Loading...
Loading...
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. This advisory will be updated as additional information becomes available. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
Please refer to the Security Advisory.
Please refer to the Security Advisory.
Because this upgrade modifies low-level system software, there is the possibility that the device could become unusable due to a failed upgrade. The following are some of the reasons that could lead to a failed upgrade and result in an unusable device: 1. Power loss when performing FPGA upgrade. 2. Unexpected system crash during upgrade. Fix Delivery Mechanism: The fixes for this vulnerability will be delivered in the following way: Stand-alone FPGA update utility Remediation Steps: The following steps can be performed on an affected device to deploy this software update: 1. Download standalone utility from CCO onto bootflash. 2. From ROMMON prompt, boot standalone utility. 3. Do not power cycle the platform. 4. At the end of the update, platform will power-cycle or reset as needed. 5. Use ROMMON 'showmon -v' or IOS 'show platform' to display the CPLD version. Example: rommon 1 > b bootflash:isr4400_cpld_update_v1.1_SPA.bin Located isr4400_cpld_update_v1.1_SPA.bin ######################################## Cisco ISR4400 CPLD Programming Utility ****************************************** ** ** ** DO NOT TURN OFF THE POWER OR ** ** RESET THE BOX DURING THE UPGRADE ** ** ** ****************************************** Detected platform: ISR4451 CPLD version: 16092942 The CPLD is unlocked. Erasing CPLD image ... |.......|.......|.......|.......|.......|.......|.......|.......| ################################################################ Programming CPLD image ... |.......|.......|.......|.......|.......|.......|.......|.......| ################################################################ Verifying CPLD image ... |.......|.......|.......|.......|.......|.......|.......|.......| ################################################################ CPLD image verified correctly !! *** DONE *** Power cycling the platform ... Additional information about how to perform this upgrade may be available in the product release notes that accompany the first fixed software release. Contact your support organization for guidance if additional information is required. How to Determine Whether the Device Is Running an Affected or Fixed Firmware Release: The following steps can be performed on an affected device to determine whether the device has been remediated or whether it still requires remediation: Within IOS, execute "show platform" at the CLI prompt. Confirm the CPLD Version is at least 19042950. Example: Router#show platform Chassis type: ISR4451-X/K9 Slot Type State Insert time (ago) --------- ------------------- --------------------- ----------------- 0 ISR4451-X/K9 ok 00:32:04 0/0 ISR4451-X-4x1GE ok 00:30:59 1 ISR4451-X/K9 ok 00:32:04 2 ISR4451-X/K9 ok 00:32:04 R0 ISR4451-X/K9 ok, active 00:32:04 F0 ISR4451-X/K9 ok, active 00:32:04 P0 PWR-4450-AC ok 00:31:50 P2 ACS-4450-FANASSY ok 00:31:50 Slot CPLD Version Firmware Version --------- ------------------- --------------------------------------- 0 19042950 16.7(4r) 1 19042950 16.7(4r) 2 19042950 16.7(4r) R0 19042950 16.7(4r) F0 19042950 16.7(4r) PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 6.7: https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE ID CVE-2019-1649 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.