CVE-2019-1880

A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/108680
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ucs-biossig-bypass	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_computing_system_c125_m5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:cisco:unified_computing_system_server_firmware::::::::
	cpe:2.3:o:cisco:unified_computing_system_server_firmware::::::::

cpe:2.3:h:cisco:unified_computing_system_c220_m4:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_computing_system_c220_m5:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:cisco:unified_computing_system_server_firmware::::::::
	cpe:2.3:o:cisco:unified_computing_system_server_firmware::::::::

cpe:2.3:h:cisco:unified_computing_system_c240_m4:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_computing_system_c240_m5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:cisco:unified_computing_system_server_firmware::::::::
	cpe:2.3:o:cisco:unified_computing_system_server_firmware::::::::

cpe:2.3:h:cisco:unified_computing_system_c460_m4:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_computing_system_c480_m5:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-05 17:29

Updated : 2019-10-09 23:48

NVD link : CVE-2019-1880

Mitre link : CVE-2019-1880

CVE.ORG link : CVE-2019-1880

JSON object : View

Products Affected

cisco

unified_computing_system_c240_m4
unified_computing_system_c460_m4
unified_computing_system_c240_m5
unified_computing_system_server_firmware
unified_computing_system_c480_m5
unified_computing_system_c220_m5
unified_computing_system_c125_m5
unified_computing_system_c220_m4

CWE

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2019-1880", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2019-06-05T17:29:00.647", "references": [{"url": "http://www.securityfocus.com/bid/108680", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ucs-biossig-bypass", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la utilidad de actualizaci\u00f3n del BIOS de rack servidores Unified Computing System (UCS) C-Series de Cisco, podr\u00eda permitir a un atacante local autorizado instalar el firmware del BIOS comprometido en un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente del archivo de imagen del firmware. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la ejecuci\u00f3n de la utilidad de actualizaci\u00f3n del BIOS con un conjunto espec\u00edfico de opciones. Una operaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante omitir el proceso de comprobaci\u00f3n de firmas del firmware e instalar el firmware del BIOS comprometido en un dispositivo afectado."}], "lastModified": "2019-10-09T23:48:25.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C98B6DE4-8759-498A-93CC-B54376EAC099", "versionEndExcluding": "4.0\\(2g\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_computing_system_c125_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E940DBA-1F06-479A-B697-0070174EB2F5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83F54B3E-D792-4971-9EDC-31DA712FAFB9", "versionEndExcluding": "3.0\\(4l\\)"}, {"criteria": "cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CD23D8E-C2E3-4C51-9E8C-58DDC810AEF6", "versionEndExcluding": "4.0\\(2g\\)", "versionStartIncluding": "4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_computing_system_c220_m4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C5502506-02DD-43C8-AED7-847C71AFBBBD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "845FBF06-3662-420A-A096-18EE3DEE18C3", "versionEndExcluding": "4.0\\(4c\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_computing_system_c220_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4221A779-1C3C-4EA5-980A-4F9BA206824C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83F54B3E-D792-4971-9EDC-31DA712FAFB9", "versionEndExcluding": "3.0\\(4l\\)"}, {"criteria": "cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CD23D8E-C2E3-4C51-9E8C-58DDC810AEF6", "versionEndExcluding": "4.0\\(2g\\)", "versionStartIncluding": "4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_computing_system_c240_m4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "596E83E7-E11F-4BF7-AF79-C1A5805C0580"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "845FBF06-3662-420A-A096-18EE3DEE18C3", "versionEndExcluding": "4.0\\(4c\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_computing_system_c240_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A69A9518-AC5F-440D-A3F1-328035D3157C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83F54B3E-D792-4971-9EDC-31DA712FAFB9", "versionEndExcluding": "3.0\\(4l\\)"}, {"criteria": "cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CD23D8E-C2E3-4C51-9E8C-58DDC810AEF6", "versionEndExcluding": "4.0\\(2g\\)", "versionStartIncluding": "4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_computing_system_c460_m4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "326CD3F6-3DC3-4840-811F-6ED353DC5F33"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "845FBF06-3662-420A-A096-18EE3DEE18C3", "versionEndExcluding": "4.0\\(4c\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_computing_system_c480_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51E29763-0766-4AEA-A434-37D48B6FAE08"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}

4.4 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2019-1880

4.4^/10

2.1^/10

Attach tags to `CVE-2019-1880`