CVE-2019-1880

Name of the Vulnerable Software and Affected Versions Cisco Unified Computing System (UCS) C-Series Rack Servers (affected versions not specified)

Description A vulnerability in the BIOS upgrade utility could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The issue is due to insufficient validation of the firmware image file. An attacker could exploit this by executing the BIOS upgrade utility with specific options, potentially bypassing the firmware signature-verification process and installing compromised BIOS firmware.

Recommendations For Cisco Unified Computing System (UCS) C-Series Rack Servers, consider restricting access to the BIOS upgrade utility until a fix is available. As a temporary workaround, avoid using the BIOS upgrade utility with unverified firmware image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.