Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1680.16 Cisco Secure Boot Hardware Tampering Vulnerability 9 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Secure Boot Publisher: Cisco Systems Operating System: Cisco Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-1649 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot Revision History: September 9 2019: Updated fixed version for some products. September 4 2019: Updated list of vulnerable products August 22 2019: Updated to revision 1.14 August 5 2019: Updated fix availability date for some products July 18 2019: Updated fix availability date for some products July 1 2019: Updated fix availability date for some products June 18 2019: added 2019-June-17 update June 11 2019: Updated list of vulnerable products. Updated fix availability date for some products. Changed document status to Final. Removed statements indicating the advisory will be updated (Summary and Vulnerable Products). May 31 2019: Updated vulnerable products May 24 2019: Updated to v1.7 May 23 2019: Updated list of vulnerable products. Updated fix availability date for some products. May 21 2019: Updated list of vulnerable products. Updated fix availability date for some products. May 17 2019: Updated list of vulnerable products. Updated fix availability date for some products. May 16 2019: Updated list of vulnerable products. Updated fix availability date for some products. May 15 2019: Updated list of vulnerable products. Updated fix availability date for some products. May 14 2019: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Secure Boot Hardware Tampering Vulnerability Priority: High Advisory ID: cisco-sa-20190513-secureboot First Published: 2019 May 13 17:30 GMT Last Updated: 2019 September 6 20:26 GMT Version 1.16: Final Workarounds: No workarounds availableCisco Bug IDs: CSCvn77141 CSCvn77142 CSCvn77143 CSCvn77147CSCvn77150 CSCvn77151 CSCvn77152 CSCvn77153CSCvn77154 CSCvn77155 CSCvn77156 CSCvn77158CSCvn77159 CSCvn77160 CSCvn77162 CSCvn77166CSCvn77167 CSCvn77168 CSCvn77169 CSCvn77170CSCvn77171 CSCvn77172 CSCvn77175 CSCvn77180CSCvn77181 CSCvn77182 CSCvn77183 CSCvn77184CSCvn77185 CSCvn77191 CSCvn77201 CSCvn77202CSCvn77205 CSCvn77207 CSCvn77209 CSCvn77212CSCvn77219 CSCvn77220 CSCvn77245 CSCvn77246CSCvn77248 CSCvn77249 CSCvn89137 CSCvn89138CSCvn89140 CSCvn89143 CSCvn89144 CSCvn89145CSCvn89146 CSCvn89150 CSCvp42792 CVE-2019-1649 CWE-284 CVSS Score: 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190513-secureboot Affected Products o Vulnerable Products The following table lists Cisco products that are affected by the vulnerability that is described in this advisory. The table includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information and fixed releases. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details. Product Cisco Bug Fixed Release Availability ID Network and Content Security Devices Cisco ASA 5506-X CSCvn77246 Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5506H-X CSCvn77246 Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5506W-X CSCvn77246 Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5508-X CSCvn77246 Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5516-X CSCvn77246 Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco Firepower Threat Defense (FTD) Software 6.2.2.5 Hotfix (Available) Cisco Firepower Threat Defense (FTD) Software 6.2.3.12 Hotfix (Available) Cisco Firepower Threat Defense (FTD) Software 6.3.0.3 Hotfix (Available) Cisco Firepower Threat Defense (FTD) Software 6.2.3.13 (Available) Cisco Firepower Threat Defense (FTD) Cisco Firepower 2100 CSCvn77248 Software 6.4.0.1 (Available) Series Cisco Adaptive Security Appliance (ASA) Software 9.8.4.3 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.9.2.50 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.9.2.52 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.10.1.22 (Available) Cisco Adaptive Security Appliance (ASA) Software 9.12.2 (Available) Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: Cisco Firepower 4000 CSCvn77249 (Image Names: Series fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available) Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: Cisco Firepower 9000 CSCvn77249 (Image Names: Series fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available) Routing and Switching - Enterprise and Service Provider 10/40/100G MR Muxponder - Licensable for CSCvn77191 11.1 (Jul 2019) Encryption (NCS2K-MR-MXP-LIC) 10Gbps Optical Encryption Line Card for the Cisco NCS 2000 CSCvn77191 11.1 (Jul 2019) Series and Cisco ONS 15454 MSTP (15454-M-WSE-K9) ASR 903 Router & Switching Processor and CSCvn77169 Cisco IOS XE Software Release 16.12.1 Controller - 400G (Jul 2019) (A900-RSP3C-400-S) ASR 907 Router & Switching Processor and CSCvn77169 Cisco IOS XE Software Release 16.12.1 Controller - 400G (Jul 2019) (A900-RSP3C-400-W) CBR-8 Converged CSCvn77185 Cisco IOS XE Software Release 16.12.1w Broadband Router (Sep 2019) Catalyst 6800 16-port Cisco IOS XE Software Release 15.5(1) 10GE with integrated CSCvn77182 SY4 (Sep 2019) DFC4 (C6800-16P10G) Catalyst 6800 32-port 10GE with dual CSCvn77182 Cisco IOS XE Software Release 15.5(1) integrated dual DFC4 SY4 (Sep 2019) (C6800-32P10G) Catalyst 6800 8-port Cisco IOS XE Software Release 15.5(1) 10GE with integrated CSCvn77182 SY4 (Sep 2019) DFC4 (C6800-8P10G) Catalyst 6800 8-port 40GE with dual CSCvn77182 Cisco IOS XE Software Release 15.5(1) integrated dual DFC4-E SY4 (Sep 2019) (C6800-8P40G) Cisco IOS XE Software Release 16.9.5 Cisco 1-Port Gigabit (Jan 20) Ethernet WAN Network CSCvn77218 Cisco IOS XE Software Release 16.12.2 Interface Module (Nov 2019) (NIM-1GE-CU-SFP) Cisco IOS XE Software Release 17.1.1 (Nov 2019) Cisco IOS Software Release 15.9(3)M (Aug 2019) Cisco IOS Software Release 15.8(3)M3 Cisco 1120 Connected CSCvn89140 (Aug 2019) Grid Router Cisco IOS Software Release 15.7(3)M5 (Sep 2019) Cisco IOS Software Release 15.6(3)M7 (Sep 2019) Cisco IOS Software Release 15.9(3)M (Aug 2019) Cisco IOS Software Release 15.8(3)M3 Cisco 1240 Connected CSCvn89137 (Aug 2019) Grid Router Cisco IOS Software Release 15.7(3)M5 (Sep 2019) Cisco IOS Software Release 15.6(3)M7 (Sep 2019) Cisco IOS XE Software Release 16.9.5 Cisco 2-Port