A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality.
The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image.
Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
The following table lists Cisco products that are affected by the vulnerability that is described in this advisory.
The table includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information and fixed releases.
If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.
| Product | Cisco Bug ID | Fixed Release Availability |
|---|---|---|
| Network and Content Security Devices | ||
| Cisco ASA 5506-X | CSCvn77246 | Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) |
| Cisco ASA 5506H-X | CSCvn77246 | Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) |
| Cisco ASA 5506W-X | CSCvn77246 | Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) |
| Cisco ASA 5508-X | CSCvn77246 | Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) |
| Cisco ASA 5516-X | CSCvn77246 | Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) |
| Cisco Firepower 2100 Series | CSCvn77248 | Cisco Firepower Threat Defense (FTD) Software 6.2.2.5 Hotfix (Available) Cisco Firepower Threat Defense (FTD) Software 6.2.3.12 Hotfix (Available) Cisco Firepower Threat Defense (FTD) Software 6.3.0.3 Hotfix (Available) Cisco Firepower Threat Defense (FTD) Software 6.2.3.13 (Available) Cisco Firepower Threat Defense (FTD) Software 6.4.0.1 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.8.4.3 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.9.2.50 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.9.2.52 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.10.1.22 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.12.2 (Available) |
| Cisco Firepower 4000 Series | CSCvn77249 | Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: (Image Names: fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available) |
| Cisco Firepower 9000 Series | CSCvn77249 | Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: (Image Names: fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available) |
| Routing and Switching - Enterprise and Service Provider | ||
| 10/40/100G MR Muxponder - Licensable for Encryption (NCS2K-MR-MXP-LIC) | CSCvn77191 | 11.1 (Jul 2019) |
| 10Gbps Optical Encryption Line Card for the Cisco NCS 2000 Series and Cisco ONS 15454 MSTP (15454-M-WSE-K9) | CSCvn77191 | 11.1 (Jul 2019) |
| ASR 903 Router & Switching Processor and Controller - 400G (A900-RSP3C-400-S) | CSCvn77169 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| ASR 907 Router & Switching Processor and Controller - 400G (A900-RSP3C-400-W) | CSCvn77169 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| CBR-8 Converged Broadband Router | CSCvn77185 | Cisco IOS XE Software Release 16.12.1w (Sep 2019) |
| Catalyst 6800 16-port 10GE with integrated DFC4 (C6800-16P10G) | CSCvn77182 | Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) |
| Catalyst 6800 32-port 10GE with dual integrated dual DFC4 (C6800-32P10G) | CSCvn77182 | Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) |
| Catalyst 6800 8-port 10GE with integrated DFC4 (C6800-8P10G) | CSCvn77182 | Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) |
| Catalyst 6800 8-port 40GE with dual integrated dual DFC4-E (C6800-8P40G) | CSCvn77182 | Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco 1-Port Gigabit Ethernet WAN Network Interface Module (NIM-1GE-CU-SFP) | CSCvn77218 | Cisco IOS XE Software Release 16.9.5 (Jan 20) Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019) |
| Cisco 1120 Connected Grid Router | CSCvn89140 | Cisco IOS Software Release 15.9(3)M (Aug 2019) Cisco IOS Software Release 15.8(3)M3 (Aug 2019) Cisco IOS Software Release 15.7(3)M5 (Sep 2019) Cisco IOS Software Release 15.6(3)M7 (Sep 2019) |
| Cisco 1240 Connected Grid Router | CSCvn89137 | Cisco IOS Software Release 15.9(3)M (Aug 2019) Cisco IOS Software Release 15.8(3)M3 (Aug 2019) Cisco IOS Software Release 15.7(3)M5 (Sep 2019) Cisco IOS Software Release 15.6(3)M7 (Sep 2019) |
| Cisco 2-Port Gigabit Ethernet WAN Network Interface Module (NIM-2GE-CU-SFP) | CSCvn77218 | Cisco IOS XE Software Release 16.9.5 (Jan 20) Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019) |
