Lucene search
K

3605 matches found

Prion
Prion
added 2019/06/04 9:29 p.m.20 views

Design/Logic Flaw

Marvell SSD Controller 88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098 devices allow reprogramming flash memory to bypass the secure boot protection...

4.9CVSS5AI score0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/06/04 8:42 p.m.20 views

CVE-2019-10636

Marvell SSD Controller 88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098 devices allow reprogramming flash memory to bypass the secure boot protection...

5.6AI score0.00349EPSS
Exploits0References1
CVE
CVE
added 2019/06/04 8:42 p.m.303 views

CVE-2019-10636

CVE-2019-10636 affects Marvell SSD Controller devices (88SS10xx family) and enables reprogramming of flash memory to bypass the secure boot protection mechanism. The description lists numerous controller variants (e.g., 88SS1074/1079/1080/1093/1092/1095/9174/9175/9187/9188/9189/9190/1085/1087/109...

4.9CVSS5.2AI score0.00349EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/05/23 12:0 a.m.40 views

Cisco Firepower Threat Defense (FTD) Secure Boot Hardware Tampering Vulnerability (cisco-sa-20190513-secureboot)

According to its version, the Cisco Firepower Threat Defense FTD software installed on the remote host is affected by a vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local...

7.2CVSS7.3AI score0.00611EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2019/05/21 4:1 p.m.113 views

Cisco Starts Patching Firmware Bug; Millions of Devices Still Vulnerable

Cisco has issued a handful of firmware releases for a high-severity vulnerability in Cisco’s proprietary Secure Boot implementation that impacts millions of its hardware devices, across the scope of its portfolio. The patches are the first in a planned series of firmware updates that will roll ou...

7.2CVSS0.2AI score0.00611EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2019/05/16 1:53 p.m.147 views

Cisco Service Provider, WebEx Bugs Offer Up Remote Code Execution

Cisco is warning of critical remote code-execution RCE vulnerabilities in the Cisco Prime Infrastructure PI and Evolved Programmable Network EPN Manager, which is used by telcos, mobile carriers, cable companies and ISPs to manage their hardware infrastructure. The vendor also issued estimated...

10CVSS0.8AI score0.98092EPSS
Exploits16References9
CERT
CERT
added 2019/05/14 12:0 a.m.111 views

Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input

Overview Cisco's Trust Anchor module TAm can be bypassed through manipulating the bitstream of the Field Programmable Gate Array FPGA. This component handles access control to a hardware component within Cisco's Secure Boot implementations, which affects multiple products that support this...

9CVSS7.5AI score0.05516EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2019/05/13 10:17 p.m.166 views

Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices

Cisco has disclosed an unpatched, high-severity vulnerability that impacts millions of devices, in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation. Cisco has also disclosed a similarly widely-impacting high-severity bug tha...

9CVSS0.4AI score0.05516EPSS
Exploits0References6
NVD
NVD
added 2019/05/13 7:29 p.m.29 views

CVE-2019-1649

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...

7.2CVSS6.3AI score0.00611EPSS
Exploits0References4
OSV
OSV
added 2019/05/13 7:29 p.m.2 views

CVE-2019-1649

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...

6.7CVSS7AI score0.00611EPSS
Exploits0References4
Prion
Prion
added 2019/05/13 7:29 p.m.19 views

Input validation

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...

7.2CVSS6.5AI score0.00611EPSS
Exploits0References4Affected Software17
Cvelist
Cvelist
added 2019/05/13 7:10 p.m.35 views

CVE-2019-1649 Cisco Secure Boot Hardware Tampering Vulnerability

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...

6.7CVSS6.3AI score0.00611EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2019/05/13 7:10 p.m.21 views

CVE-2019-1649 Cisco Secure Boot Hardware Tampering Vulnerability

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...

6.7CVSS6.7AI score0.00611EPSS
Exploits0References4
CVE
CVE
added 2019/05/13 7:10 p.m.141 views

CVE-2019-1649

CVE-2019-1649 concerns Cisco’s Secure Boot Trust Anchor module (TAm). The flaw stems from an improper check in the FPGA/ Trust Anchor bitstream handling, enabling an authenticated, local attacker with OS access to write a modified firmware image to the FPGA. Consequences include potential device ...

7.2CVSS6.4AI score0.00611EPSS
Exploits0References4Affected Software1
Cisco
Cisco
added 2019/05/13 5:30 p.m.411 views

Cisco Secure Boot Hardware Tampering Vulnerability

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...

6.7CVSS1.4AI score0.00611EPSS
Exploits0References1
NVD
NVD
added 2019/05/13 1:29 p.m.20 views

CVE-2018-18558

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...

6.9CVSS6.7AI score0.0039EPSS
Exploits0References2
OSV
OSV
added 2019/05/13 1:29 p.m.11 views

CVE-2018-18558

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...

6.4CVSS7.4AI score
Exploits0References2
Prion
Prion
added 2019/05/13 1:29 p.m.14 views

Input validation

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...

6.9CVSS6.7AI score0.0039EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/05/13 12:49 p.m.23 views

CVE-2018-18558

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...

6.7AI score0.0039EPSS
Exploits0References2
CVE
CVE
added 2019/05/13 12:49 p.m.43 views

CVE-2018-18558

Affected software: Espressif ESP-IDF 2.x and 3.x before 3.0.6, and 3.1.x before 3.1.1. Root cause: Insufficient validation of input data in the 2nd stage bootloader (process_segment in components/bootloader_support/src/esp_image_format.c). Vulnerability allows a physically proximate attacker to b...

6.9CVSS6.7AI score0.0039EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder