Guest

Preview Tool

Cisco Bug: CSCvh83260 - Cisco 5000 Series ENCS and Cisco UCS E-Series Servers BIOS Authentication Bypass Vulnerability

Last Modified

Dec 27, 2018

Products (1)

  • Cisco 5000 Series Enterprise Network Compute System

Known Affected Releases

3.2(3)

Description (partial)

Symptom:
A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco UCS E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user.

The vulnerability is due to improper security restrictions that are imposed by the affected system. 
An attacker could exploit this vulnerability by submitting an empty password value to an affected 
device's BIOS authentication prompt. An exploit could allow the attacker to have access to a 
restricted set of user-level BIOS commands.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-encs-ucs-bios-auth-bypass

Conditions:
Please refer to the advisory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.