| Cisco 3000 Series Industrial Security Appliances | CSCvn89146 | Firmware release 1.0.05 (image name: isa3000-firmware-1005.SPA) (Available) |
| Cisco 4000 Series Integrated Services Router Packet 1024-Channel High-Density Voice DSP Module (SM-X-PVDM-1000) | CSCvn77212 | Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019) Cisco IOS XE Software Release 16.9.5 (Jan 20) |
| Cisco 4000 Series Integrated Services Router Packet 2048-Channel High-Density Voice DSP Module (SM-X-PVDM-2000) | CSCvn77212 | Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019) Cisco IOS XE Software Release 16.9.5 (Jan 20) |
| Cisco 4000 Series Integrated Services Router Packet 3080-Channel High-Density Voice DSP Module (SM-X-PVDM-3000) | CSCvn77212 | Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019) Cisco IOS XE Software Release 16.9.5 (Jan 20) |
| Cisco 4000 Series Integrated Services Router Packet 768-Channel High-Density Voice DSP Module (SM-X-PVDM-500) | CSCvn77212 | Cisco IOS XE Software Release 16.12.2 (Nov 2019) Cisco IOS XE Software Release 17.1.1 (Nov 2019) Cisco IOS XE Software Release 16.9.5 (Jan 20) |
| Cisco 4221 Integrated Services Router | CSCvn77153 | Utility File Name: isr4200_cpld_update_v1.1_SPA.bin (Available) |
| Cisco 4321 Integrated Services Router | CSCvn77156 | Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) |
| Cisco 4331 Integrated Services Router | CSCvn77156 | Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) |
| Cisco 4351 Integrated Services Router | CSCvn77156 | Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) |
| Cisco 4431 Integrated Services Router | CSCvn77155 | Utility File Name: isr4400_cpld_update_v1.1_SPA.bin (Available) |
| Cisco 4451-X Integrated Services Router | CSCvn77155 | Utility File Name: isr4400_cpld_update_v1.1_SPA.bin (Available) |
| Cisco 4461 Integrated Services Router | CSCvn77154 | Utility File Name: isr4400v2_cpld_update_v1.1_SPA.bin (Available) |
| Cisco 5000 Series Enterprise Network Compute System | CSCvn77150 | Release no. TBD (Aug 2019) |
| Cisco 809 Industrial Integrated Services Routers | CSCvn89138 | Cisco IOS Software Release 15.8(3)M2a (Available) Cisco IOS Software Release 15.7(3)M4b (Available) Cisco IOS Software Release 15.6(3)M6b (Available) |
| Cisco 829 Industrial Integrated Services Routers | CSCvn89143 | Cisco IOS Software Release 15.8(3)M2a (Available) Cisco IOS Software Release 15.7(3)M4b (Available) Cisco IOS Software Release 15.6(3)M6b (Available) |
| Cisco ASR 1000 Embedded Services Processor, 200G (ASR1000-ESP200) | CSCvn77159 | Release no. TBD (Dec 2019) |
| Cisco ASR 1000 Fixed Ethernet Line Card (6x10GE) (ASR1000-6TGE) | CSCvn89144 | Release no. TBD (Dec 2019) |
| Cisco ASR 1000 Fixed Ethernet Line Card, 2x10GE + 20x1GE (ASR1000-2T+20X1GE) | CSCvn89144 | Release no. TBD (Dec 2019) |
| Cisco ASR 1000 Series 100-Gbps Embedded Services Processor (ASR1000-ESP100) | CSCvn77160 | Release no. TBD (Dec 2019) |
| Cisco ASR 1000 Series Modular Interface Processor (ASR1000-MIP100) | CSCvn77158 | Release no. TBD (Dec 2019) |
| Cisco ASR 1000 Series Route Processor 3 (Cisco ASR1000-RP3) | CSCvn77167 | Release no. TBD (Dec 2019) |
| Cisco ASR 1001-HX Router | CSCvn77162 | ASR1K-fpga_prog.16.0.0.xe.bin (Available) |
| Cisco ASR 1001-X | CSCvn89145 | ASR1K-fpga_prog.16.0.0.xe.bin (Available) |
| Cisco ASR 1002-HX Router | CSCvn77166 | ASR1K-fpga_prog.16.0.0.xe.bin (Available) |
| Cisco ASR 900 Series Route Switch Processor 2 - 128G, Base Scale (A900-RSP2A-128) | CSCvn77168 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 900 Series Route Switch Processor 2 - 64G, Base Scale (A900-RSP2A-64) | CSCvn77168 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 900 Series Route Switch Processor 3 - 200G, Large Scale (A900-RSP3C-200) | CSCvn77169 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 9000 Series 16-Port 100 Gigabit Ethernet Line Card (A99-16X100GE-X-SE) | CSCvn77180 | Cisco IOS XR Software Release 7.0.1 (Jul 2019) |
| Cisco ASR 9000 Series 16-Port 100 Gigabit Ethernet Line Card (A9K-16X100GE-TR, A9K-16X100GE-CM) | CSCvn77180 | Cisco IOS XR Software Release 7.0.1 (Jul 2019) |
| Cisco ASR 9000 Series 32-Port 100 Gigabit Ethernet Line Card (A99-32X100GE-TR, A99-32X100GE-CM) | CSCvn77180 | Cisco IOS XR Software Release 7.0.1 (Jul 2019) |
| Cisco ASR 9000 Series Route Switch Processor 5 for Packet Transport (A9K-RSP5-TR) | CSCvn77175 | Cisco IOS XR Software Release 7.0.1 (Jul 2019) |
| Cisco ASR 9000 Series Route Switch Processor 5 for Service Edge (A9K-RSP5-SE) | CSCvn77175 | Cisco IOS XR Software Release 7.0.1 (Jul 2019) |
| Cisco ASR 920 Series Aggregation Services Routers 10GE and 2-10GE - Passively Cooled DC model (ASR-920-10SZ-PD), Cisco ASR920 Series - 20GE SFP, 4Cu and 4-10GE: Modular PSU (ASR-920-20SZ-M) | CSCvn77171 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 920 Series Aggregation Services Routers 12 x 1/10GE SFP, AC Model (ASR-920-12SZ-A) | CSCvn77171 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 920 Series Aggregation Services Routers 12 x 1/10GE SFP, DC Model (ASR-920-12SZ-D) | CSCvn77171 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 920 Series Aggregation Services Routers 12GE and 2-10GE - AC model (ASR-920-12CZ-A) | CSCvn77171 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 920 Series Aggregation Services Routers 12GE and 2-10GE - DC model (ASR-920-12CZ-D) | CSCvn77171 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 920 Series Aggregation Services Routers 24GE Copper and 4-10GE - Modular PSU (ASR-920-24TZ-M) | CSCvn77172 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 920 Series Aggregation Services Routers 24GE Fiber and 4-10GE - Modular PSU (ASR-920-24SZ-M) | CSCvn77172 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 920 Series Aggregation Services Routers 2GE and 4-10GE - AC model (ASR-920-4SZ-A) | CSCvn77171 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 920 Series Aggregation Services Routers 2GE and 4-10GE - DC model (ASR-920-4SZ-D) | CSCvn77171 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 920 Series Aggregation Services Routers Conformal Coated - 12GE and 4-10GE, 1 IM Slot (ASR-920-12SZ-IM-CC) | CSCvn77170 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR 9900 Route Processor 3 for Packet Transport (A99-RP3-TR) | CSCvn77175 | Cisco IOS XR Software Release 7.0.1 (Jul 2019) |
| Cisco ASR 9900 Route Processor 3 for Service Edge (A99-RP3-SE) | CSCvn77175 | Cisco IOS XR Software Release 7.0.1 (Jul 2019) |
| Cisco ASR920 Series - 12GE and 4-10GE, 1 IM slot (ASR-920-12SZ-IM) | CSCvn77170 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco ASR920 Series - 24GE and 4-10GE - Modular PSU and IM (ASR-920-24SZ-IM) | CSCvn77172 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco Catalyst 6800 16-port 10GE with Integrated DFC4-XL (C6800-16P10G-XL) | CSCvn77182 | Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco Catalyst 6800 32-port 10GE with Dual Integrated Dual DFC4-XL (C6800-32P10G-XL) | CSCvn77182 | Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco Catalyst 6800 8-port 10GE with Integrated DFC4-XL (C6800-8P10G-XL) | CSCvn77182 | Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco Catalyst 6800 8-port 40GE with Dual Integrated Dual DFC4-EXL (C6800-8P40G-XL) | CSCvn77182 | Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco Catalyst 6800 Series Supervisor Engine 6T (C6800-SUP6T) | CSCvn77181 | Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco Catalyst 6800 Series Supervisor Engine 6T XL (C6800-SUP6T-XL) | CSCvn77181 | Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco Catalyst 6816-X-Chassis (Standard Tables) (C6816-X-LE) | CSCvn77183 | Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco Catalyst 6824-X-Chassis and 2 x 40G (Standard Tables) (C6824-X-LE-40G) | CSCvn77183 | Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco Catalyst 6832-X-Chassis (Standard Tables) (C6832-X-LE) | CSCvn77183 | Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco Catalyst 6840-X-Chassis and 2 x 40G (Standard Tables) (C6840-X-LE-40G) | CSCvn77183 | Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) |
| Cisco Catalyst 9300 Series Switches | CSCvn77209 | Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) |
