Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2018-0362
HistoryJun 21, 2018 - 11:29 a.m.

CVE-2018-0362

2018-06-2111:29:00
CWE-287
cisco
web.nvd.nist.gov
31
vulnerability
bios
authentication management
cisco
5000 series
enterprise network
compute system
unified computing
ucs
e-series servers
local attacker
security restrictions
exploit
cisco bug ids
cscvh83260.

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device’s BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. Cisco Bug IDs: CSCvh83260.

Affected configurations

Nvd
Node
cisco5400_enterprise_network_compute_system_firmwareMatch3.2\(3\)
AND
cisco5400_enterprise_network_compute_systemMatch-
Node
cisco5100_enterprise_network_compute_system_firmwareMatch3.2\(3\)
AND
cisco5100_enterprise_network_compute_systemMatch-
Node
ciscoucs-e160s-m3_firmwareMatch3.2\(3\)
AND
ciscoucs-e160s-m3Match-
Node
ciscoucs-e160s-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e160s-k9Match-
Node
ciscoucs-e180d-m3_firmwareMatch3.2\(3\)
AND
ciscoucs-e180d-m3Match-
Node
ciscoucs-e180d-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e180d-k9Match-
Node
ciscoucs-e1120d-m3_firmwareMatch3.2\(3\)
AND
ciscoucs-e1120d-m3Match-
Node
ciscoucs-e1120d-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e1120d-k9Match-
Node
ciscoucs-e140s-m2_firmwareMatch3.2\(3\)
AND
ciscoucs-e140s-m2Match-
Node
ciscoucs-e140s-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e140s-k9Match-
Node
ciscoucs-e160d-m2_firmwareMatch3.2\(3\)
AND
ciscoucs-e160d-m2Match-
Node
ciscoucs-e160d-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e160d-k9Match-
Node
ciscoucs-e180d-m2_firmwareMatch3.2\(3\)
AND
ciscoucs-e180d-m2Match-
Node
ciscoucs-e180d-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e180d-k9Match-
Node
ciscoucs-e140s-m1_firmwareMatch3.2\(3\)
AND
ciscoucs-e140s-m1Match-
Node
ciscoucs-e140s-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e140s-k9Match-
Node
ciscoucs-e160d-m1_firmwareMatch3.2\(3\)
AND
ciscoucs-e160d-m1Match-
Node
ciscoucs-e160d-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e160d-k9Match-
Node
ciscoucs-e160dp-m1_firmwareMatch3.2\(3\)
AND
ciscoucs-e160dp-m1Match-
Node
ciscoucs-e160dp-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e160dp-k9Match-
Node
ciscoucs-e140d-m1_firmwareMatch3.2\(3\)
AND
ciscoucs-e140d-m1Match-
Node
ciscoucs-e140d-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e140d-k9Match-
Node
ciscoucs-e140dp-m1_firmwareMatch3.2\(3\)
AND
ciscoucs-e140dp-m1Match-
Node
ciscoucs-e140dp-k9_firmwareMatch3.2\(3\)
AND
ciscoucs-e140dp-k9Match-
VendorProductVersionCPE
cisco5400_enterprise_network_compute_system_firmware3.2(3)cpe:2.3:o:cisco:5400_enterprise_network_compute_system_firmware:3.2\(3\):*:*:*:*:*:*:*
cisco5400_enterprise_network_compute_system-cpe:2.3:h:cisco:5400_enterprise_network_compute_system:-:*:*:*:*:*:*:*
cisco5100_enterprise_network_compute_system_firmware3.2(3)cpe:2.3:o:cisco:5100_enterprise_network_compute_system_firmware:3.2\(3\):*:*:*:*:*:*:*
cisco5100_enterprise_network_compute_system-cpe:2.3:h:cisco:5100_enterprise_network_compute_system:-:*:*:*:*:*:*:*
ciscoucs-e160s-m3_firmware3.2(3)cpe:2.3:o:cisco:ucs-e160s-m3_firmware:3.2\(3\):*:*:*:*:*:*:*
ciscoucs-e160s-m3-cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*
ciscoucs-e160s-k9_firmware3.2(3)cpe:2.3:o:cisco:ucs-e160s-k9_firmware:3.2\(3\):*:*:*:*:*:*:*
ciscoucs-e160s-k9-cpe:2.3:h:cisco:ucs-e160s-k9:-:*:*:*:*:*:*:*
ciscoucs-e180d-m3_firmware3.2(3)cpe:2.3:o:cisco:ucs-e180d-m3_firmware:3.2\(3\):*:*:*:*:*:*:*
ciscoucs-e180d-m3-cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 421

CNA Affected

[
  {
    "product": "Cisco 5000 Series Enterprise Network Compute System and Cisco UCS E-Series Servers unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco 5000 Series Enterprise Network Compute System and Cisco UCS E-Series Servers unknown"
      }
    ]
  }
]

Related

cisco 1
nvd 1
prion 1
cvelist 1
cisco
cisco
Cisco 5000 Series Enterprise Network Compute System and Cisco UCS E-Series Servers BIOS Authentication Bypass Vulnerability
2018-06-20 16:00:00
nvd
nvd
CVE-2018-0362
2018-06-21 11:29:00
prion
prion
Input validation
2018-06-21 11:29:00
cvelist
cvelist
CVE-2018-0362
2018-06-21 11:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON
Related for CVE-2018-0362
cisco1nvd1prion1cvelist1