A flaw in the Secure Boot trusted hardware root-of-trust affects enterprise, military and government network gear, including routers, switches and firewalls.
Cisco has issued a handful of firmware releases for a high-severity vulnerability in Cisco’s proprietary Secure Boot implementation that impacts millions of its hardware devices, across the scope of its portfolio.
The patches are the first in a planned series of firmware updates that will roll out in waves from now through the fall – some products will remain unpatched and vulnerable through November.
Secure Boot is the vendor’s trusted hardware root-of-trust, implemented in a wide range of Cisco products in use among enterprise, military and government networks, including routers, switches and firewalls. The bug (CVE-2019-1649) exists in the logic that handles access control to one of the hardware components. It was disclosed last week.