CVE-2019-1649

CWE-284 — Improper Access Control CWE-6676 documents6 sources

Severity

6.7MEDIUM

EPSS

0.4%

top 40.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Routers Cisco 15454-m-wse-k9 Firmware Cisco ASA 5500 Firmware +15 more

Timeline

PublishedMay 13

Latest updateMay 24

Description

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Sec…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages18 packages

▶NVDcisco/asa_5500_firmware< 1.1.15

▶NVDcisco/ic3000-k9_firmware< 1.0.2

▶NVDcisco/15454-m-wse-k9_firmware< 11.1

▶NVDcisco/firepower_2100_firmware< 2.6.1.134

▶NVDcisco/firepower_4000_firmware< 1.0.18

🔴Vulnerability Details

GHSA

GHSA-8p3x-34c5-5pmx: A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could all↗2022-05-24

▶

CVEList

Cisco Secure Boot Hardware Tampering Vulnerability↗2019-05-13

▶

📋Vendor Advisories

Cisco

Cisco Secure Boot Hardware Tampering Vulnerability↗2019-05-13

▶

💬Community

Bugzilla

CVE-2019-9633 glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service↗2019-03-12

▶