| Cisco Catalyst 9500 Series High-Performance Switch with 24x 1/10/25G Gigabit Ethernet + 4x 40/100G Uplink (C9500-24Y4C) | CSCvn89150 | Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) |
| Cisco Catalyst 9500 Series High-Performance Switch with 32x 100 Gigabit Ethernet (C9500-32C) | CSCvn89150 | Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) |
| Cisco Catalyst 9500 Series High-Performance Switch with 32x 40 Gigabit Ethernet (C9500-32QC) | CSCvn89150 | Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) |
| Cisco Catalyst 9500 Series High-Performance Switch with 48x 1/10/25G Gigabit Ethernet + 4x 40/100G Uplink (C9500-48Y4C) | CSCvn89150 | Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) |
| Cisco Catalyst 9500 Series Switch with 12x 40G Gigabit Ethernet (C9500-12Q) | CSCvn77220 | Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) |
| Cisco Catalyst 9500 Series Switch with 16x 1/10G Gigabit Ethernet (C9500-16X) | CSCvn77220 | Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) |
| Cisco Catalyst 9500 Series Switch with 24x 40G Gigabit Ethernet (C9500-24Q) | CSCvn77220 | Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) |
| Cisco Catalyst 9500 Series Switch with 40x 1/10G Gigabit Ethernet (C9500-40X) | CSCvn77220 | Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) |
| Cisco Catalyst 9600 Supervisor Engine-1 | CSCvn95346 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| Cisco Catalyst 9800-40 Wireless Controller | CSCvn77165 | C9800-40_fpga_prog.16.0.0.xe.bin (Available) |
| Cisco Catalyst 9800-80 Wireless Controller | CSCvn77163 | C9800-80_fpga_prog.16.0.0.xe.bin (Available) |
| Cisco IC3000 Industrial Compute Gateway | CSCvp42792 | Firmware Release 1.0.2 (image name IC3000-K9-1.0.3.SPA) (Aug 2019) |
| Cisco MDS 9000 Family 24/10 SAN Extension Module (DS-X9334-K9) | CSCvn77141 | N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) |
| Cisco NCS 200 Series 10/40/100G MR Muxponder (NCS2K-MR-MXP-K9) | CSCvn77191 | 11.1 (Jul 2019) |
| Cisco NCS 5500 12X10, 2X40 2XMPA Line Card Base (NC55-MOD-A-S) | CSCvn77202 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS 5500 Series 24 Ports of 100GE and 12 Ports of 40GE High-Scale Line Card (NC55-24H12F-SE) | CSCvn77202 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS 5500 Series 36 ports of 100GE High-Scale Line Card (NC55-36X100G-A-SE) | CSCvn77202 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS 5504 Fabric Card (NC55-5504-FC) | CSCvn77202 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS 5516 Fabric Card (NC55-5516-FC) | CSCvn77202 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis (NCS-55A2-MOD-S) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature Hardened (NCS-55A2-MOD-HD-S) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature Hardened with Conformal Coating (NCS-55A2-MOD-HX-S) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis (NCS-55A2-MOD-SE-S) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis, Temperature Hardened with Conformal Coating (NC55A2-MOD-SE-H-S) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS5501 - 40x10G and 4x100G Scale Chassis (NCS-5501-SE) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS5501 Fixed 48x10G and 6x100G Chassis (NCS-5501) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS5502 - 48x100G Scale Chassis (NCS-5502-SE) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS5502 Fixed 48x100G Chassis (NCS-5502) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS55A1 Fixed 24x100G Chassis (NCS-55A1-24H) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS55A1 Fixed 36x100G Base Chassis (NCS-55A1-36H-S) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco NCS55A1 Fixed 36x100G Scale Chassis (NCS-55A1-36H-SE-S) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco Network Convergence System 1001 | CSCvp88427 | Cisco IOS XR Software Release 7.0.1 (Jul 2019) |
| Cisco Network Convergence System 1002 | CSCvn77219 | Cisco IOS XR Software Release 7.0.1 (Jul 2019) |
