CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
-
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality.
The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image.
Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
-
Vulnerable Products
The following table lists Cisco products that are affected by the vulnerability that is described in this advisory.
The table includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information and fixed releases.
If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.
Product Cisco Bug ID Fixed Release Availability Network and Content Security Devices Cisco ASA 5506-X CSCvn77246 Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5506H-X CSCvn77246 Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5506W-X CSCvn77246 Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5508-X CSCvn77246 Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5516-X CSCvn77246 Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco Firepower 2100 Series CSCvn77248 Cisco Firepower Threat Defense (FTD) Software 6.2.2.5 Hotfix (Available)
Cisco Firepower Threat Defense (FTD) Software 6.2.3.12 Hotfix (Available)
Cisco Firepower Threat Defense (FTD) Software 6.3.0.3 Hotfix (Available)
Cisco Firepower Threat Defense (FTD) Software 6.2.3.13 (Available)
Cisco Firepower Threat Defense (FTD) Software 6.4.0.1 (Available)
Cisco Adaptive Security Appliance (ASA) Software 9.8.4.3 (Available)
Cisco Adaptive Security Appliance (ASA) Software 9.9.2.50 (Available)
Cisco Adaptive Security Appliance (ASA) Software 9.9.2.52 (Available)
Cisco Adaptive Security Appliance (ASA) Software 9.10.1.22 (Available)
Cisco Adaptive Security Appliance (ASA) Software 9.12.2 (Available)Cisco Firepower 4000 Series CSCvn77249 Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: (Image Names: fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available) Cisco Firepower 9000 Series CSCvn77249 Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: (Image Names: fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available) Routing and Switching - Enterprise and Service Provider 10/40/100G MR Muxponder - Licensable for Encryption (NCS2K-MR-MXP-LIC) CSCvn77191 11.1 (Jul 2019) 10Gbps Optical Encryption Line Card for the Cisco NCS 2000 Series and Cisco ONS 15454 MSTP (15454-M-WSE-K9) CSCvn77191 11.1 (Jul 2019) ASR 903 Router & Switching Processor and Controller - 400G (A900-RSP3C-400-S) CSCvn77169 Cisco IOS XE Software Release 16.12.1 (Jul 2019) ASR 907 Router & Switching Processor and Controller - 400G (A900-RSP3C-400-W) CSCvn77169 Cisco IOS XE Software Release 16.12.1 (Jul 2019) CBR-8 Converged Broadband Router CSCvn77185 Cisco IOS XE Software Release 16.12.1w (Sep 2019) Catalyst 6800 16-port 10GE with integrated DFC4 (C6800-16P10G) CSCvn77182 Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Catalyst 6800 32-port 10GE with dual integrated dual DFC4 (C6800-32P10G) CSCvn77182 Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Catalyst 6800 8-port 10GE with integrated DFC4 (C6800-8P10G) CSCvn77182 Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Catalyst 6800 8-port 40GE with dual integrated dual DFC4-E (C6800-8P40G) CSCvn77182 Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco 1-Port Gigabit Ethernet WAN Network Interface Module (NIM-1GE-CU-SFP) CSCvn77218 Cisco IOS XE Software Release 16.9.5 (Jan 20)
Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco 1120 Connected Grid Router CSCvn89140 Cisco IOS Software Release 15.9(3)M (Aug 2019)
Cisco IOS Software Release 15.8(3)M3 (Aug 2019)
Cisco IOS Software Release 15.7(3)M5 (Sep 2019)
Cisco IOS Software Release 15.6(3)M7 (Sep 2019)
Cisco 1240 Connected Grid Router CSCvn89137 Cisco IOS Software Release 15.9(3)M (Aug 2019)
Cisco IOS Software Release 15.8(3)M3 (Aug 2019)
Cisco IOS Software Release 15.7(3)M5 (Sep 2019)
Cisco IOS Software Release 15.6(3)M7 (Sep 2019)Cisco 2-Port Gigabit Ethernet WAN Network Interface Module (NIM-2GE-CU-SFP) CSCvn77218 Cisco IOS XE Software Release 16.9.5 (Jan 20)
Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco 3000 Series Industrial Security Appliances CSCvn89146 Firmware release 1.0.05 (image name: isa3000-firmware-1005.SPA) (Available)
Cisco 4000 Series Integrated Services Router Packet 1024-Channel High-Density Voice DSP Module (SM-X-PVDM-1000) CSCvn77212 Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco IOS XE Software Release 16.9.5 (Jan 20)Cisco 4000 Series Integrated Services Router Packet 2048-Channel High-Density Voice DSP Module (SM-X-PVDM-2000) CSCvn77212 Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco IOS XE Software Release 16.9.5 (Jan 20)Cisco 4000 Series Integrated Services Router Packet 3080-Channel High-Density Voice DSP Module (SM-X-PVDM-3000) CSCvn77212 Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco IOS XE Software Release 16.9.5 (Jan 20)Cisco 4000 Series Integrated Services Router Packet 768-Channel High-Density Voice DSP Module (SM-X-PVDM-500) CSCvn77212 Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco IOS XE Software Release 16.9.5 (Jan 20)Cisco 4221 Integrated Services Router CSCvn77153 Utility File Name: isr4200_cpld_update_v1.1_SPA.bin (Available) Cisco 4321 Integrated Services Router CSCvn77156 Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4331 Integrated Services Router CSCvn77156 Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4351 Integrated Services Router CSCvn77156 Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4431 Integrated Services Router CSCvn77155 Utility File Name: isr4400_cpld_update_v1.1_SPA.bin (Available) Cisco 4451-X Integrated Services Router CSCvn77155 Utility File Name: isr4400_cpld_update_v1.1_SPA.bin (Available) Cisco 4461 Integrated Services Router CSCvn77154 Utility File Name: isr4400v2_cpld_update_v1.1_SPA.bin (Available) Cisco 5000 Series Enterprise Network Compute System CSCvn77150 Release no. TBD (Aug 2019) Cisco 809 Industrial Integrated Services Routers CSCvn89138 Cisco IOS Software Release 15.8(3)M2a (Available)
Cisco IOS Software Release 15.7(3)M4b (Available)
Cisco IOS Software Release 15.6(3)M6b (Available)
Cisco 829 Industrial Integrated Services Routers CSCvn89143 Cisco IOS Software Release 15.8(3)M2a (Available)
Cisco IOS Software Release 15.7(3)M4b (Available)
Cisco IOS Software Release 15.6(3)M6b (Available)Cisco ASR 1000 Embedded Services Processor, 200G (ASR1000-ESP200) CSCvn77159 Release no. TBD (Dec 2019) Cisco ASR 1000 Fixed Ethernet Line Card (6x10GE) (ASR1000-6TGE) CSCvn89144 Release no. TBD (Dec 2019) Cisco ASR 1000 Fixed Ethernet Line Card, 2x10GE + 20x1GE (ASR1000-2T+20X1GE) CSCvn89144 Release no. TBD (Dec 2019) Cisco ASR 1000 Series 100-Gbps Embedded Services Processor (ASR1000-ESP100) CSCvn77160 Release no. TBD (Dec 2019) Cisco ASR 1000 Series Modular Interface Processor (ASR1000-MIP100) CSCvn77158 Release no. TBD (Dec 2019) Cisco ASR 1000 Series Route Processor 3 (Cisco ASR1000-RP3) CSCvn77167 Release no. TBD (Dec 2019) Cisco ASR 1001-HX Router CSCvn77162 ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 1001-X CSCvn89145 ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 1002-HX Router CSCvn77166 ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 900 Series Route Switch Processor 2 - 128G, Base Scale (A900-RSP2A-128) CSCvn77168 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 900 Series Route Switch Processor 2 - 64G, Base Scale (A900-RSP2A-64) CSCvn77168 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 900 Series Route Switch Processor 3 - 200G, Large Scale (A900-RSP3C-200) CSCvn77169 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 9000 Series 16-Port 100 Gigabit Ethernet Line Card (A99-16X100GE-X-SE) CSCvn77180 Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series 16-Port 100 Gigabit Ethernet Line Card (A9K-16X100GE-TR, A9K-16X100GE-CM) CSCvn77180 Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series 32-Port 100 Gigabit Ethernet Line Card (A99-32X100GE-TR, A99-32X100GE-CM) CSCvn77180 Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series Route Switch Processor 5 for Packet Transport (A9K-RSP5-TR) CSCvn77175 Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series Route Switch Processor 5 for Service Edge (A9K-RSP5-SE) CSCvn77175 Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 10GE and 2-10GE - Passively Cooled DC model (ASR-920-10SZ-PD), Cisco ASR920 Series - 20GE SFP, 4Cu and 4-10GE: Modular PSU (ASR-920-20SZ-M) CSCvn77171 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12 x 1/10GE SFP, AC Model (ASR-920-12SZ-A) CSCvn77171 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12 x 1/10GE SFP, DC Model (ASR-920-12SZ-D) CSCvn77171 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12GE and 2-10GE - AC model (ASR-920-12CZ-A) CSCvn77171 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12GE and 2-10GE - DC model (ASR-920-12CZ-D) CSCvn77171 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 24GE Copper and 4-10GE – Modular PSU (ASR-920-24TZ-M) CSCvn77172 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 24GE Fiber and 4-10GE – Modular PSU (ASR-920-24SZ-M) CSCvn77172 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 2GE and 4-10GE - AC model (ASR-920-4SZ-A) CSCvn77171 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 2GE and 4-10GE - DC model (ASR-920-4SZ-D) CSCvn77171 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers Conformal Coated - 12GE and 4-10GE, 1 IM Slot (ASR-920-12SZ-IM-CC) CSCvn77170 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 9900 Route Processor 3 for Packet Transport (A99-RP3-TR) CSCvn77175 Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9900 Route Processor 3 for Service Edge (A99-RP3-SE) CSCvn77175 Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR920 Series - 12GE and 4-10GE, 1 IM slot (ASR-920-12SZ-IM) CSCvn77170 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR920 Series – 24GE and 4-10GE – Modular PSU and IM (ASR-920-24SZ-IM) CSCvn77172 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco Catalyst 6800 16-port 10GE with Integrated DFC4-XL (C6800-16P10G-XL) CSCvn77182 Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 32-port 10GE with Dual Integrated Dual DFC4-XL (C6800-32P10G-XL) CSCvn77182 Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 8-port 10GE with Integrated DFC4-XL (C6800-8P10G-XL) CSCvn77182 Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 8-port 40GE with Dual Integrated Dual DFC4-EXL (C6800-8P40G-XL) CSCvn77182 Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 Series Supervisor Engine 6T (C6800-SUP6T) CSCvn77181 Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 Series Supervisor Engine 6T XL (C6800-SUP6T-XL) CSCvn77181 Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6816-X-Chassis (Standard Tables) (C6816-X-LE) CSCvn77183 Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6824-X-Chassis and 2 x 40G (Standard Tables) (C6824-X-LE-40G) CSCvn77183 Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6832-X-Chassis (Standard Tables) (C6832-X-LE) CSCvn77183 Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6840-X-Chassis and 2 x 40G (Standard Tables) (C6840-X-LE-40G) CSCvn77183 Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 9300 Series Switches CSCvn77209 Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 24x 1/10/25G Gigabit Ethernet + 4x 40/100G Uplink (C9500-24Y4C) CSCvn89150 Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 32x 100 Gigabit Ethernet (C9500-32C) CSCvn89150 Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 32x 40 Gigabit Ethernet (C9500-32QC) CSCvn89150 Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 48x 1/10/25G Gigabit Ethernet + 4x 40/100G Uplink (C9500-48Y4C) CSCvn89150 Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 12x 40G Gigabit Ethernet (C9500-12Q) CSCvn77220 Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 16x 1/10G Gigabit Ethernet (C9500-16X) CSCvn77220 Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 24x 40G Gigabit Ethernet (C9500-24Q) CSCvn77220 Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 40x 1/10G Gigabit Ethernet (C9500-40X) CSCvn77220 Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9600 Supervisor Engine-1 CSCvn95346 Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco Catalyst 9800-40 Wireless Controller CSCvn77165 C9800-40_fpga_prog.16.0.0.xe.bin (Available) Cisco Catalyst 9800-80 Wireless Controller CSCvn77163 C9800-80_fpga_prog.16.0.0.xe.bin (Available) Cisco IC3000 Industrial Compute Gateway CSCvp42792 Firmware Release 1.0.2 (image name IC3000-K9-1.0.3.SPA) (Aug 2019) Cisco MDS 9000 Family 24/10 SAN Extension Module (DS-X9334-K9) CSCvn77141 N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)Cisco NCS 200 Series 10/40/100G MR Muxponder (NCS2K-MR-MXP-K9) CSCvn77191 11.1 (Jul 2019) Cisco NCS 5500 12X10, 2X40 2XMPA Line Card Base (NC55-MOD-A-S) CSCvn77202 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5500 Series 24 Ports of 100GE and 12 Ports of 40GE High-Scale Line Card (NC55-24H12F-SE) CSCvn77202 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5500 Series 36 ports of 100GE High-Scale Line Card (NC55-36X100G-A-SE) CSCvn77202 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5504 Fabric Card (NC55-5504-FC) CSCvn77202 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5516 Fabric Card (NC55-5516-FC) CSCvn77202 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis (NCS-55A2-MOD-S) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature Hardened (NCS-55A2-MOD-HD-S) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature Hardened with Conformal Coating (NCS-55A2-MOD-HX-S) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis (NCS-55A2-MOD-SE-S) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis, Temperature Hardened with Conformal Coating (NC55A2-MOD-SE-H-S) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5501 - 40x10G and 4x100G Scale Chassis (NCS-5501-SE) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5501 Fixed 48x10G and 6x100G Chassis (NCS-5501) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5502 - 48x100G Scale Chassis (NCS-5502-SE) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5502 Fixed 48x100G Chassis (NCS-5502) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS55A1 Fixed 24x100G Chassis (NCS-55A1-24H) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS55A1 Fixed 36x100G Base Chassis (NCS-55A1-36H-S) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS55A1 Fixed 36x100G Scale Chassis (NCS-55A1-36H-SE-S) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 1001 CSCvp88427 Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco Network Convergence System 1002 CSCvn77219 Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco Network Convergence System 5001 CSCvn77207 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 5002 CSCvn77205 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 540 (N540-ACC-SYS, N540-24Z8Q2C-M, N540-24Z8Q2C-SYS) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 540 Conformal Coated (N540X-ACC-SYS) CSCvn77201 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 5500 Series: 1.2-Tbps IPoDWDM Modular Line Card (NC55-6X200-DWDM-S) CSCvn77202 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 5500 Series: 36X100G MACsec Modular Line Cards (NC55-36X100G-S) CSCvn77202 Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Nexus 31108PC-V, 48 SFP+ and 6 QSFP28 ports (N3K-C31108PC-V) CSCvn77245 Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 31108TC-V, 48 10Gbase-T RJ-45 and 6 QSFP28 ports (N3K-C31108TC-V) CSCvn77245 Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 3132C-Z Switches (N3K-C3132C-Z) CSCvn77245 Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 3264C-E Switches (N3K-C3264C-E) CSCvn77245 Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 7000 M3-Series 48-Port 1/10G Ethernet Module (N7K-M348XP-25L) CSCvn77141 N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)Cisco Nexus 7700 F4-Series 30-Port 100G Ethernet Module (N77-F430CQ-36) CSCvn77141 N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)Cisco Nexus 7700 M3-Series 12-Port 100G Ethernet Module (N77-M312CQ-26L) CSCvn77141 