Cisco: Secure Boot can be bypassed on some routers, vulnerability to RADIUS gap
Attackers are able to insert manipulated software into some Cisco routers. The developers are checking which devices are affected by the RADIUS gap.
(Image: heise online)
With some routers from network equipment manufacturer Cisco, the Secure Boot protection mechanism can be bypassed, allowing attackers to compromise devices with malicious code. However, this is not possible without further ado.
Major hurdle
As the developers explain in a warning message, an attacker must already have root rights to do this. In such a position, attackers already have a free pass and can basically do whatever they want.
If this requirement is met, attackers can manipulate the system configurations and bypass integrity checks due to an error in the software creation process (CVE-2024-20456"medium"). They can then install an image prepared with malicious code on the device, for example. Cisco states that only the following routers with IOS XR 24.2.1 are at risk:
- 8000 Series Routers
- NCS 1010 Series Routers
- NCS 1014 Series Routers
- NCS 540 Series Routers with NCS540L images
- NCS 5700 Fixed
- Port Series Routers (NCS-57C3-MOD-S and NCS-57C3-MOD-SE-S are not affected)
To secure devices, admins must install IOS-XR release 24.2.11.
Blast RADIUS
A vulnerability (CVE-2024-3596"high") in the network authentication protocol RADIUS allows attackers to connect as a man-in-the-middle. Due to the vulnerability, an attacker can log in with any privileges without a password. The vulnerability affects clients and servers.
Cisco states that it is currently investigating which products from its own portfolio are affected. The products currently being tested include Catalyst Center adaptive security appliances, IOS software and wireless LAN controllers. However, there are currently no results and the network supplier intends to update the warning later.
(des)
