After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them.

Red Balloon Security, Inc. is disclosing two vulnerabilities affecting the products of Cisco Systems, Inc. (“Cisco”). The first, known as 😾😾😾, allows an attacker to fully bypass Cisco’s Trust Anchor module (TAm) via Field Programmable Gate Array (FPGA) bitstream manipulation. The second is a remote command injection vulnerability against Cisco IOS XE version 16 that allows remote code execution as root. By chaining the 😾😾😾 and remote command injection vulnerabilities, an attacker can remotely and persistently bypass Cisco’s secure boot mechanism and lock out all future software updates to the TAm.