N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)Cisco Nexus 7700 M3-Series 24-Port 40G Ethernet Module (N7K-M324FQ-25L) CSCvn77141 N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)Cisco Nexus 7700 M3-Series 48-Port 1/10G Ethernet Module (N77-M348XP-23L) CSCvn77141 N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)Cisco Nexus 7700 Supervisor 3 (N77-SUP3E) CSCvn77141 N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)Cisco Nexus 9200 with 36p 40G 100G QSFP28 (N9K-C9236C) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9200 with 48p 1/10G/25G SFP+ and 6p 40G QSFP or 4p 100G QSFP28 (N9K-C92160YC-X) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9200 with 48p 10/25 Gbps and 18p 100G QSFP28 (N9K-C92300YC) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9200 with 56p 40G QSFP+ and 8p 100G QSFP28 (N9K-C92304QC) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9200 with 72p 40G QSFP+ (N9K-C9272Q) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9300 with 48p 1/10G/25G SFP and 6p 40G/100G QSFP28, MACsec, and Unified Ports Capable (N9K-C93180YC-FX) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9300 with 48p 100M/1G BASE-T, 4p 10/25G SFP28 and 2p 40G/100G QSFP28 (N9K-C9348GC-FXP) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9300 with 48p 10G BASE-T and 6p 40G/100G QSFP28, MACsec Capable (N9K-C93108TC-FX) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9332C Spine Switch with 32p 40/100G QSFP28, 2p 1/10G SFP (N9K-C9332C) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9364C Spine Switch with 64p 40/100G QSFP28, 2p 1/10G SFP (N9K-C9364C) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9500 4-Core/4-Thread Supervisor (N9K-SUP-A) CSCvn77142 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)Cisco Nexus 9500 6-Core/12-Thread Supervisor (N9K-SUP-B) CSCvn77142 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)Cisco Nexus 9K Fixed with 32p 40G/100G QSFP28 (N9K-C9232C) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9K Fixed with 36p 40G/100G QSFP28 (N9K-C9336C-FX2) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9K Fixed with 48p 1/10G/25G SFP and 12p 40G/100G QSFP28 (N9K-C93240YC-FX2) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9K Fixed with 48p 1/10G/25G SFP and 6p 40G/100G QSFP28 (N9K-C93180YC-EX) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9K Fixed with 48p 10G BASE-T and 6p 40G/100G QSFP28 (N9K-C93108TC-EX) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9K Fixed with up to 32p 40/50G QSFP+ or up to 18p 100G QSFP28 (N9K-C93180LC-EX) CSCvn77143 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Packet-over-T3/E3 Service Module (SM-X-1T3/E3) CSCvn77147 Release no. TBD (Oct 2019) Cisco cBR-8 Integrated CCAP 40G Remote PHY Line Card (CBR-CCAP-LC-40G-R) CSCvn77184 Cisco IOS XE Software Release 16.12.1 (Jul 2019) MDS 9700 48-Port 32-Gbps Fibre Channel Switching Module (DS-X9648-1536K9) CSCvn77141 N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019)Supervisor A+ for Nexus 9500 (N9K-SUP-A+) CSCvn77142 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)Supervisor B+ for Nexus 9500 (N9K-SUP-B+) CSCvn77142 NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)Voice and Unified Communications Devices Analog Voice Network Interface Modules for Cisco 4000 Series ISRs (NIM-2FXO, NIM-4FXO, NIM-2FXS, NIM-4FXS, NIM-2FXS/4FXO, NIM-2FXSP, NIM-4FXSP, NIM-2FXS/4FXOP, NIM-4E/M, NIM-2BRI-NT/TE, NIM-4BRI-NT/TE) CSCvn77151 Release no. TBD (Sep 2019) Cisco 4000 Series Integrated Services Router T1/E1 Voice and WAN Network Interface Modules (NIM-1MFT-T1/E1, NIM-2MFT-T1/E1, NIM-4MFT-T1/E1, NIM-8MFT-T1/E1, NIM-1CE1T1-PRI, NIM-2CE1T1-PRI, NIM-8CE1T1-PRI) CSCvn77152 Release no. TBD (Sep 2019)
Products Confirmed Not Vulnerable
Cisco has investigated all Cisco products that support hardware-based Secure Boot functionality to verify that they are enforcing the appropriate access control checks.
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
No other Cisco products that support hardware-based Secure Boot functionality are vulnerable.
