Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1649

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.

Published

2019-05-13T19:29:01.520

Last Modified

2024-11-21T04:37:00.627

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-667

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	asa_5500_firmware	< 1.1.15	Yes
Hardware	cisco	asa_5506-x	-	No
Hardware	cisco	asa_5506h-x	-	No
Hardware	cisco	asa_5506w-x	-	No
Hardware	cisco	asa_5508-x	-	No
Hardware	cisco	asa_5516-x	-	No
Operating System	cisco	firepower_2100_firmware	< 2.6.1.134	Yes
Hardware	cisco	firepower_2110	-	No
Hardware	cisco	firepower_2120	-	No
Hardware	cisco	firepower_2130	-	No
Hardware	cisco	firepower_2140	-	No
Operating System	cisco	firepower_4000_firmware	< 1.0.18	Yes
Hardware	cisco	firepower_4110	-	No
Hardware	cisco	firepower_4120	-	No
Hardware	cisco	firepower_4140	-	No
Hardware	cisco	firepower_4150	-	No
Operating System	cisco	firepower_9000_firmware	< 1.0.18	Yes
Hardware	cisco	firepower_9300	-	No
Operating System	cisco	ons_15454_mstp_firmware	< 11.1	Yes
Hardware	cisco	ons_15454_mstp	-	No
Operating System	cisco	analog_voice_network_interface_modules_firmware	*	Yes
Hardware	cisco	nim-2bri-nt\/te	-	No
Hardware	cisco	nim-2fox	-	No
Hardware	cisco	nim-2fxs	-	No
Hardware	cisco	nim-2fxs\/4fxo	-	No
Hardware	cisco	nim-2fxs\/4fxop	-	No
Hardware	cisco	nim-2fxsp	-	No
Hardware	cisco	nim-4bri-nt\/te	-	No
Hardware	cisco	nim-4e\/m	-	No
Hardware	cisco	nim-4fxo	-	No
Hardware	cisco	nim-4fxs	-	No
Hardware	cisco	nim-4fxsp	-	No
Operating System	cisco	integrated_services_router_t1\/e1_voice_and_wan_network_interface_modules_firmware	*	Yes
Hardware	cisco	nim-1ce1t1-pri	-	No
Hardware	cisco	nim-1mft-t1\/e1	-	No
Hardware	cisco	nim-2ce1t1-pri	-	No
Hardware	cisco	nim-2mft-t1\/e1	-	No
Hardware	cisco	nim-4mft-t1\/e1	-	No
Hardware	cisco	nim-8ce1t1-pri	-	No
Hardware	cisco	nim-8mft-t1\/e1	-	No
Operating System	cisco	supervisor_a\+_firmware	*	Yes
Hardware	cisco	n9k-sup-a\+	-	No
Operating System	cisco	supervisor_b\+_firmware	*	Yes
Hardware	cisco	n9k-sup-b\+	-	No
Operating System	cisco	15454-m-wse-k9_firmware	< 11.1	Yes
Hardware	cisco	15454-m-wse-k9	-	No
Operating System	cisco	ios_xe	< 16.12.1	Yes
Hardware	cisco	cbr-8_converged_broadband_router	-	No
Operating System	cisco	ios_xe	< 16.3.9	Yes
Operating System	cisco	ios_xe	< 16.6.7	Yes
Operating System	cisco	ios_xe	< 16.9.4	Yes
Operating System	cisco	ios_xe	< 16.12.1	Yes
Hardware	cisco	nim-1ge-cu-sfp	-	No
Hardware	cisco	nim-2ge-cu-sfp	-	No
Hardware	cisco	sm-x-pvdm-1000	-	No
Hardware	cisco	sm-x-pvdm-2000	-	No
Hardware	cisco	sm-x-pvdm-3000	-	No
Hardware	cisco	sm-x-pvdm-500	-	No
Operating System	cisco	ios	< 15.6\(3\)m7	Yes
Operating System	cisco	ios	≤ 15.7\(3\)m5	Yes
Operating System	cisco	ios	< 15.8\(3\)m3	Yes
Operating System	cisco	ios	< 15.9\(3\)m	Yes
Hardware	cisco	1120_connected_grid_router	-	No
Hardware	cisco	1240_connected_grid_router	-	No
Operating System	cisco	industrial_security_appliances_3000_firmware	< 1.0.05	Yes
Hardware	cisco	industrial_security_appliances_3000	-	No
Operating System	cisco	integrated_services_router_4200_firmware	< 1.1	Yes
