← Back

CVE-2018-0362

nvd nist
Published: Jun 21, 2018Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability: 0.9 / Impact: 3.4
Source: NVD

Description

A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. Cisco Bug IDs: CSCvh83260.

Affected (21)

Cisco
21 products
5400 Enterprise Network Compute System Firmware
5100 Enterprise Network Compute System Firmware
Ucs E160s M3 Firmware
Ucs E160s K9 Firmware
Ucs E180d M3 Firmware
Ucs E1120d M3 Firmware
Ucs E1120d K9 Firmware
Ucs E140s M2 Firmware
Ucs E160d M2 Firmware
Ucs E180d M2 Firmware
Ucs E180d K9 Firmware
Ucs E140s M1 Firmware
Ucs E140s K9 Firmware
Ucs E160d M1 Firmware
Ucs E160d K9 Firmware
Ucs E160dp M1 Firmware
Ucs E160dp K9 Firmware
Ucs E140d M1 Firmware
Ucs E140d K9 Firmware
Ucs E140dp M1 Firmware
Ucs E140dp K9 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
5400 Enterprise Network Compute System Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
5400 Enterprise Network Compute System
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
5100 Enterprise Network Compute System Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
5100 Enterprise Network Compute System
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E160s M3 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E160s M3
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E160s K9 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E160s K9
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E180d M3 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E180d M3
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E1120d M3 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E1120d M3
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E1120d K9 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E1120d K9
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E140s M2 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E140s M2
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E160d M2 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E160d M2
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E180d M2 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E180d M2
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E180d K9 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E180d K9
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E140s M1 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E140s M1
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E140s K9 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E140s K9
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E160d M1 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E160d M1
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E160d K9 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E160d K9
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E160dp M1 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E160dp M1
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E160dp K9 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E160dp K9
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E140d M1 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E140d M1
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E140d K9 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E140d K9
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E140dp M1 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E140dp M1
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ucs E140dp K9 Firmware
Version 3.2(3)
Running on/withPlatform Versions
Cisco
Ucs E140dp K9
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.