Cisco Starts Patching Firmware Bug; Millions of Devices Still Vulnerable

From threatpost.com

cisco secure boot vulnerability

A flaw in the Secure Boot trusted hardware root-of-trust affects enterprise, military and government network gear, including routers, switches and firewalls.

Cisco has issued a handful of firmware releases for a high-severity vulnerability in Cisco’s proprietary Secure Boot implementation that impacts millions of its hardware devices, across the scope of its portfolio.

The patches are the first in a planned series of firmware updates that will roll out in waves from now through the fall – some products will remain unpatched and vulnerable through November.

Secure Boot is the vendor’s trusted hardware root-of-trust, implemented in a wide range of Cisco products in use among enterprise, military and government networks, including routers, switches and firewalls. The bug (CVE-2019-1649) exists in the logic that handles access control to one of the hardware components. It was disclosed last week.

Read more…