Thrangrycat Vulnerability Affects Millions of Cisco Devices

A flaw in Cisco IOS XE software coupled with an enabled HTTP Server feature could allow a threat actor to perform a severe privilege escalation attack and ultimately complete system compromise. This vulnerability has been named Thrangrycat by Red Balloon Security researchers and designated CVE-2019-1862. Thrangrycat has been given a low exploitability score due to its complexity; however, it can cause significant harm if successful. According to researchers, the danger lies in the millions of devices supporting vulnerable networks, allowing an attack to bypass rigorous security defenses. The NJCCIC highly advises patching systems as updates are made available. For more information and technical details please review Cisco’s advisory and Business Wire’s article.

AdvisoryNJCCICcisco