| Cisco Network Convergence System 5001 | CSCvn77207 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco Network Convergence System 5002 | CSCvn77205 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco Network Convergence System 540 (N540-ACC-SYS, N540-24Z8Q2C-M, N540-24Z8Q2C-SYS) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco Network Convergence System 540 Conformal Coated (N540X-ACC-SYS) | CSCvn77201 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco Network Convergence System 5500 Series: 1.2-Tbps IPoDWDM Modular Line Card (NC55-6X200-DWDM-S) | CSCvn77202 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco Network Convergence System 5500 Series: 36X100G MACsec Modular Line Cards (NC55-36X100G-S) | CSCvn77202 | Cisco IOS XR Software Release 7.1.1 (Nov 2019) |
| Cisco Nexus 31108PC-V, 48 SFP+ and 6 QSFP28 ports (N3K-C31108PC-V) | CSCvn77245 | Cisco NX-OS Software Release 9.3(1) (Aug 2019) |
| Cisco Nexus 31108TC-V, 48 10Gbase-T RJ-45 and 6 QSFP28 ports (N3K-C31108TC-V) | CSCvn77245 | Cisco NX-OS Software Release 9.3(1) (Aug 2019) |
| Cisco Nexus 3132C-Z Switches (N3K-C3132C-Z) | CSCvn77245 | Cisco NX-OS Software Release 9.3(1) (Aug 2019) |
| Cisco Nexus 3264C-E Switches (N3K-C3264C-E) | CSCvn77245 | Cisco NX-OS Software Release 9.3(1) (Aug 2019) |
| Cisco Nexus 7000 M3-Series 48-Port 1/10G Ethernet Module (N7K-M348XP-25L) | CSCvn77141 | N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) |
| Cisco Nexus 7700 F4-Series 30-Port 100G Ethernet Module (N77-F430CQ-36) | CSCvn77141 | N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) |
| Cisco Nexus 7700 M3-Series 12-Port 100G Ethernet Module (N77-M312CQ-26L) | CSCvn77141 | N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) |
| Cisco Nexus 7700 M3-Series 24-Port 40G Ethernet Module (N7K-M324FQ-25L) | CSCvn77141 | N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) |
| Cisco Nexus 7700 M3-Series 48-Port 1/10G Ethernet Module (N77-M348XP-23L) | CSCvn77141 | N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) |
| Cisco Nexus 7700 Supervisor 3 (N77-SUP3E) | CSCvn77141 | N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) |
| Cisco Nexus 9200 with 36p 40G 100G QSFP28 (N9K-C9236C) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9200 with 48p 1/10G/25G SFP+ and 6p 40G QSFP or 4p 100G QSFP28 (N9K-C92160YC-X) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9200 with 48p 10/25 Gbps and 18p 100G QSFP28 (N9K-C92300YC) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9200 with 56p 40G QSFP+ and 8p 100G QSFP28 (N9K-C92304QC) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9200 with 72p 40G QSFP+ (N9K-C9272Q) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9300 with 48p 1/10G/25G SFP and 6p 40G/100G QSFP28, MACsec, and Unified Ports Capable (N9K-C93180YC-FX) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9300 with 48p 100M/1G BASE-T, 4p 10/25G SFP28 and 2p 40G/100G QSFP28 (N9K-C9348GC-FXP) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9300 with 48p 10G BASE-T and 6p 40G/100G QSFP28, MACsec Capable (N9K-C93108TC-FX) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9332C Spine Switch with 32p 40/100G QSFP28, 2p 1/10G SFP (N9K-C9332C) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9364C Spine Switch with 64p 40/100G QSFP28, 2p 1/10G SFP (N9K-C9364C) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9500 4-Core/4-Thread Supervisor (N9K-SUP-A) | CSCvn77142 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9500 6-Core/12-Thread Supervisor (N9K-SUP-B) | CSCvn77142 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9K Fixed with 32p 40G/100G QSFP28 (N9K-C9232C) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9K Fixed with 36p 40G/100G QSFP28 (N9K-C9336C-FX2) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9K Fixed with 48p 1/10G/25G SFP and 12p 40G/100G QSFP28 (N9K-C93240YC-FX2) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9K Fixed with 48p 1/10G/25G SFP and 6p 40G/100G QSFP28 (N9K-C93180YC-EX) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9K Fixed with 48p 10G BASE-T and 6p 40G/100G QSFP28 (N9K-C93108TC-EX) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Nexus 9K Fixed with up to 32p 40/50G QSFP+ or up to 18p 100G QSFP28 (N9K-C93180LC-EX) | CSCvn77143 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Cisco Packet-over-T3/E3 Service Module (SM-X-1T3/E3) | CSCvn77147 | Release no. TBD (Oct 2019) |
