CVE-2018-0362 — Improper Authentication in Cisco 5100 Enterprise Network Compute System Firmware

CWE-287 — Improper Authentication6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 62.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco 5100 Enterprise Network Compute System Firmware Cisco 5400 Enterprise Network Compute System Firmware Cisco Ucs-e1120d-k9 Firmware +18 more

Timeline

PublishedJun 21

Latest updateMay 13

Description

A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authen…

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 0.9 | Impact: 3.4

Affected Packages21 packages

▶NVDcisco/5100_enterprise_network_compute_system_firmware3.2\(3\)

▶NVDcisco/5400_enterprise_network_compute_system_firmware3.2\(3\)

▶NVDcisco/ucs-e140d-k9_firmware3.2\(3\)

▶NVDcisco/ucs-e140d-m1_firmware3.2\(3\)

▶NVDcisco/ucs-e140s-k9_firmware3.2\(3\)

🔴Vulnerability Details

GHSA

GHSA-xq97-24qj-jwq2: A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Se↗2022-05-13

▶

CVEList

CVE-2018-0362: A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Se↗2018-06-21

▶

📋Vendor Advisories

Cisco

Cisco 5000 Series Enterprise Network Compute System and Cisco UCS E-Series Servers BIOS Authentication Bypass Vulnerability↗2018-06-20

▶