Thrangrycat vulnerability discovered in Cisco security products

Researchers have discovered a severe vulnerability within Cisco products.

Researchers at Red Balloon Security have identified a high-risk vulnerability, dubbed as Thrangrycat, that has been impacting a wide range of Cisco products including routers, switches and firewalls utilised by enterprises and government networks.

Thrangrycat, indexed as CVE-2019-1649, is caused by a hardware design flaw in Cisco products within the Trust Anchor module. The Thrangrycat vulnerability allows an attacker to make persistent modifications to the Trust Anchor module (TAm) via remote exploitation. Successful modifications will defeat the boot secure boot process and fain full and persistent access inside the network. Thrangrycat can also be exploited remotely without the need for physical access.

Cybercriminals could use the vulnerability to steal or manipulate data, or even attack other connected devices.

Dr Ang Cui, founder of Red Balloon Security commented:

“This is a significant security weakness which potentially exposes a large number of corporate, government and even military networks to remote attacks.

“We’re talking about tens of millions and devices potentially affected by this vulnerability, many of them located inside sensitive networks. These Cisco products form the backbone of secure communications for these organizations, and yet we can exploit them to permanently own their networks.

“Fixing this problem isn’t easy, because to truly remediate it requires a physical replacement of the chip at the heart of the Trust Anchor system. A firmware patch will help to offset the risks, but it won’t completely eliminate them. This is the real danger, and it will be difficult for companies, financial institutions and government agencies to properly address the problem.”

Since Thrangrycat resides within the hardware design, it is unlikely that a software security patch will completely resolve the vulnerability.

Red Balloon Security are working closely with Cisco’s Product Security Incident Response Team to address the vulnerability.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.