| Cisco cBR-8 Integrated CCAP 40G Remote PHY Line Card (CBR-CCAP-LC-40G-R) | CSCvn77184 | Cisco IOS XE Software Release 16.12.1 (Jul 2019) |
| MDS 9700 48-Port 32-Gbps Fibre Channel Switching Module (DS-X9648-1536K9) | CSCvn77141 | N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) |
| Supervisor A+ for Nexus 9500 (N9K-SUP-A+) | CSCvn77142 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Supervisor B+ for Nexus 9500 (N9K-SUP-B+) | CSCvn77142 | NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019) ACI: Switch Software Release 4.2(1) (Aug 2019) |
| Voice and Unified Communications Devices | ||
| Analog Voice Network Interface Modules for Cisco 4000 Series ISRs (NIM-2FXO, NIM-4FXO, NIM-2FXS, NIM-4FXS, NIM-2FXS/4FXO, NIM-2FXSP, NIM-4FXSP, NIM-2FXS/4FXOP, NIM-4E/M, NIM-2BRI-NT/TE, NIM-4BRI-NT/TE) | CSCvn77151 | Release no. TBD (Sep 2019) |
| Cisco 4000 Series Integrated Services Router T1/E1 Voice and WAN Network Interface Modules (NIM-1MFT-T1/E1, NIM-2MFT-T1/E1, NIM-4MFT-T1/E1, NIM-8MFT-T1/E1, NIM-1CE1T1-PRI, NIM-2CE1T1-PRI, NIM-8CE1T1-PRI) | CSCvn77152 | Release no. TBD (Sep 2019) |
Cisco has investigated all Cisco products that support hardware-based Secure Boot functionality to verify that they are enforcing the appropriate access control checks.
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
No other Cisco products that support hardware-based Secure Boot functionality are vulnerable.
An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability:
Cisco is in the process of developing and releasing software fixes for all affected platforms. In most cases, the fix will require an on-premise reprogramming of a low-level hardware component that is required for normal device operation. A failure during this reprogramming process may cause the device to become unusable and require a hardware replacement. Customers are advised to consult the Release Note Enclosure for the Cisco bug relevant to their platform for the following information:
The product release notes that are published with each platform-specific fixed software release will include more detailed information about items 2 and 3 in the preceding list. The product release notes should be considered the most up-to-date source of information about these items.
For details about Secure Boot and related Trustworthy Technologies, please refer to the Trustworthy Technologies Datasheet. A list of all Cisco products supporting secure boot technology can be found at the following link: https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-boot-product-list.pdf
There are no workarounds that address this vulnerability.
Cisco Guide to Harden Cisco IOS Devices provides information about how to harden the device and secure management access. Implementing the recommendations in this document would reduce the attack surface for this vulnerability.
For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products section of this advisory.
Cisco will release free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
This vulnerability was publicly disclosed by Red Balloon Security on May 13, 2019.
The Cisco Product Security Incident Response Team (PSIRT) is aware of the existence of proof-of-concept code that demonstrates this vulnerability on the Cisco ASR 1001-X. There are no indications at this time that this proof-of-concept code is publicly available.
Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.
Cisco would like to thank Mr. Jatin Kataria (Principal Research Scientist), Mr. Richard Housley (Research Scientist), and Dr. Ang Cui (Chief Scientist) of Red Balloon Security for reporting this vulnerability to Cisco and working toward a coordinated disclosure.
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
| Version | Description | Section | Status | Date |
|---|---|---|---|---|
| 1.17 | Updated fix availability date for some products. | Vulnerable Products | Final | 2019-November-20 |
| 1.16 | Updated fixed version for some products. | Vulnerable Products | Final | 2019-September-06 |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
Vulmon