Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Secure Boot Hardware Tampering Vulnerability

cisco-sa-20190513-secureboot · High · Published · Updated

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

Cisco Guide to Harden Cisco IOS Devices ["https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html"] provides information about how to harden the device and secure management access. Implementing the recommendations in this document would reduce the attack surface for this vulnerability.

CVEsCVE-2019-1649
Cisco Bug IDsCSCvn77150, CSCvn77246, CSCvn77162, CSCvn89145, CSCvn77166, CSCvn77159, CSCvn89144, CSCvn77160, CSCvn77158, CSCvn77167, CSCvn77168, CSCvn77169, CSCvn77175, CSCvn89150, CSCvn77180, CSCvn77182, CSCvn77181, CSCvn77183, CSCvn77202, CSCvn77201, CSCvn77207, CSCvn77205, CSCvn77245, CSCvn77143, CSCvn77209, CSCvn77220, CSCvn77185, CSCvn77184, CSCvn77219, CSCvn77248, CSCvn77147, CSCvn77154, CSCvn77155, CSCvn77156, CSCvn77153, CSCvn77152, CSCvn77212, CSCvn77151, CSCvn89146, CSCvn89137, CSCvn89140, CSCvn89138, CSCvn89143, CSCvn77141, CSCvn77249, CSCvp42792, CSCvn77170, CSCvn77171, CSCvn77172, CSCvn77142, CSCvn77191
CVSS ScoreBase 6.7
Base 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco ASR 9000 Series Aggregation Services Routers, Cisco ASA with FirePOWER Services, Cisco ASR 1000 Series Aggregation Services Routers, Cisco ASR 900 Series Aggregation Services Routers, Cisco Nexus 3000 Series Switch, Cisco cBR-8 Converged Broadband Routers, Cisco Network Convergence System 5500 Series, Cisco 5000 Series Enterprise Network Compute System, Cisco NX-OS System Software in ACI Mode, Cisco Catalyst 6800 Series Switches, Cisco Network Convergence System 1000 Series, Cisco Catalyst 9500 Series Switches, Cisco Firepower 2100 Series, Cisco 4000 Series Integrated Services Routers, Cisco 3000 Series Industrial Security Appliances (ISA), Cisco 1000 Series Connected Grid Routers, Cisco 800 Series Industrial Integrated Services Routers, Cisco Nexus 7000 Series Switches, Cisco MDS 9700 Series Multilayer Directors, Cisco Firepower 4100 Series, Cisco Firepower 9000 Series, Cisco IC3000 Industrial Compute Gateway, Cisco ASR 920 Series Aggregation Services Router, Cisco Nexus 9000 Series Switches, Cisco ONS 15454 Series Multiservice Transport Platforms, Cisco Network Convergence System 2000 Series

Related Products

Product CVE Evidence
Cisco Network Convergence System 2000 Series CVE-2019-1649 Cisco OpenVuln
Cisco ONS 15454 Series Multiservice Transport Platforms CVE-2019-1649 Cisco OpenVuln
Cisco ASR 920 Series Aggregation Services Router CVE-2019-1649 Cisco OpenVuln
Cisco MDS 9700 Series Multilayer Directors CVE-2019-1649 Cisco OpenVuln
Cisco 800 Series Industrial Integrated Services Routers CVE-2019-1649 Cisco OpenVuln
Cisco 1000 Series Connected Grid Routers CVE-2019-1649 Cisco OpenVuln
Cisco Catalyst 6800 Series Switches CVE-2019-1649 Cisco OpenVuln
Cisco Catalyst 9500 Series Switches CVE-2019-1649 Cisco OpenVuln
Cisco Nexus 7000 Series Switches CVE-2019-1649 Cisco OpenVuln
Cisco 4000 Series Integrated Services Routers CVE-2019-1649 Cisco OpenVuln
Cisco Firepower 4100 Series CVE-2019-1649 Cisco OpenVuln
Cisco Firepower 9000 Series CVE-2019-1649 Cisco OpenVuln
Cisco 3000 Series Industrial Security Appliances (ISA) CVE-2019-1649 Cisco OpenVuln
Cisco Firepower 2100 Series CVE-2019-1649 Cisco OpenVuln
Cisco Nexus 9000 Series Switches CVE-2019-1649 Cisco OpenVuln
Cisco NX-OS System Software in ACI Mode CVE-2019-1649 Cisco OpenVuln
Cisco Nexus 3000 Series Switch CVE-2019-1649 Cisco OpenVuln
Cisco Network Convergence System 5500 Series CVE-2019-1649 Cisco OpenVuln
Cisco Network Convergence System 1000 Series CVE-2019-1649 Cisco OpenVuln
Cisco IC3000 Industrial Compute Gateway CVE-2019-1649 Cisco OpenVuln
Cisco cBR-8 Converged Broadband Routers CVE-2019-1649 Cisco OpenVuln
Cisco ASR 9000 Series Aggregation Services Routers CVE-2019-1649 Cisco OpenVuln
Cisco ASR 900 Series Aggregation Services Routers CVE-2019-1649 Cisco OpenVuln
Cisco ASR 1000 Series Aggregation Services Routers CVE-2019-1649 Cisco OpenVuln
Cisco ASA with FirePOWER Services CVE-2019-1649 Cisco OpenVuln
Cisco 5000 Series Enterprise Network Compute System CVE-2019-1649 Cisco OpenVuln