Gigabit (Jan 20) Ethernet WAN Network CSCvn77218 Cisco IOS XE Software Release 16.12.2 Interface Module (Nov 2019) (NIM-2GE-CU-SFP) Cisco IOS XE Software Release 17.1.1 (Nov 2019) Cisco 3000 Series Firmware release 1.0.05 (image name: Industrial Security CSCvn89146 isa3000-firmware-1005.SPA) (Available) Appliances Cisco 4000 Series Cisco IOS XE Software Release 16.12.2 Integrated Services (Nov 2019) Router Packet CSCvn77212 Cisco IOS XE Software Release 17.1.1 1024-Channel (Nov 2019) High-Density Voice DSP Cisco IOS XE Software Release 16.9.5 Module (SM-X-PVDM-1000) (Jan 20) Cisco 4000 Series Cisco IOS XE Software Release 16.12.2 Integrated Services (Nov 2019) Router Packet CSCvn77212 Cisco IOS XE Software Release 17.1.1 2048-Channel (Nov 2019) High-Density Voice DSP Cisco IOS XE Software Release 16.9.5 Module (SM-X-PVDM-2000) (Jan 20) Cisco 4000 Series Cisco IOS XE Software Release 16.12.2 Integrated Services (Nov 2019) Router Packet CSCvn77212 Cisco IOS XE Software Release 17.1.1 3080-Channel (Nov 2019) High-Density Voice DSP Cisco IOS XE Software Release 16.9.5 Module (SM-X-PVDM-3000) (Jan 20) Cisco 4000 Series Cisco IOS XE Software Release 16.12.2 Integrated Services (Nov 2019) Router Packet CSCvn77212 Cisco IOS XE Software Release 17.1.1 768-Channel High-Density (Nov 2019) Voice DSP Module Cisco IOS XE Software Release 16.9.5 (SM-X-PVDM-500) (Jan 20) Cisco 4221 Integrated Utility File Name: Services Router CSCvn77153 isr4200_cpld_update_v1.1_SPA.bin (Available) Cisco 4321 Integrated Utility File Name: Services Router CSCvn77156 isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4331 Integrated Utility File Name: Services Router CSCvn77156 isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4351 Integrated Utility File Name: Services Router CSCvn77156 isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4431 Integrated Utility File Name: Services Router CSCvn77155 isr4400_cpld_update_v1.1_SPA.bin (Available) Cisco 4451-X Integrated Utility File Name: Services Router CSCvn77155 isr4400_cpld_update_v1.1_SPA.bin (Available) Cisco 4461 Integrated Utility File Name: Services Router CSCvn77154 isr4400v2_cpld_update_v1.1_SPA.bin (Available) Cisco 5000 Series Enterprise Network CSCvn77150 Release no. TBD (Aug 2019) Compute System Cisco IOS Software Release 15.8(3)M2a Cisco 809 Industrial (Available) Integrated Services CSCvn89138 Cisco IOS Software Release 15.7(3)M4b Routers (Available) Cisco IOS Software Release 15.6(3)M6b (Available) Cisco IOS Software Release 15.8(3)M2a Cisco 829 Industrial (Available) Integrated Services CSCvn89143 Cisco IOS Software Release 15.7(3)M4b Routers (Available) Cisco IOS Software Release 15.6(3)M6b (Available) Cisco ASR 1000 Embedded Services Processor, 200G CSCvn77159 Release no. TBD (Aug 2019) (ASR1000-ESP200) Cisco ASR 1000 Fixed Ethernet Line Card CSCvn89144 Release no. TBD (Aug 2019) (6x10GE) (ASR1000-6TGE) Cisco ASR 1000 Fixed Ethernet Line Card, CSCvn89144 Release no. TBD (Aug 2019) 2x10GE + 20x1GE (ASR1000-2T+20X1GE) Cisco ASR 1000 Series 100-Gbps Embedded CSCvn77160 Release no. TBD (Aug 2019) Services Processor (ASR1000-ESP100) Cisco