CVE-2019-1880Insufficient Verification of Data Authenticity in Cisco Unified Computing System

CWE-345Insufficient Verification of Data Authenticity4 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 93.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Computing SystemCisco Unified Computing System Server Firmware
Timeline
PublishedJun 5
Latest updateMay 24

Description

A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification pr

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/unified_computing_system4.04.0\(2g\)+3
CVEListV5cisco/cisco_unified_computing_systemunspecified4.0(4c)

🔴Vulnerability Details

2
GHSA
GHSA-jhpv-9w3g-h4m8: A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker2022-05-24
CVEList
Cisco Unified Computing System BIOS Signature Bypass Vulnerability2019-06-05

📋Vendor Advisories

1
Cisco
Cisco Unified Computing System BIOS Signature Bypass Vulnerability2019-06-05
CVE-2019-1880 — Cisco vulnerability | cvebase