Hardware	cisco	4221_integrated_services_router	-	No
Operating System	cisco	integrated_services_router_4300_firmware	< 1.1	Yes
Hardware	cisco	4321_integrated_services_router	-	No
Hardware	cisco	4331_integrated_services_router	-	No
Hardware	cisco	4351_integrated_services_router	-	No
Operating System	cisco	integrated_services_router_4400_firmware	< 1.1	Yes
Hardware	cisco	4431_integrated_services_router	-	No
Hardware	cisco	44461_integrated_services_router	-	No
Hardware	cisco	4451-x_integrated_services_router	-	No
Operating System	cisco	ios	< 15.6\(3\)m6b	Yes
Operating System	cisco	ios	≤ 15.7\(3\)m4b	Yes
Operating System	cisco	ios	< 15.8\(3\)m2a	Yes
Hardware	cisco	809_industrial_integrated_services_routers	-	No
Hardware	cisco	829_industrial_integrated_services_routers	-	No
Operating System	cisco	asr_1000_series_firmware	*	Yes
Hardware	cisco	asr_1000-esp100	-	No
Hardware	cisco	asr_1000_series	-	No
Hardware	cisco	asr1000-2t\+20x1ge	-	No
Hardware	cisco	asr1000-6tge	-	No
Hardware	cisco	asr1000-esp200	-	No
Hardware	cisco	asr1000-mip100	-	No
Hardware	cisco	asr1000-rp3	-	No
Operating System	cisco	asr_1001_firmware	16.0.0	Yes
Hardware	cisco	asr_1001-hx	-	No
Hardware	cisco	asr_1001-x	-	No
Hardware	cisco	asr_1002-hx	-	No
Operating System	cisco	ios_xe	< 16.2.1	Yes
Hardware	cisco	a900-rsp2a-128	-	No
Hardware	cisco	a900-rsp2a-64	-	No
Hardware	cisco	a900-rsp3c-200	-	No
Hardware	cisco	a900-rsp3c-400\/w	-	No
Hardware	cisco	asr-920-10sz-pd	-	No
Hardware	cisco	asr-920-12cz-a	-	No
Hardware	cisco	asr-920-12cz-d	-	No
Hardware	cisco	asr-920-12sz-a	-	No
Hardware	cisco	asr-920-12sz-d	-	No
Hardware	cisco	asr-920-12sz-im-cc	-	No
Hardware	cisco	asr-920-24sz-m	-	No
Hardware	cisco	asr-920-24tz-im	-	No
Hardware	cisco	asr-920-24tz-m	-	No
Hardware	cisco	asr-920-4sz-a	-	No
Hardware	cisco	asr-920-4sz-d	-	No
Hardware	cisco	c9300-24p	-	No
Hardware	cisco	c9300-24t	-	No
Hardware	cisco	c9300-24u	-	No
Hardware	cisco	c9300-24ux	-	No
Hardware	cisco	c9300-48p	-	No
Hardware	cisco	c9300-48t	-	No
Hardware	cisco	c9300-48u	-	No
Hardware	cisco	c9300-48un	-	No
Hardware	cisco	c9300-48uxm	-	No
Hardware	cisco	catalyst_9600_supervisor_engine-1	-	No
Hardware	cisco	cbr-ccap-lc-40g-r	-	No
Hardware	cisco	cbr-lc-8d31-16u31	-	No
Operating System	cisco	ios_xr	7.0.1	Yes
Hardware	cisco	a99-16x100ge-x-se	-	No
Hardware	cisco	a99-32x100ge-cm	-	No
Hardware	cisco	a99-32x100ge-tr	-	No
Hardware	cisco	a99-rp3-se	-	No
Hardware	cisco	a99-rp3-tr	-	No
Hardware	cisco	a9k-16x100ge-cm	-	No
Hardware	cisco	a9k-16x100ge-tr	-	No
Hardware	cisco	a9k-rsp5-se	-	No
Hardware	cisco	a9k-rsp5-tr	-	No
Hardware	cisco	network_convergence_system_1002	-	No
Operating System	cisco	ios_xe	< 15.5\(1\)sy4	Yes
Hardware	cisco	c6800-16p10g-xl	-	No
Hardware	cisco	c6800-32p10g-xl	-	No
Hardware	cisco	c6800-8p10g-xl	-	No
Hardware	cisco	c6800-8p40g-xl	-	No
Hardware	cisco	c6800-sup6t-xl	-	No
Hardware	cisco	c6816-x-le	-	No
Hardware	cisco	c6824-x-le-40g	-	No
Hardware	cisco	c6832-x-le	-	No
Hardware	cisco	c6840-x-le-40g	-	No
Operating System	cisco	ios_xe	< 16.9.4	Yes
Operating System	cisco	ios_xe	< 16.12.1	Yes
Hardware	cisco	c9500-12q	-	No
Hardware	cisco	c9500-16x	-	No
Hardware	cisco	c9500-24q	-	No
Hardware	cisco	c9500-24y4c	-	No
Hardware	cisco	c9500-32c	-	No
Hardware	cisco	c9500-32qc	-	No
Hardware	cisco	c9500-40x	-	No
Hardware	cisco	c9500-48y4c	-	No
Operating System	cisco	catalyst_9800-40_wireless_controller_firmware	-	Yes
Hardware	cisco	catalyst_9800-40_wireless_controller	-	No
Operating System	cisco	catalyst_9800-80_wireless_controller_firmware	-	Yes
Hardware	cisco	catalyst_9800-80_wireless_controller	-	No
Operating System	cisco	ic3000-k9_firmware	< 1.0.2	Yes
Hardware	cisco	ic3000-k9	-	No
Operating System	cisco	nx-os	< 8.4.1	Yes
Hardware	cisco	ds-x9334-k9	-	No
Operating System	cisco	ncs2k-mr-mxp-k9_firmware	< 11.1	Yes
Hardware	cisco	ncs2k-mr-mxp-k9	-	No
Operating System	cisco	ios_xr	7.1.1	Yes
Hardware	cisco	nc55-24h12f-se	-	No
Hardware	cisco	nc55-36x100g-a-se	-	No
Hardware	cisco	nc55-36x100g-s	-	No
Hardware	cisco	nc55-5504-fc	-	No
Hardware	cisco	nc55-5516-fc	-	No
Hardware	cisco	nc55-6x200-dwdm-s	-	No
Hardware	cisco	nc55-mod-a-s	-	No
Hardware	cisco	ncs-5501	-	No
Hardware	cisco	ncs-5501-se	-	No
Hardware	cisco	ncs-5502	-	No
Hardware	cisco	ncs-5502-se	-	No
Hardware	cisco	ncs-55a1-24h	-	No
Hardware	cisco	ncs-55a1-36h-s	-	No
Hardware	cisco	ncs-55a1-36h-se	-	No
Hardware	cisco	ncs-55a2-mod-hd-s	-	No
Hardware	cisco	ncs-55a2-mod-hx-s	-	No
Hardware	cisco	ncs-55a2-mod-s	-	No
Hardware	cisco	ncs-55a2-mod-se-h-s	-	No
Hardware	cisco	ncs-55a2-mod-se-s	-	No
Hardware	cisco	network_convergence_system_5001	-	No
Hardware	cisco	network_convergence_system_5002	-	No
Operating System	cisco	nx-os	< 9.3\(2\)	Yes
Hardware	cisco	n3k-c31108pc-v	-	No
Hardware	cisco	n3k-c31108tc-v	-	No
Hardware	cisco	n3k-c3132c-z	-	No
Hardware	cisco	n3k-c3264c-e	-	No
Hardware	cisco	n9k-c92300yc	-	No
Hardware	cisco	n9k-c93108tc-ex	-	No
Hardware	cisco	n9k-c93108tc-fx	-	No
Hardware	cisco	n9k-c93180lc-ex	-	No
Hardware	cisco	n9k-c93180yc-ex	-	No
Hardware	cisco	n9k-c93180yc-fx	-	No
Hardware	cisco	n9k-c93240yc-fx2	-	No
Hardware	cisco	n9k-c9348gc-fxp	-	No
Operating System	cisco	nx-os	< 8.4.1	Yes
Hardware	cisco	ds-x9648-1536k9	-	No
Hardware	cisco	n3k-c3264c-e	-	No
Hardware	cisco	n77-m312cq-26l	-	No
Hardware	cisco	n77-m348xp-23l	-	No
Hardware	cisco	n77-sup3e	-	No
Hardware	cisco	n7k-m324fq-25l	-	No
Hardware	cisco	n7k-m348xp-25l	-	No
Operating System	cisco	sm-x-1t3\/e3_firmware	-	Yes
Hardware	cisco	sm-x-1t3\/e3	-	No
Operating System	cisco	encs_5100_firmware	-	Yes
Hardware	cisco	encs_5100	-	No
Operating System	cisco	encs_5400_firmware	-	Yes
Hardware	cisco	encs_5400	-	No

References

http://www.securityfocus.com/bid/108350 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot Vendor Advisory ([email protected])
https://www.kb.cert.org/vuls/id/400865 Third Party Advisory, US Government Resource ([email protected])
https://www.us-cert.gov/ics/advisories/icsa-20-072-03 Third Party Advisory, US Government Resource ([email protected])
http://www.securityfocus.com/bid/108350 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/400865 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.us-cert.gov/ics/advisories/icsa-20-072-03 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)