TID-216: Firmware Update Rollbacks Allowed

Threat Description

Firmware updates will oftentimes include fixes to security vulnerabilities, meaning that past versions will contain security threats to the devices. If a threat actor can initiate a firmware update on the device, they may be able to “upgrade” to a previous firmware version with known vulnerabilities. By completing an “upgrade” to a version with vulnerabilities, the threat actor could then potentially exploit that device to gain additional access or privileges.

Threat Maturity and Evidence

Known Exploitable Weakness
China APT Cracks Cisco Firmware in Attacks Against the US and Japan
Threat group BlackTech (Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda) has been performing firmware downgrade attacks. Once the firmware is downgraded, BlackTech can leverage older vulnerabilities to “hot patch old firmware in memory” with custom firmware code. They then can achieve persistence and pivot from “smaller, international subsidiaries to headquarters of affected organizations.”

Proof of Concept
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
“With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version (with malicious content) to bypass the encryption and withdraw cash.”

CWE

CVE

CVE-2018-9099
“Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5” The researches demonstrated this exploit by loading outdated and vulnerable firmware.