CVE-2019-1649
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.
Affected (43)
Products: Cisco: Asa 5500 Firmware, Firepower 2100 Firmware, Firepower 4000 Firmware, Firepower 9000 Firmware, Ons 15454 Mstp Firmware, Analog Voice Network Interface Modules Firmware, Integrated Services Router T1/e1 Voice And Wan Network Interface Modules Firmware, Supervisor A+ Firmware, Supervisor B+ Firmware, 15454 M Wse K9 Firmware, Ios Xe, Ios, Industrial Security Appliances 3000 Firmware, Integrated Services Router 4200 Firmware, Integrated Services Router 4300 Firmware, Integrated Services Router 4400 Firmware, Asr 1000 Series Firmware, Asr 1001 Firmware, Ios Xr, Catalyst 9800 40 Wireless Controller Firmware, Catalyst 9800 80 Wireless Controller Firmware, Ic3000 K9 Firmware, Ncs2k Mr Mxp K9 Firmware, Nx Os, Sm X 1t3/e3 Firmware, Encs 5100 Firmware, Encs 5400 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.1.15 |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5506 X | All versions |
Cisco Asa 5506h X | All versions |
Cisco Asa 5506w X | All versions |
Cisco Asa 5508 X | All versions |
Cisco Asa 5516 X | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.6.1.134 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower 2110 | All versions |
Cisco Firepower 2120 | All versions |
Cisco Firepower 2130 | All versions |
Cisco Firepower 2140 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.18 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower 4110 | All versions |
Cisco Firepower 4120 | All versions |
Cisco Firepower 4140 | All versions |
Cisco Firepower 4150 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.18 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower 9300 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ons 15454 Mstp | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nim 2bri Nt/te | All versions |
Cisco Nim 2fox | All versions |
Cisco Nim 2fxs | All versions |
Cisco Nim 2fxs/4fxo | All versions |
Cisco Nim 2fxs/4fxop | All versions |
Cisco Nim 2fxsp | All versions |
Cisco Nim 4bri Nt/te | All versions |
Cisco Nim 4e/m | All versions |
Cisco Nim 4fxo | All versions |
Cisco Nim 4fxs | All versions |
Cisco Nim 4fxsp | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nim 1ce1t1 Pri | All versions |
Cisco Nim 1mft T1/e1 | All versions |
Cisco Nim 2ce1t1 Pri | All versions |
Cisco Nim 2mft T1/e1 | All versions |
Cisco Nim 4mft T1/e1 | All versions |
Cisco Nim 8ce1t1 Pri | All versions |
Cisco Nim 8mft T1/e1 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco N9k Sup A+ | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco N9k Sup B+ | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco 15454 M Wse K9 | All versions |
Configuration K
Configuration L
Configuration M
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.05 |
| Running on/with | Platform Versions |
|---|---|
Cisco Industrial Security Appliances 3000 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco 4221 Integrated Services Router | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco 4321 Integrated Services Router | All versions |
Cisco 4331 Integrated Services Router | All versions |
Cisco 4351 Integrated Services Router | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco 4431 Integrated Services Router | All versions |
Cisco 44461 Integrated Services Router | All versions |
Cisco 4451 X Integrated Services Router | All versions |
Configuration R
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Asr1000 2t+20x1ge | All versions |
Cisco Asr1000 6tge | All versions |
Cisco Asr1000 Esp200 | All versions |
Cisco Asr1000 Mip100 | All versions |
Cisco Asr1000 Rp3 | All versions |
Cisco Asr 1000 Esp100 | All versions |
Cisco Asr 1000 Series | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Version 16.0.0 |
| Running on/with | Platform Versions |
|---|---|
Cisco Asr 1001 Hx | All versions |
Cisco Asr 1001 X | All versions |
Cisco Asr 1002 Hx | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 16.2.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco A900 Rsp2a 128 | All versions |
Cisco A900 Rsp2a 64 | All versions |
Cisco A900 Rsp3c 200 | All versions |
Cisco A900 Rsp3c 400/w | All versions |
Cisco Asr 920 10sz Pd | All versions |
Cisco Asr 920 12cz A | All versions |
Cisco Asr 920 12cz D | All versions |
Cisco Asr 920 12sz A | All versions |
Cisco Asr 920 12sz D | All versions |
Cisco Asr 920 12sz Im Cc | All versions |
