected Cisco products due to critical hardware design flaw within Cisco’s Trust Anchor module.

Remote Attack without Physical Access

Initially, Attackers using 😾😾😾 (Pronounce as Thrangrycat) bypass Cisco’s Trust Anchor module (TAm) via Field Programmable Gate Array (FPGA) bitstream manipulation, later they use the remote command injection flaw against Cisco IOS XE version 6 to gain the root access.

Attackers chaining the both vulnerabilities attacker can remotely bypass Cisco’s secure boot mechanism and also attackers lock out all future software updates to the Cisco’s Trust Anchor module (TAm).

😾😾😾 vulnerability can be remotely exploited without any physical access and the vulnerability has been successfully tested with Cisco ASR 1001-X router.

According to Red Balloon security report, an attacker with root privileges on the device can modify the contents of the FPGA anchor bitstream, which is stored unprotected in flash memory.

Elements of this bitstream can be modified to disable critical functionality in the TAm. Successful modification of the bitstream is persistent, and the Trust Anchor will be disabled in subsequent boot sequences. It is also possible to lock out any software updates to the TAm’s bitstream.

This vulnerability was initially reported to the Cisco Product Security Incident Response Team (PSIRT) on November 8, 2018 and Cisco
released a small update for this vulnerability and the further update will become available in future Cisco updates.

“Since 😾😾😾 is fundamentally a hardware design flaw, we believe it will be very difficult, if not impossible to fully resolve this vulnerability via a software patch, “Red Balloon Security said.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Related Read

Cisco Fixed Routers Vulnerabilities that Allows Hackers to Run Remote Code with Root Access

Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub

Unpatched Critical Flaw in Cisco Small Business Switches Allows Attackers to Bypass User Authentication


BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Burp Suite 2023.6 Released – What’s New!

PortSwigger released a brand-new version of Burp Suite 2023.6 that is intended for both Professional…

15 hours ago

North Korean Hackers Mimic Journalists To Steal Credentials From Organizations

The North Korean APT group Kimsuky has been running a social engineering operation that targets experts…

1 day ago

Over 60,000 Android Apps Silently Install Malware on Devices

Recently, cybersecurity researchers uncovered that over 60,000 Android applications had been stealthily disguised as genuine…

1 day ago

Google Chrome Zero-Day Vulnerability Exploited Widely – Urgent Update

Google has recently taken prompt security measures by releasing a security update for its Chrome…

2 days ago

MOVEit Hack – BBC, British Airways Employees Contact and Financial Data Exposed

A major MOVEit Hack has impacted many businesses, notably the BBC, British Airways, Boots, and…

2 days ago

10 Best Vulnerability Scanner Tools For Penetration Testing – 2023

A Vulnerability Scanner Tools is one of the essential tools in IT departments Since vulnerabilities…

2 days ago