CVE-2018-0362

Published Jun 21, 2018
Last updated 3 days ago
CVSS medium 4.3
Overview

Description: A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. Cisco Bug IDs: CSCvh83260.
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 4.3
Impact score: 3.4
Exploitability score: 0.9
Vector string: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

ykramarz@cisco.com: CWE-287
nvd@nist.gov: CWE-287
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:5400_enterprise_network_compute_system_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78D8F2EF-72D1-4EAF-80E2-E402A1AC20BA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:5400_enterprise_network_compute_system:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B9A84EA-C754-4747-B531-DA9305336059"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:5100_enterprise_network_compute_system_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFD2E2E2-20B7-473A-956A-6025E4D43703"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:5100_enterprise_network_compute_system:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "45FCDA4B-6342-4D89-9DC9-DC255E1C22F0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e160s-m3_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96389397-05B7-4776-ACE3-756329A2B531"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0E6AAD9-824C-4126-8347-2FF1895E6D33"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e160s-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C997EA59-D41F-4235-A9C1-CDDE45A157BC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e160s-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "48ABFFCA-D59F-4047-A705-69E2BEA24682"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e180d-m3_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E65CEE67-E49C-4389-8E7D-D586F932D8F8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "155D990F-C7DA-48DD-92CC-18542DBBE572"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e180d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "442DC7B1-D775-406C-9590-EEE720A46B6F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e180d-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E54C89D-EDCE-4230-8137-6E3251EC2C25"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e1120d-m3_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E83F9278-45C0-45BE-885F-5C119EE15548"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DF77273F-73C0-40EB-BB4E-75269D46F074"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e1120d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D01EE87-CDCA-4611-8EB4-B96C64CB2A8A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e1120d-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1EE910FC-EE78-4644-BAEC-3B032F1BFE59"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e140s-m2_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB405260-8AD1-43F3-B7A9-EF01A1EC98B7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "757958F5-F58C-4128-B128-D989A56ACA34"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e140s-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "039A0DD4-809A-4232-B49C-95896F49E615"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e140s-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AEB88308-08AF-422E-A017-5F1E863B6D40"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e160d-m2_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8186F230-EEA9-44A2-8F7E-F0E04E719F2B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e160d-m2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F62D6B73-1AB7-4B93-A92E-275E78DF114C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e160d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EEF20D7-5576-4D88-A955-AF1AF39526CD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e160d-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D4750CE6-95E5-4B02-9298-1EE2CC6EED19"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e180d-m2_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A08710B2-D68F-461F-A213-5CD6934B97AF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e180d-m2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BB3E47EB-9C60-4A06-956A-46B5D2E46239"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e180d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "442DC7B1-D775-406C-9590-EEE720A46B6F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e180d-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E54C89D-EDCE-4230-8137-6E3251EC2C25"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e140s-m1_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D563987D-817C-4B7A-B4A5-2AA63B9F2826"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e140s-m1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "94805A53-CCA0-4737-939F-1157F557770C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e140s-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "039A0DD4-809A-4232-B49C-95896F49E615"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e140s-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AEB88308-08AF-422E-A017-5F1E863B6D40"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e160d-m1_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4364B25-E06D-4AD9-B1D9-4807E57D90AD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e160d-m1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE24966C-324C-4BE4-8FED-013022D4A266"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e160d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EEF20D7-5576-4D88-A955-AF1AF39526CD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e160d-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D4750CE6-95E5-4B02-9298-1EE2CC6EED19"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e160dp-m1_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81BF3D7E-BD4A-4CBA-937B-10BD6A0A3DA7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e160dp-m1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "67C1D42D-CEFF-4B66-B211-DAEA94D21F6D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e160dp-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20751952-1303-4F12-B3A1-5242C146FB17"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e160dp-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0C151037-78CD-4DB6-8464-CC0ECEDEA7EC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e140d-m1_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7578213A-0188-430A-9B19-BCD30CFC36CD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e140d-m1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2C2A29F1-8B9A-4AE8-A6A2-6B57B16432A7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e140d-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FF9AA8D-9852-4F89-AF64-093ABB3FCF26"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e140d-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8EDF27D-C317-4AF7-8C8F-7419CE32086D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e140dp-m1_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29EA43FF-FD76-4CC4-8808-7FB7A82A7AC8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e140dp-m1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1C159CA7-EF70-4B58-88C2-0F95BF30DD69"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ucs-e140dp-k9_firmware:3.2\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F42D1A2-5A59-4880-84EF-0D2EA57E31F0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:ucs-e140dp-k9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D9837671-C0BF-4FF2-8904-B376CE38E4E6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
