Summary

• A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality.

  The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image.

  Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

  This advisory is available at the following link:
  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Affected Products

• Vulnerable Products

  The following table lists Cisco products that are affected by the vulnerability that is described in this advisory.

  The table includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information and fixed releases.

  If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.

  Product	Cisco Bug ID	Fixed Release Availability
  Network and Content Security Devices
  Cisco ASA 5506-X	CSCvn77246	Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available)
  Cisco ASA 5506H-X	CSCvn77246	Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available)
  Cisco ASA 5506W-X	CSCvn77246	Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available)
  Cisco ASA 5508-X	CSCvn77246	Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available)
  Cisco ASA 5516-X	CSCvn77246	Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available)
  Cisco Firepower 2100 Series	CSCvn77248	Cisco Firepower Threat Defense (FTD) Software 6.2.2.5 Hotfix (Available) Cisco Firepower Threat Defense (FTD) Software 6.2.3.12 Hotfix (Available) Cisco Firepower Threat Defense (FTD) Software 6.3.0.3 Hotfix (Available) Cisco Firepower Threat Defense (FTD) Software 6.2.3.13 (Available) Cisco Firepower Threat Defense (FTD) Software 6.4.0.1 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.8.4.3 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.9.2.50 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.9.2.52 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.10.1.22 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.12.2 (Available)
  Cisco Firepower 4000 Series	CSCvn77249	Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: (Image Names: fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available)
  Cisco Firepower 9000 Series	CSCvn77249	Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: (Image Names: fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available)
  Routing and Switching - Enterprise and Service Provider
  10/40/100G MR Muxponder - Licensable for Encryption (NCS2K-MR-MXP-LIC)	CSCvn77191	11.1 (Jul 2019)
  10Gbps Optical Encryption Line Card for the Cisco NCS 2000 Series and Cisco ONS 15454 MSTP (15454-M-WSE-K9)	CSCvn77191	11.1 (Jul 2019)
  ASR 903 Router & Switching Processor and Controller - 400G (A900-RSP3C-400-S)	CSCvn77169	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  ASR 907 Router & Switching Processor and Controller - 400G (A900-RSP3C-400-W)	CSCvn77169	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  CBR-8 Converged Broadband Router	CSCvn77185	Cisco IOS XE Software Release 16.12.1w (Sep 2019)
  Catalyst 6800 16-port 10GE with integrated DFC4 (C6800-16P10G)	CSCvn77182	Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019)
  Catalyst 6800 32-port 10GE with dual integrated dual DFC4 (C6800-32P10G)	CSCvn77182	Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019)
  Catalyst 6800 8-port 10GE with integrated DFC4 (C6800-8P10G)	CSCvn77182	Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019)
  Catalyst 6800 8-port 40GE with dual integrated dual DFC4-E (C6800-8P40G)	CSCvn77182	Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019)
  Cisco 1-Port Gigabit Ethernet WAN Network Interface Module (NIM-1GE-CU-SFP)	CSCvn77218	Cisco IOS XE Software Release 16.9.5 (Jan 20) Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019)
  Cisco 1120 Connected Grid Router	CSCvn89140	Cisco IOS Software Release 15.9(3)M (Aug 2019) Cisco IOS Software Release 15.8(3)M3 (Aug 2019) Cisco IOS Software Release 15.7(3)M5 (Sep 2019) Cisco IOS Software Release 15.6(3)M7 (Sep 2019)
  Cisco 1240 Connected Grid Router	CSCvn89137	Cisco IOS Software Release 15.9(3)M (Aug 2019) Cisco IOS Software Release 15.8(3)M3 (Aug 2019) Cisco IOS Software Release 15.7(3)M5 (Sep 2019) Cisco IOS Software Release 15.6(3)M7 (Sep 2019)
  Cisco 2-Port Gigabit Ethernet WAN Network Interface Module (NIM-2GE-CU-SFP)	CSCvn77218	Cisco IOS XE Software Release 16.9.5 (Jan 20) Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019)
  Cisco 3000 Series Industrial Security Appliances	CSCvn89146	Firmware release 1.0.05 (image name: isa3000-firmware-1005.SPA) (Available)
  Cisco 4000 Series Integrated Services Router Packet 1024-Channel High-Density Voice DSP Module (SM-X-PVDM-1000)	CSCvn77212	Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019) Cisco IOS XE Software Release 16.9.5 (Jan 20)
  Cisco 4000 Series Integrated Services Router Packet 2048-Channel High-Density Voice DSP Module (SM-X-PVDM-2000)	CSCvn77212	Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019) Cisco IOS XE Software Release 16.9.5 (Jan 20)
  Cisco 4000 Series Integrated Services Router Packet 3080-Channel High-Density Voice DSP Module (SM-X-PVDM-3000)	CSCvn77212	Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019) Cisco IOS XE Software Release 16.9.5 (Jan 20)
  Cisco 4000 Series Integrated Services Router Packet 768-Channel High-Density Voice DSP Module (SM-X-PVDM-500)	CSCvn77212	Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019) Cisco IOS XE Software Release 16.9.5 (Jan 20)
  Cisco 4221 Integrated Services Router	CSCvn77153	Utility File Name: isr4200_cpld_update_v1.1_SPA.bin (Available)
  Cisco 4321 Integrated Services Router	CSCvn77156	Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available)
  Cisco 4331 Integrated Services Router	CSCvn77156	Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available)
  Cisco 4351 Integrated Services Router	CSCvn77156	Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available)
  Cisco 4431 Integrated Services Router	CSCvn77155	Utility File Name: isr4400_cpld_update_v1.1_SPA.bin (Available)
  Cisco 4451-X Integrated Services Router	CSCvn77155	Utility File Name: isr4400_cpld_update_v1.1_SPA.bin (Available)
  Cisco 4461 Integrated Services Router	CSCvn77154	Utility File Name: isr4400v2_cpld_update_v1.1_SPA.bin (Available)
  Cisco 5000 Series Enterprise Network Compute System	CSCvn77150	Release no. TBD (Aug 2019)
  Cisco 809 Industrial Integrated Services Routers	CSCvn89138	Cisco IOS Software Release 15.8(3)M2a (Available) Cisco IOS Software Release 15.7(3)M4b (Available) Cisco IOS Software Release 15.6(3)M6b (Available)
  Cisco 829 Industrial Integrated Services Routers	CSCvn89143	Cisco IOS Software Release 15.8(3)M2a (Available) Cisco IOS Software Release 15.7(3)M4b (Available) Cisco IOS Software Release 15.6(3)M6b (Available)
  Cisco ASR 1000 Embedded Services Processor, 200G (ASR1000-ESP200)	CSCvn77159	Release no. TBD (Dec 2019)
  Cisco ASR 1000 Fixed Ethernet Line Card (6x10GE) (ASR1000-6TGE)	CSCvn89144	Release no. TBD (Dec 2019)
  Cisco ASR 1000 Fixed Ethernet Line Card, 2x10GE + 20x1GE (ASR1000-2T+20X1GE)	CSCvn89144	Release no. TBD (Dec 2019)
  Cisco ASR 1000 Series 100-Gbps Embedded Services Processor (ASR1000-ESP100)	CSCvn77160	Release no. TBD (Dec 2019)
  Cisco ASR 1000 Series Modular Interface Processor (ASR1000-MIP100)	CSCvn77158	Release no. TBD (Dec 2019)
  Cisco ASR 1000 Series Route Processor 3 (Cisco ASR1000-RP3)	CSCvn77167	Release no. TBD (Dec 2019)
  Cisco ASR 1001-HX Router	CSCvn77162	ASR1K-fpga_prog.16.0.0.xe.bin (Available)
  Cisco ASR 1001-X	CSCvn89145	ASR1K-fpga_prog.16.0.0.xe.bin (Available)
  Cisco ASR 1002-HX Router	CSCvn77166	ASR1K-fpga_prog.16.0.0.xe.bin (Available)
  Cisco ASR 900 Series Route Switch Processor 2 - 128G, Base Scale (A900-RSP2A-128)	CSCvn77168	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 900 Series Route Switch Processor 2 - 64G, Base Scale (A900-RSP2A-64)	CSCvn77168	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 900 Series Route Switch Processor 3 - 200G, Large Scale (A900-RSP3C-200)	CSCvn77169	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 9000 Series 16-Port 100 Gigabit Ethernet Line Card (A99-16X100GE-X-SE)	CSCvn77180	Cisco IOS XR Software Release 7.0.1 (Jul 2019)
  Cisco ASR 9000 Series 16-Port 100 Gigabit Ethernet Line Card (A9K-16X100GE-TR, A9K-16X100GE-CM)	CSCvn77180	Cisco IOS XR Software Release 7.0.1 (Jul 2019)
  Cisco ASR 9000 Series 32-Port 100 Gigabit Ethernet Line Card (A99-32X100GE-TR, A99-32X100GE-CM)	CSCvn77180	Cisco IOS XR Software Release 7.0.1 (Jul 2019)
  Cisco ASR 9000 Series Route Switch Processor 5 for Packet Transport (A9K-RSP5-TR)	CSCvn77175	Cisco IOS XR Software Release 7.0.1 (Jul 2019)
  Cisco ASR 9000 Series Route Switch Processor 5 for Service Edge (A9K-RSP5-SE)	CSCvn77175	Cisco IOS XR Software Release 7.0.1 (Jul 2019)
  Cisco ASR 920 Series Aggregation Services Routers 10GE and 2-10GE - Passively Cooled DC model (ASR-920-10SZ-PD), Cisco ASR920 Series - 20GE SFP, 4Cu and 4-10GE: Modular PSU (ASR-920-20SZ-M)	CSCvn77171	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 920 Series Aggregation Services Routers 12 x 1/10GE SFP, AC Model (ASR-920-12SZ-A)	CSCvn77171	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 920 Series Aggregation Services Routers 12 x 1/10GE SFP, DC Model (ASR-920-12SZ-D)	CSCvn77171	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 920 Series Aggregation Services Routers 12GE and 2-10GE - AC model (ASR-920-12CZ-A)	CSCvn77171	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 920 Series Aggregation Services Routers 12GE and 2-10GE - DC model (ASR-920-12CZ-D)	CSCvn77171	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 920 Series Aggregation Services Routers 24GE Copper and 4-10GE – Modular PSU (ASR-920-24TZ-M)	CSCvn77172	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 920 Series Aggregation Services Routers 24GE Fiber and 4-10GE – Modular PSU (ASR-920-24SZ-M)	CSCvn77172	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 920 Series Aggregation Services Routers 2GE and 4-10GE - AC model (ASR-920-4SZ-A)	CSCvn77171	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 920 Series Aggregation Services Routers 2GE and 4-10GE - DC model (ASR-920-4SZ-D)	CSCvn77171	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 920 Series Aggregation Services Routers Conformal Coated - 12GE and 4-10GE, 1 IM Slot (ASR-920-12SZ-IM-CC)	CSCvn77170	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR 9900 Route Processor 3 for Packet Transport (A99-RP3-TR)	CSCvn77175	Cisco IOS XR Software Release 7.0.1 (Jul 2019)
  Cisco ASR 9900 Route Processor 3 for Service Edge (A99-RP3-SE)	CSCvn77175	Cisco IOS XR Software Release 7.0.1 (Jul 2019)
  Cisco ASR920 Series - 12GE and 4-10GE, 1 IM slot (ASR-920-12SZ-IM)	CSCvn77170	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco ASR920 Series – 24GE and 4-10GE – Modular PSU and IM (ASR-920-24SZ-IM)	CSCvn77172	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco Catalyst 6800 16-port 10GE with Integrated DFC4-XL (C6800-16P10G-XL)	CSCvn77182	Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019)
  Cisco Catalyst 6800 32-port 10GE with Dual Integrated Dual DFC4-XL (C6800-32P10G-XL)	CSCvn77182	Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019)
  Cisco Catalyst 6800 8-port 10GE with Integrated DFC4-XL (C6800-8P10G-XL)	CSCvn77182	Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019)
  Cisco Catalyst 6800 8-port 40GE with Dual Integrated Dual DFC4-EXL (C6800-8P40G-XL)	CSCvn77182	Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019)
  Cisco Catalyst 6800 Series Supervisor Engine 6T (C6800-SUP6T)	CSCvn77181	Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019)
  Cisco Catalyst 6800 Series Supervisor Engine 6T XL (C6800-SUP6T-XL)	CSCvn77181	Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019)
  Cisco Catalyst 6816-X-Chassis (Standard Tables) (C6816-X-LE)	CSCvn77183	Cisco IOS Software Release 15.5(1)SY4 (Sep 2019)
  Cisco Catalyst 6824-X-Chassis and 2 x 40G (Standard Tables) (C6824-X-LE-40G)	CSCvn77183	Cisco IOS Software Release 15.5(1)SY4 (Sep 2019)
  Cisco Catalyst 6832-X-Chassis (Standard Tables) (C6832-X-LE)	CSCvn77183	Cisco IOS Software Release 15.5(1)SY4 (Sep 2019)
  Cisco Catalyst 6840-X-Chassis and 2 x 40G (Standard Tables) (C6840-X-LE-40G)	CSCvn77183	Cisco IOS Software Release 15.5(1)SY4 (Sep 2019)
  Cisco Catalyst 9300 Series Switches	CSCvn77209	Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available)
  Cisco Catalyst 9500 Series High-Performance Switch with 24x 1/10/25G Gigabit Ethernet + 4x 40/100G Uplink (C9500-24Y4C)	CSCvn89150	Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available)
  Cisco Catalyst 9500 Series High-Performance Switch with 32x 100 Gigabit Ethernet (C9500-32C)	CSCvn89150	Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available)
  Cisco Catalyst 9500 Series High-Performance Switch with 32x 40 Gigabit Ethernet (C9500-32QC)	CSCvn89150	Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available)
  Cisco Catalyst 9500 Series High-Performance Switch with 48x 1/10/25G Gigabit Ethernet + 4x 40/100G Uplink (C9500-48Y4C)	CSCvn89150	Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available)
  Cisco Catalyst 9500 Series Switch with 12x 40G Gigabit Ethernet (C9500-12Q)	CSCvn77220	Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available)
  Cisco Catalyst 9500 Series Switch with 16x 1/10G Gigabit Ethernet (C9500-16X)	CSCvn77220	Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available)
  Cisco Catalyst 9500 Series Switch with 24x 40G Gigabit Ethernet (C9500-24Q)	CSCvn77220	Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available)
  Cisco Catalyst 9500 Series Switch with 40x 1/10G Gigabit Ethernet (C9500-40X)	CSCvn77220	Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available)
  Cisco Catalyst 9600 Supervisor Engine-1	CSCvn95346	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  Cisco Catalyst 9800-40 Wireless Controller	CSCvn77165	C9800-40_fpga_prog.16.0.0.xe.bin (Available)
  Cisco Catalyst 9800-80 Wireless Controller	CSCvn77163	C9800-80_fpga_prog.16.0.0.xe.bin (Available)
  Cisco IC3000 Industrial Compute Gateway	CSCvp42792	Firmware Release 1.0.2 (image name IC3000-K9-1.0.3.SPA) (Aug 2019)
  Cisco MDS 9000 Family 24/10 SAN Extension Module (DS-X9334-K9)	CSCvn77141	N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)
  Cisco NCS 200 Series 10/40/100G MR Muxponder (NCS2K-MR-MXP-K9)	CSCvn77191	11.1 (Jul 2019)
  Cisco NCS 5500 12X10, 2X40 2XMPA Line Card Base (NC55-MOD-A-S)	CSCvn77202	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS 5500 Series 24 Ports of 100GE and 12 Ports of 40GE High-Scale Line Card (NC55-24H12F-SE)	CSCvn77202	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS 5500 Series 36 ports of 100GE High-Scale Line Card (NC55-36X100G-A-SE)	CSCvn77202	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS 5504 Fabric Card (NC55-5504-FC)	CSCvn77202	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS 5516 Fabric Card (NC55-5516-FC)	CSCvn77202	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis (NCS-55A2-MOD-S)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature Hardened (NCS-55A2-MOD-HD-S)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature Hardened with Conformal Coating (NCS-55A2-MOD-HX-S)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis (NCS-55A2-MOD-SE-S)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis, Temperature Hardened with Conformal Coating (NC55A2-MOD-SE-H-S)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS5501 - 40x10G and 4x100G Scale Chassis (NCS-5501-SE)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS5501 Fixed 48x10G and 6x100G Chassis (NCS-5501)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS5502 - 48x100G Scale Chassis (NCS-5502-SE)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS5502 Fixed 48x100G Chassis (NCS-5502)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS55A1 Fixed 24x100G Chassis (NCS-55A1-24H)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS55A1 Fixed 36x100G Base Chassis (NCS-55A1-36H-S)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco NCS55A1 Fixed 36x100G Scale Chassis (NCS-55A1-36H-SE-S)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco Network Convergence System 1001	CSCvp88427	Cisco IOS XR Software Release 7.0.1 (Jul 2019)
  Cisco Network Convergence System 1002	CSCvn77219	Cisco IOS XR Software Release 7.0.1 (Jul 2019)
  Cisco Network Convergence System 5001	CSCvn77207	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco Network Convergence System 5002	CSCvn77205	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco Network Convergence System 540 (N540-ACC-SYS, N540-24Z8Q2C-M, N540-24Z8Q2C-SYS)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco Network Convergence System 540 Conformal Coated (N540X-ACC-SYS)	CSCvn77201	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco Network Convergence System 5500 Series: 1.2-Tbps IPoDWDM Modular Line Card (NC55-6X200-DWDM-S)	CSCvn77202	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco Network Convergence System 5500 Series: 36X100G MACsec Modular Line Cards (NC55-36X100G-S)	CSCvn77202	Cisco IOS XR Software Release 7.1.1 (Nov 2019)
  Cisco Nexus 31108PC-V, 48 SFP+ and 6 QSFP28 ports (N3K-C31108PC-V)	CSCvn77245	Cisco NX-OS Software Release 9.3(1) (Aug 2019)
  Cisco Nexus 31108TC-V, 48 10Gbase-T RJ-45 and 6 QSFP28 ports (N3K-C31108TC-V)	CSCvn77245	Cisco NX-OS Software Release 9.3(1) (Aug 2019)
  Cisco Nexus 3132C-Z Switches (N3K-C3132C-Z)	CSCvn77245	Cisco NX-OS Software Release 9.3(1) (Aug 2019)
  Cisco Nexus 3264C-E Switches (N3K-C3264C-E)	CSCvn77245	Cisco NX-OS Software Release 9.3(1) (Aug 2019)
  Cisco Nexus 7000 M3-Series 48-Port 1/10G Ethernet Module (N7K-M348XP-25L)	CSCvn77141	N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)
  Cisco Nexus 7700 F4-Series 30-Port 100G Ethernet Module (N77-F430CQ-36)	CSCvn77141	N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)
  Cisco Nexus 7700 M3-Series 12-Port 100G Ethernet Module (N77-M312CQ-26L)	CSCvn77141	N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)
  Cisco Nexus 7700 M3-Series 24-Port 40G Ethernet Module (N7K-M324FQ-25L)	CSCvn77141	N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)
  Cisco Nexus 7700 M3-Series 48-Port 1/10G Ethernet Module (N77-M348XP-23L)	CSCvn77141	N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)
  Cisco Nexus 7700 Supervisor 3 (N77-SUP3E)	CSCvn77141	N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)
  Cisco Nexus 9200 with 36p 40G 100G QSFP28 (N9K-C9236C)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9200 with 48p 1/10G/25G SFP+ and 6p 40G QSFP or 4p 100G QSFP28 (N9K-C92160YC-X)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9200 with 48p 10/25 Gbps and 18p 100G QSFP28 (N9K-C92300YC)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9200 with 56p 40G QSFP+ and 8p 100G QSFP28 (N9K-C92304QC)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9200 with 72p 40G QSFP+ (N9K-C9272Q)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9300 with 48p 1/10G/25G SFP and 6p 40G/100G QSFP28, MACsec, and Unified Ports Capable (N9K-C93180YC-FX)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9300 with 48p 100M/1G BASE-T, 4p 10/25G SFP28 and 2p 40G/100G QSFP28 (N9K-C9348GC-FXP)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9300 with 48p 10G BASE-T and 6p 40G/100G QSFP28, MACsec Capable (N9K-C93108TC-FX)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9332C Spine Switch with 32p 40/100G QSFP28, 2p 1/10G SFP (N9K-C9332C)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9364C Spine Switch with 64p 40/100G QSFP28, 2p 1/10G SFP (N9K-C9364C)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9500 4-Core/4-Thread Supervisor (N9K-SUP-A)	CSCvn77142	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9500 6-Core/12-Thread Supervisor (N9K-SUP-B)	CSCvn77142	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9K Fixed with 32p 40G/100G QSFP28 (N9K-C9232C)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9K Fixed with 36p 40G/100G QSFP28 (N9K-C9336C-FX2)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9K Fixed with 48p 1/10G/25G SFP and 12p 40G/100G QSFP28 (N9K-C93240YC-FX2)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9K Fixed with 48p 1/10G/25G SFP and 6p 40G/100G QSFP28 (N9K-C93180YC-EX)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9K Fixed with 48p 10G BASE-T and 6p 40G/100G QSFP28 (N9K-C93108TC-EX)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Nexus 9K Fixed with up to 32p 40/50G QSFP+ or up to 18p 100G QSFP28 (N9K-C93180LC-EX)	CSCvn77143	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Cisco Packet-over-T3/E3 Service Module (SM-X-1T3/E3)	CSCvn77147	Release no. TBD (Oct 2019)
  Cisco cBR-8 Integrated CCAP 40G Remote PHY Line Card (CBR-CCAP-LC-40G-R)	CSCvn77184	Cisco IOS XE Software Release 16.12.1 (Jul 2019)
  MDS 9700 48-Port 32-Gbps Fibre Channel Switching Module (DS-X9648-1536K9)	CSCvn77141	N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)
  Supervisor A+ for Nexus 9500 (N9K-SUP-A+)	CSCvn77142	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Supervisor B+ for Nexus 9500 (N9K-SUP-B+)	CSCvn77142	NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019)
  Voice and Unified Communications Devices
  Analog Voice Network Interface Modules for Cisco 4000 Series ISRs (NIM-2FXO, NIM-4FXO, NIM-2FXS, NIM-4FXS, NIM-2FXS/4FXO, NIM-2FXSP, NIM-4FXSP, NIM-2FXS/4FXOP, NIM-4E/M, NIM-2BRI-NT/TE, NIM-4BRI-NT/TE)	CSCvn77151	Release no. TBD (Sep 2019)
  Cisco 4000 Series Integrated Services Router T1/E1 Voice and WAN Network Interface Modules (NIM-1MFT-T1/E1, NIM-2MFT-T1/E1, NIM-4MFT-T1/E1, NIM-8MFT-T1/E1, NIM-1CE1T1-PRI, NIM-2CE1T1-PRI, NIM-8CE1T1-PRI)	CSCvn77152	Release no. TBD (Sep 2019)

