3605 matches found
Design/Logic Flaw
Marvell SSD Controller 88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098 devices allow reprogramming flash memory to bypass the secure boot protection...
CVE-2019-10636
Marvell SSD Controller 88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS1092, 88SS1095, 88SS9174, 88SS9175, 88SS9187, 88SS9188, 88SS9189, 88SS9190, 88SS1085, 88SS1087, 88SS1090, 88SS1100, 88SS1084, 88SS1088, & 88SS1098 devices allow reprogramming flash memory to bypass the secure boot protection...
CVE-2019-10636
CVE-2019-10636 affects Marvell SSD Controller devices (88SS10xx family) and enables reprogramming of flash memory to bypass the secure boot protection mechanism. The description lists numerous controller variants (e.g., 88SS1074/1079/1080/1093/1092/1095/9174/9175/9187/9188/9189/9190/1085/1087/109...
Cisco Firepower Threat Defense (FTD) Secure Boot Hardware Tampering Vulnerability (cisco-sa-20190513-secureboot)
According to its version, the Cisco Firepower Threat Defense FTD software installed on the remote host is affected by a vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local...
Cisco Starts Patching Firmware Bug; Millions of Devices Still Vulnerable
Cisco has issued a handful of firmware releases for a high-severity vulnerability in Cisco’s proprietary Secure Boot implementation that impacts millions of its hardware devices, across the scope of its portfolio. The patches are the first in a planned series of firmware updates that will roll ou...
Cisco Service Provider, WebEx Bugs Offer Up Remote Code Execution
Cisco is warning of critical remote code-execution RCE vulnerabilities in the Cisco Prime Infrastructure PI and Evolved Programmable Network EPN Manager, which is used by telcos, mobile carriers, cable companies and ISPs to manage their hardware infrastructure. The vendor also issued estimated...
Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input
Overview Cisco's Trust Anchor module TAm can be bypassed through manipulating the bitstream of the Field Programmable Gate Array FPGA. This component handles access control to a hardware component within Cisco's Secure Boot implementations, which affects multiple products that support this...
Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices
Cisco has disclosed an unpatched, high-severity vulnerability that impacts millions of devices, in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation. Cisco has also disclosed a similarly widely-impacting high-severity bug tha...
CVE-2019-1649
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...
CVE-2019-1649
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...
Input validation
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...
CVE-2019-1649 Cisco Secure Boot Hardware Tampering Vulnerability
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...
CVE-2019-1649 Cisco Secure Boot Hardware Tampering Vulnerability
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...
CVE-2019-1649
CVE-2019-1649 concerns Cisco’s Secure Boot Trust Anchor module (TAm). The flaw stems from an improper check in the FPGA/ Trust Anchor bitstream handling, enabling an authenticated, local attacker with OS access to write a modified firmware image to the FPGA. Consequences include potential device ...
Cisco Secure Boot Hardware Tampering Vulnerability
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...
CVE-2018-18558
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...
CVE-2018-18558
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...
Input validation
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...
CVE-2018-18558
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...
CVE-2018-18558
Affected software: Espressif ESP-IDF 2.x and 3.x before 3.0.6, and 3.1.x before 3.1.1. Root cause: Insufficient validation of input data in the 2nd stage bootloader (process_segment in components/bootloader_support/src/esp_image_format.c). Vulnerability allows a physically proximate attacker to b...