CVE-2018-0362

Name of the Vulnerable Software and Affected Versions Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers (affected versions not specified)

Description A security issue in BIOS authentication management could allow an unauthenticated, local attacker to bypass BIOS authentication and execute actions as an unprivileged user. This is due to improper security restrictions imposed by the affected system. An attacker could exploit this by submitting an empty password value to the BIOS authentication prompt, potentially gaining access to a restricted set of user-level BIOS commands.

Recommendations For Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers, as a temporary workaround, consider restricting access to the BIOS authentication prompt until a patch is available. Avoid submitting empty password values to the BIOS authentication prompt to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.