-
An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability:
- Have privileged administrative access to the device.
- Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access.
- Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.
Cisco is in the process of developing and releasing software fixes for all affected platforms. In most cases, the fix will require an on-premise reprogramming of a low-level hardware component that is required for normal device operation. A failure during this reprogramming process may cause the device to become unusable and require a hardware replacement. Customers are advised to consult the Release Note Enclosure for the Cisco bug relevant to their platform for the following information:
- Causes that could lead to a failure of the reprogramming process and cause the device to become unusable
- A platform-specific set of steps that are required to reprogram a device
- The procedure required to determine whether a given device is running an affected firmware version (that therefore must be fixed) or whether the device is already running a fixed firmware version
The product release notes that are published with each platform-specific fixed software release will include more detailed information about items 2 and 3 in the preceding list. The product release notes should be considered the most up-to-date source of information about these items.
For details about Secure Boot and related Trustworthy Technologies, please refer to the Trustworthy Technologies Datasheet. A list of all Cisco products supporting secure boot technology can be found at the following link: https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-boot-product-list.pdf
-
There are no workarounds that address this vulnerability.
Cisco Guide to Harden Cisco IOS Devices provides information about how to harden the device and secure management access. Implementing the recommendations in this document would reduce the attack surface for this vulnerability.
-
For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products section of this advisory.
Cisco will release free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.htmlAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.htmlCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
-
This vulnerability was publicly disclosed by Red Balloon Security on May 13, 2019.
The Cisco Product Security Incident Response Team (PSIRT) is aware of the existence of proof-of-concept code that demonstrates this vulnerability on the Cisco ASR 1001-X. There are no indications at this time that this proof-of-concept code is publicly available.
Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.
-
Cisco would like to thank Mr. Jatin Kataria (Principal Research Scientist), Mr. Richard Housley (Research Scientist), and Dr. Ang Cui (Chief Scientist) of Red Balloon Security for reporting this vulnerability to Cisco and working toward a coordinated disclosure.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Version Description Section Status Date 1.17 Updated fix availability date for some products. Vulnerable Products Final 2019-November-20 1.16 Updated fixed version for some products. Vulnerable Products Final 2019-September-06 1.15 Updated list of vulnerable products. Vulnerable Products Final 2019-September-03 1.14 Updated list of vulnerable products. Vulnerable Products Final 2019-August-21 1.13 Updated fix availability date for some products. Vulnerable Products Final 2019-August-02 1.12 Updated fix availability date for some products. Vulnerable Products Final 2019-July-17 1.11 Updated fix availability date for some products. Vulnerable Products Final 2019-June-28 1.10 Updated list of vulnerable products. Updated fix availability date for some products. Vulnerable Products Final 2019-June-17 1.9 Updated list of vulnerable products. Updated fix availability date for some products. Changed document status to Final. Removed statements indicating the advisory will be updated (Summary and Vulnerable Products). Summary and Vulnerable Products Final 2019-June-10 1.8 Updated list of vulnerable products. Updated fix availability date for some products. Vulnerable Products Interim 2019-May-30 1.7 Updated list of vulnerable products. Updated fix availability date for some products. Added link to list of Cisco products supporting secure boot. Vulnerable Products, Details Interim 2019-May-23 1.6 Updated list of vulnerable products. Updated fix availability date for some products. Vulnerable Products Interim 2019-May-22 1.5 Updated list of vulnerable products. Updated fix availability date for some products. Vulnerable Products Interim 2019-May-20 1.4 Updated list of vulnerable products. Updated fix availability date for some products. Vulnerable Products Interim 2019-May-16 1.3 Updated list of vulnerable products. Updated fix availability date for some products. Vulnerable Products Interim 2019-May-15 1.2 Updated list of vulnerable products. Updated fix availability date for some products. Vulnerable Products Interim 2019-May-14 1.1 Updated list of vulnerable products. Added link to Datasheet for Cisco Trustworthy Technologies. Vulnerable Products, Details Interim 2019-May-13 1.0 Initial public release. — Interim 2019-May-13
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.