CVE-2019-1880
Description
A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device.
Risk Information
Base Score
4.4
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.025
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Unified Computing System BIOS Signature Bypass Vulnerability For Cisco Unified Computing System | NCM |
| Cisco Unified Computing System BIOS Signature Bypass Vulnerability For Cisco UCS C-Series Rack Servers | NCM |
| Insufficient Verification of Data Authenticity Vulnerability (CVE-2019-1880) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706036 | Security Update for Cisco Unified Computing System 3.2(1d) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234