Cisco Asr 920 24sz M | All versions |
Cisco Asr 920 24tz Im | All versions |
Cisco Asr 920 24tz M | All versions |
Cisco Asr 920 4sz A | All versions |
Cisco Asr 920 4sz D | All versions |
Cisco C9300 24p | All versions |
Cisco C9300 24t | All versions |
Cisco C9300 24u | All versions |
Cisco C9300 24ux | All versions |
Cisco C9300 48p | All versions |
Cisco C9300 48t | All versions |
Cisco C9300 48u | All versions |
Cisco C9300 48un | All versions |
Cisco C9300 48uxm | All versions |
Cisco Catalyst 9600 Supervisor Engine 1 | All versions |
Cisco Cbr Ccap Lc 40g R | All versions |
Cisco Cbr Lc 8d31 16u31 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco A99 16x100ge X Se | All versions |
Cisco A99 32x100ge Cm | All versions |
Cisco A99 32x100ge Tr | All versions |
Cisco A99 Rp3 Se | All versions |
Cisco A99 Rp3 Tr | All versions |
Cisco A9k 16x100ge Cm | All versions |
Cisco A9k 16x100ge Tr | All versions |
Cisco A9k Rsp5 Se | All versions |
Cisco A9k Rsp5 Tr | All versions |
Cisco Network Convergence System 1002 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 15.5\(1\)sy4 |
| Running on/with | Platform Versions |
|---|---|
Cisco C6800 16p10g Xl | All versions |
Cisco C6800 32p10g Xl | All versions |
Cisco C6800 8p10g Xl | All versions |
Cisco C6800 8p40g Xl | All versions |
Cisco C6800 Sup6t Xl | All versions |
Cisco C6816 X Le | All versions |
Cisco C6824 X Le 40g | All versions |
Cisco C6832 X Le | All versions |
Cisco C6840 X Le 40g | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 16.9.4 |
| Running on/with | Platform Versions |
|---|---|
Cisco C9500 12q | All versions |
Cisco C9500 16x | All versions |
Cisco C9500 24q | All versions |
Cisco C9500 24y4c | All versions |
Cisco C9500 32c | All versions |
Cisco C9500 32qc | All versions |
Cisco C9500 40x | All versions |
Cisco C9500 48y4c | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Catalyst 9800 40 Wireless Controller | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Catalyst 9800 80 Wireless Controller | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ic3000 K9 | All versions |
Configuration B
| Running on/with | Platform Versions |
|---|---|
Cisco Ds X9334 K9 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs2k Mr Mxp K9 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.1.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Nc55 24h12f Se | All versions |
Cisco Nc55 36x100g A Se | All versions |
Cisco Nc55 36x100g S | All versions |
Cisco Nc55 5504 Fc | All versions |
Cisco Nc55 5516 Fc | All versions |
Cisco Nc55 6x200 Dwdm S | All versions |
Cisco Nc55 Mod A S | All versions |
Cisco Ncs 5501 | All versions |
Cisco Ncs 5501 Se | All versions |
Cisco Ncs 5502 | All versions |
Cisco Ncs 5502 Se | All versions |
Cisco Ncs 55a1 24h | All versions |
Cisco Ncs 55a1 36h S | All versions |
Cisco Ncs 55a1 36h Se | All versions |
Cisco Ncs 55a2 Mod Hd S | All versions |
Cisco Ncs 55a2 Mod Hx S | All versions |
Cisco Ncs 55a2 Mod S | All versions |
Cisco Ncs 55a2 Mod Se H S | All versions |
Cisco Ncs 55a2 Mod Se S | All versions |
Cisco Network Convergence System 5001 | All versions |
Cisco Network Convergence System 5002 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.3\(2\) |
| Running on/with | Platform Versions |
|---|---|
Cisco N3k C31108pc V | All versions |
Cisco N3k C31108tc V | All versions |
Cisco N3k C3132c Z | All versions |
Cisco N9k C92300yc | All versions |
Cisco N9k C93108tc Ex | All versions |
Cisco N9k C93108tc Fx | All versions |
Cisco N9k C93180lc Ex | All versions |
Cisco N9k C93180yc Ex | All versions |
Cisco N9k C93180yc Fx | All versions |
Cisco N9k C93240yc Fx2 | All versions |
Cisco N9k C9348gc Fxp | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.4.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ds X9648 1536k9 | All versions |
Cisco N3k C3264c E | All versions |
Cisco N77 M312cq 26l | All versions |
Cisco N77 M348xp 23l | All versions |
Cisco N77 Sup3e | All versions |
Cisco N7k M324fq 25l | All versions |
Cisco N7k M348xp 25l | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Sm X 1t3/e3 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Encs 5100 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Encs 5400 | All versions |
Related CWEs
References (8)
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Third Party AdvisoryUS Government Resource
Source: psirt@cisco.com
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.