  
  

  Products Confirmed Not Vulnerable

  Cisco has investigated all Cisco products that support hardware-based Secure Boot functionality to verify that they are enforcing the appropriate access control checks.

  Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

  No other Cisco products that support hardware-based Secure Boot functionality are vulnerable.

Details

• An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability:

  • Have privileged administrative access to the device.
  • Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access.
  • Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.

  Cisco is in the process of developing and releasing software fixes for all affected platforms. In most cases, the fix will require an on-premise reprogramming of a low-level hardware component that is required for normal device operation. A failure during this reprogramming process may cause the device to become unusable and require a hardware replacement. Customers are advised to consult the Release Note Enclosure for the Cisco bug relevant to their platform for the following information:

  1. Causes that could lead to a failure of the reprogramming process and cause the device to become unusable
  2. A platform-specific set of steps that are required to reprogram a device
  3. The procedure required to determine whether a given device is running an affected firmware version (that therefore must be fixed) or whether the device is already running a fixed firmware version

  The product release notes that are published with each platform-specific fixed software release will include more detailed information about items 2 and 3 in the preceding list. The product release notes should be considered the most up-to-date source of information about these items.

  For details about Secure Boot and related Trustworthy Technologies, please refer to the Trustworthy Technologies Datasheet. A list of all Cisco products supporting secure boot technology can be found at the following link: https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-boot-product-list.pdf

Workarounds

• There are no workarounds that address this vulnerability.

  Cisco Guide to Harden Cisco IOS Devices provides information about how to harden the device and secure management access. Implementing the recommendations in this document would reduce the attack surface for this vulnerability.

Fixed Software

• For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products section of this advisory.

  Cisco will release free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
  https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

  Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.

  When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

  In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

  Customers Without Service Contracts

  Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
  https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

  Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Exploitation and Public Announcements

• This vulnerability was publicly disclosed by Red Balloon Security on May 13, 2019.

  The Cisco Product Security Incident Response Team (PSIRT) is aware of the existence of proof-of-concept code that demonstrates this vulnerability on the Cisco ASR 1001-X. There are no indications at this time that this proof-of-concept code is publicly available.

  Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.

Source

• Cisco would like to thank Mr. Jatin Kataria (Principal Research Scientist), Mr. Richard Housley (Research Scientist), and Dr. Ang Cui (Chief Scientist) of Red Balloon Security for reporting this vulnerability to Cisco and working toward a coordinated disclosure.

URL

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Revision History

• Version	Description	Section	Status	Date
  1.17	Updated fix availability date for some products.	Vulnerable Products	Final	2019-November-20
  1.16	Updated fixed version for some products.	Vulnerable Products	Final	2019-September-06
  1.15	Updated list of vulnerable products.	Vulnerable Products	Final	2019-September-03
  1.14	Updated list of vulnerable products.	Vulnerable Products	Final	2019-August-21
  1.13	Updated fix availability date for some products.	Vulnerable Products	Final	2019-August-02
  1.12	Updated fix availability date for some products.	Vulnerable Products	Final	2019-July-17
  1.11	Updated fix availability date for some products.	Vulnerable Products	Final	2019-June-28
  1.10	Updated list of vulnerable products. Updated fix availability date for some products.	Vulnerable Products	Final	2019-June-17
  1.9	Updated list of vulnerable products. Updated fix availability date for some products. Changed document status to Final. Removed statements indicating the advisory will be updated (Summary and Vulnerable Products).	Summary and Vulnerable Products	Final	2019-June-10
  1.8	Updated list of vulnerable products. Updated fix availability date for some products.	Vulnerable Products	Interim	2019-May-30
  1.7	Updated list of vulnerable products. Updated fix availability date for some products. Added link to list of Cisco products supporting secure boot.	Vulnerable Products, Details	Interim	2019-May-23
  1.6	Updated list of vulnerable products. Updated fix availability date for some products.	Vulnerable Products	Interim	2019-May-22
  1.5	Updated list of vulnerable products. Updated fix availability date for some products.	Vulnerable Products	Interim	2019-May-20
  1.4	Updated list of vulnerable products. Updated fix availability date for some products.	Vulnerable Products	Interim	2019-May-16
  1.3	Updated list of vulnerable products. Updated fix availability date for some products.	Vulnerable Products	Interim	2019-May-15
  1.2	Updated list of vulnerable products. Updated fix availability date for some products.	Vulnerable Products	Interim	2019-May-14
  1.1	Updated list of vulnerable products. Added link to Datasheet for Cisco Trustworthy Technologies.	Vulnerable Products, Details	Interim	2019-May-13
  1.0	Initial public release.	—	Interim	2019-May-13

  Show Less

---