Cisco Bug: CSCvh83260 - Cisco 5000 Series ENCS and Cisco UCS E-Series Servers BIOS Authentication Bypass Vulnerability
Dec 27, 2018
- Cisco 5000 Series Enterprise Network Compute System
Known Affected Releases
Symptom: A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco UCS E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-encs-ucs-bios-auth-bypass Conditions: Please refer to the advisory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases