{"id": "CVE-2018-0362", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.9}]}, "published": "2018-06-21T11:29:00.977", "references": [{"url": "http://www.securitytracker.com/id/1041173", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-encs-ucs-bios-auth-bypass", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. Cisco Bug IDs: CSCvh83260."}, {"lang": "es", "value": "Una vulnerabilidad en la gesti\u00f3n de la autenticaci\u00f3n de la BIOS en Cisco 5000 Series Enterprise Network Compute System y Cisco Unified Computing (UCS) E-Series Servers podr\u00eda permitir que un atacante local no autenticado omita la autenticaci\u00f3n de la BIOS y ejecute acciones como usuario no privilegiado. La vulnerabilidad se debe a las restricciones de seguridad indebidas impuestas por el sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un valor de contrase\u00f1a vac\u00edo a la petici\u00f3n de autenticaci\u00f3n de la BIOS de un dispositivo afectado. Su explotaci\u00f3n podr\u00eda permitir que el atacante tenga acceso a un conjunto restringido de comandos de la BIOS de nivel de usuario. Cisco Bug IDs: CSCvh83260."}], "lastModified": "2019-10-09T23:31:52.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:5400_enterprise_network_compute_system_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78D8F2EF-72D1-4EAF-80E2-E402A1AC20BA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:5400_enterprise_network_compute_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B9A84EA-C754-4747-B531-DA9305336059"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:5100_enterprise_network_compute_system_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD2E2E2-20B7-473A-956A-6025E4D43703"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:5100_enterprise_network_compute_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "45FCDA4B-6342-4D89-9DC9-DC255E1C22F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e160s-m3_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96389397-05B7-4776-ACE3-756329A2B531"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0E6AAD9-824C-4126-8347-2FF1895E6D33"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e160s-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C997EA59-D41F-4235-A9C1-CDDE45A157BC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e160s-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "48ABFFCA-D59F-4047-A705-69E2BEA24682"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e180d-m3_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E65CEE67-E49C-4389-8E7D-D586F932D8F8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155D990F-C7DA-48DD-92CC-18542DBBE572"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e180d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "442DC7B1-D775-406C-9590-EEE720A46B6F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e180d-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E54C89D-EDCE-4230-8137-6E3251EC2C25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e1120d-m3_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E83F9278-45C0-45BE-885F-5C119EE15548"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DF77273F-73C0-40EB-BB4E-75269D46F074"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e1120d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D01EE87-CDCA-4611-8EB4-B96C64CB2A8A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e1120d-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1EE910FC-EE78-4644-BAEC-3B032F1BFE59"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e140s-m2_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB405260-8AD1-43F3-B7A9-EF01A1EC98B7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "757958F5-F58C-4128-B128-D989A56ACA34"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e140s-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "039A0DD4-809A-4232-B49C-95896F49E615"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e140s-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEB88308-08AF-422E-A017-5F1E863B6D40"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e160d-m2_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8186F230-EEA9-44A2-8F7E-F0E04E719F2B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F62D6B73-1AB7-4B93-A92E-275E78DF114C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e160d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EEF20D7-5576-4D88-A955-AF1AF39526CD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e160d-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4750CE6-95E5-4B02-9298-1EE2CC6EED19"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e180d-m2_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A08710B2-D68F-461F-A213-5CD6934B97AF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e180d-m2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB3E47EB-9C60-4A06-956A-46B5D2E46239"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e180d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "442DC7B1-D775-406C-9590-EEE720A46B6F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e180d-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E54C89D-EDCE-4230-8137-6E3251EC2C25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e140s-m1_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D563987D-817C-4B7A-B4A5-2AA63B9F2826"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e140s-m1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "94805A53-CCA0-4737-939F-1157F557770C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e140s-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "039A0DD4-809A-4232-B49C-95896F49E615"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e140s-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEB88308-08AF-422E-A017-5F1E863B6D40"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e160d-m1_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4364B25-E06D-4AD9-B1D9-4807E57D90AD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e160d-m1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE24966C-324C-4BE4-8FED-013022D4A266"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e160d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EEF20D7-5576-4D88-A955-AF1AF39526CD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e160d-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4750CE6-95E5-4B02-9298-1EE2CC6EED19"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e160dp-m1_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81BF3D7E-BD4A-4CBA-937B-10BD6A0A3DA7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e160dp-m1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67C1D42D-CEFF-4B66-B211-DAEA94D21F6D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e160dp-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20751952-1303-4F12-B3A1-5242C146FB17"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e160dp-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C151037-78CD-4DB6-8464-CC0ECEDEA7EC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e140d-m1_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7578213A-0188-430A-9B19-BCD30CFC36CD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e140d-m1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2C2A29F1-8B9A-4AE8-A6A2-6B57B16432A7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e140d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FF9AA8D-9852-4F89-AF64-093ABB3FCF26"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e140d-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8EDF27D-C317-4AF7-8C8F-7419CE32086D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e140dp-m1_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29EA43FF-FD76-4CC4-8808-7FB7A82A7AC8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e140dp-m1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C159CA7-EF70-4B58-88C2-0F95BF30DD69"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ucs-e140dp-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F42D1A2-5A59-4880-84EF-0D2EA57E31F0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs-e140dp-k9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D9837671-C0BF-4FF2-8904-B376CE38E4E6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}