ASR 1000 Series Modular Interface CSCvn77158 Release no. TBD (Aug 2019) Processor (ASR1000-MIP100) Cisco ASR 1000 Series Route Processor 3 (Cisco CSCvn77167 Release no. TBD (Aug 2019) ASR1000-RP3) Cisco ASR 1001-HX Router CSCvn77162 ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 1001-X CSCvn89145 ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 1002-HX Router CSCvn77166 ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 900 Series Route Switch Processor 2 CSCvn77168 Cisco IOS XE Software Release 16.12.1 - 128G, Base Scale (Jul 2019) (A900-RSP2A-128) Cisco ASR 900 Series Route Switch Processor 2 CSCvn77168 Cisco IOS XE Software Release 16.12.1 - 64G, Base Scale (Jul 2019) (A900-RSP2A-64) Cisco ASR 900 Series Route Switch Processor 3 CSCvn77169 Cisco IOS XE Software Release 16.12.1 - 200G, Large Scale (Jul 2019) (A900-RSP3C-200) Cisco ASR 9000 Series 16-Port 100 Gigabit CSCvn77180 Cisco IOS XR Software Release 7.0.1 Ethernet Line Card (Jul 2019) (A99-16X100GE-X-SE) Cisco ASR 9000 Series 16-Port 100 Gigabit Cisco IOS XR Software Release 7.0.1 Ethernet Line Card CSCvn77180 (Jul 2019) (A9K-16X100GE-TR, A9K-16X100GE-CM) Cisco ASR 9000 Series 32-Port 100 Gigabit Cisco IOS XR Software Release 7.0.1 Ethernet Line Card CSCvn77180 (Jul 2019) (A99-32X100GE-TR, A99-32X100GE-CM) Cisco ASR 9000 Series Route Switch Processor 5 CSCvn77175 Cisco IOS XR Software Release 7.0.1 for Packet Transport (Jul 2019) (A9K-RSP5-TR) Cisco ASR 9000 Series Route Switch Processor 5 CSCvn77175 Cisco IOS XR Software Release 7.0.1 for Service Edge (Jul 2019) (A9K-RSP5-SE) Cisco ASR 920 Series Aggregation Services Routers 10GE and 2-10GE - Passively Cooled DC Cisco IOS XE Software Release 16.12.1 model (ASR-920-10SZ-PD), CSCvn77171 (Jul 2019) Cisco ASR920 Series - 20GE SFP, 4Cu and 4-10GE: Modular PSU (ASR-920-20SZ-M) Cisco ASR 920 Series Aggregation Services Cisco IOS XE Software Release 16.12.1 Routers 12 x 1/10GE SFP, CSCvn77171 (Jul 2019) AC Model (ASR-920-12SZ-A) Cisco ASR 920 Series Aggregation Services Cisco IOS XE Software Release 16.12.1 Routers 12 x 1/10GE SFP, CSCvn77171 (Jul 2019) DC Model (ASR-920-12SZ-D) Cisco ASR 920 Series Aggregation Services Cisco IOS XE Software Release 16.12.1 Routers 12GE and 2-10GE CSCvn77171 (Jul 2019) - AC model (ASR-920-12CZ-A) Cisco ASR 920 Series Aggregation Services Cisco IOS XE Software Release 16.12.1 Routers 12GE and 2-10GE CSCvn77171 (Jul 2019) - DC model (ASR-920-12CZ-D) Cisco ASR 920 Series Aggregation Services Cisco IOS XE Software Release 16.12.1 Routers 24GE Copper and CSCvn77172 (Jul 2019) 4-10GE - Modular PSU (ASR-920-24TZ-M) Cisco ASR 920 Series Aggregation Services Cisco IOS XE Software Release 16.12.1 Routers 24GE Fiber and CSCvn77172 (Jul 2019) 4-10GE - Modular PSU (ASR-920-24SZ-M) Cisco ASR 920 Series Aggregation Services CSCvn77171 Cisco IOS XE Software Release 16.12.1 Routers 2GE and 4-10GE - (Jul 2019) AC model (ASR-920-4SZ-A) Cisco ASR 920 Series Aggregation Services CSCvn77171 Cisco IOS XE Software Release 16.12.1 Routers 2GE and 4-10GE - (Jul 2019) DC model (ASR-920-4SZ-D) Cisco ASR 920 Series Aggregation Services Routers Conformal Coated CSCvn77170 Cisco IOS XE Software Release 16.12.1 - 12GE and 4-10GE, 1 IM (Jul 2019) Slot (ASR-920-12SZ-IM-CC) Cisco ASR 9900 Route Cisco IOS XR Software Release 7.0.1 Processor 3 for Packet CSCvn77175 (Jul 2019) Transport (A99-RP3-TR) Cisco ASR 9900 Route Cisco IOS XR Software Release 7.0.1 Processor 3 for Service CSCvn77175 (Jul 2019) Edge (A99-RP3-SE) Cisco ASR920 Series - Cisco IOS XE Software Release 16.12.1 12GE and 4-10GE, 1 IM CSCvn77170 (Jul 2019) slot (ASR-920-12SZ-IM) Cisco ASR920 Series - 24GE and 4-10GE - CSCvn77172 Cisco IOS XE Software Release 16.12.1 Modular PSU and IM (Jul 2019) (ASR-920-24SZ-IM) Cisco Catalyst 6800 16-port 10GE with CSCvn77182 Cisco IOS XE Software Release 15.5(1) Integrated DFC4-XL SY4 (Sep 2019) (C6800-16P10G-XL) Cisco Catalyst 6800 32-port 10GE with Dual CSCvn77182 Cisco IOS XE Software Release 15.5(1) Integrated Dual DFC4-XL SY4 (Sep 2019) (C6800-32P10G-XL) Cisco Catalyst 6800 8-port 10GE with CSCvn77182 Cisco IOS XE Software Release 15.5(1) Integrated DFC4-XL SY4 (Sep 2019) (C6800-8P10G-XL) Cisco Catalyst 6800 8-port 40GE with Dual CSCvn77182 Cisco IOS XE Software Release 15.5(1) Integrated Dual DFC4-EXL SY4 (Sep 2019) (C6800-8P40G-XL) Cisco Catalyst 6800 Cisco IOS XE Software Release 15.5(1) Series Supervisor Engine CSCvn77181 SY4 (Sep 2019) 6T (C6800-SUP6T) Cisco Catalyst 6800 Cisco IOS XE Software Release 15.5(1) Series Supervisor Engine CSCvn77181 SY4 (Sep 2019) 6T XL (C6800-SUP6T-XL) Cisco Catalyst Cisco IOS Software Release 15.5(1)SY4 6816-X-Chassis (Standard CSCvn77183 (Sep 2019) Tables) (C6816-X-LE) Cisco Catalyst 6824-X-Chassis and 2 x CSCvn77183 Cisco IOS Software Release 15.5(1)SY4 40G (Standard Tables) (Sep 2019) (C6824-X-LE-40G) Cisco Catalyst Cisco IOS Software Release 15.5(1)SY4 6832-X-Chassis (Standard CSCvn77183 (Sep 2019) Tables) (C6832-X-LE) Cisco Catalyst 6840-X-Chassis and 2 x CSCvn77183 Cisco IOS Software Release 15.5(1)SY4 40G (Standard Tables) (Sep 2019) (C6840-X-LE-40G) Cisco Catalyst 9300 Utility name: Series Switches CSCvn77209 cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Utility name: Switch with 24x 1/10/25G CSCvn89150 cat9k_iosxe.16.00.00fpgautility.SPA.bin Gigabit Ethernet + 4x 40 (Available) /100G Uplink (C9500-24Y4C) Cisco Catalyst 9500 Series High-Performance Utility name: Switch with 32x 100 CSCvn89150 cat9k_iosxe.16.00.00fpgautility.SPA.bin Gigabit Ethernet (Available) (C9500-32C) Cisco Catalyst 9500 Series High-Performance Utility name: Switch with 32x 40 CSCvn89150 cat9k_iosxe.16.00.00fpgautility.SPA.bin Gigabit Ethernet (Available) (C9500-32QC) Cisco Catalyst 9500 Series High-Performance Utility name: Switch with 48x 1/10/25G CSCvn89150 cat9k_iosxe.16.00.00fpgautility.SPA.bin Gigabit Ethernet + 4x 40 (Available) /100G Uplink (C9500-48Y4C) Cisco Catalyst 9500 Utility name: Series Switch with 12x CSCvn77220 cat9k_iosxe.16.00.00fpgautility.SPA.bin 40G Gigabit Ethernet (Available) (C9500-12Q) Cisco Catalyst 9500 Utility name: Series Switch with 16x 1 CSCvn77220 cat9k_iosxe.16.00.00fpgautility.SPA.bin /10G Gigabit Ethernet (Available) (C9500-16X) Cisco Catalyst 9500 Utility name: Series Switch with 24x CSCvn77220 cat9k_iosxe.16.00.00fpgautility.SPA.bin 40G Gigabit Ethernet (Available) (C9500-24Q) Cisco Catalyst 9500 Utility name: Series Switch with 40x 1 CSCvn77220 cat9k_iosxe.16.00.00fpgautility.SPA.bin /10G Gigabit Ethernet (Available) (C9500-40X) Cisco Catalyst 9600 CSCvn95346 Cisco IOS XE Software Release 16.12.1 Supervisor Engine-1 (Jul 2019) Cisco Catalyst 9800-40 CSCvn77165 C9800-40_fpga_prog.16.0.0.xe.bin Wireless Controller (Available) Cisco Catalyst 9800-80 CSCvn77163 C9800-80_fpga_prog.16.0.0.xe.bin Wireless Controller (Available) Cisco IC3000 Industrial CSCvp42792 Firmware Release 1.0.2 (image name Compute Gateway IC3000-K9-1.0.3.SPA) (Aug 2019) N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, Cisco MDS 9000 Family 24 N77-F430CQ-36, and N77-M324FQ: Cisco /10 SAN Extension Module CSCvn77141 NX-OS Software Release 8.4.2 (Sep 2019) (DS-X9334-K9) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco NCS 200 Series 10/ 40/100G MR Muxponder CSCvn77191 11.1 (Jul 2019) (NCS2K-MR-MXP-K9) Cisco NCS 5500 12X10, Cisco IOS XR Software Release 7.1.1 2X40 2XMPA Line Card CSCvn77202 (Nov 2019) Base (NC55-MOD-A-S) Cisco NCS 5500 Series 24 Ports of 100GE and 12 Cisco IOS XR Software Release 7.1.1 Ports of 40GE High-Scale CSCvn77202 (Nov 2019) Line Card (NC55-24H12F-SE) Cisco NCS 5500 Series 36 ports of 100GE CSCvn77202 Cisco IOS XR Software Release 7.1.1 High-Scale Line Card (Nov 2019) (NC55-36X100G-A-SE) Cisco NCS 5504 Fabric CSCvn77202 Cisco IOS XR Software Release 7.1.1 Card (NC55-5504-FC) (Nov 2019) Cisco NCS 5516 Fabric CSCvn77202 Cisco IOS XR Software Release 7.1.1 Card (NC55-5516-FC) (Nov 2019) Cisco NCS 55A2 Fixed Cisco IOS XR Software Release 7.1.1 24X10G + 16X25G MPA CSCvn77201 (Nov 2019) Chassis (NCS-55A2-MOD-S) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Cisco IOS XR Software Release 7.1.1 Chassis, Temperature CSCvn77201 (Nov 2019) Hardened (NCS-55A2-MOD-HD-S) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature CSCvn77201 Cisco IOS XR Software Release 7.1.1 Hardened with Conformal (Nov 2019) Coating (NCS-55A2-MOD-HX-S) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA CSCvn77201 Cisco IOS XR Software Release 7.1.1 Scale Chassis (Nov 2019) (NCS-55A2-MOD-SE-S) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis, CSCvn77201 Cisco IOS XR Software Release 7.1.1 Temperature Hardened (Nov 2019) with Conformal Coating (NC55A2-MOD-SE-H-S) Cisco NCS5501 - 40x10G Cisco IOS XR Software Release 7.1.1 and 4x100G Scale Chassis CSCvn77201 (Nov 2019) (NCS-5501-SE) Cisco NCS5501 Fixed Cisco IOS XR Software Release 7.1.1 48x10G and 6x100G CSCvn77201 (Nov 2019) Chassis (NCS-5501) Cisco NCS5502 - 48x100G Cisco IOS XR Software Release 7.1.1 Scale Chassis CSCvn77201 (Nov 2019) (NCS-5502-SE) Cisco NCS5502 Fixed Cisco IOS XR Software Release 7.1.1 48x100G Chassis CSCvn77201 (Nov 2019) (NCS-5502) Cisco NCS55A1 Fixed Cisco IOS XR Software Release 7.1.1 24x100G Chassis CSCvn77201 (Nov 2019) (NCS-55A1-24H) Cisco NCS55A1 Fixed Cisco IOS XR Software Release 7.1.1 36x100G Base Chassis CSCvn77201 (Nov 2019) (NCS-55A1-36H-S) Cisco NCS55A1 Fixed Cisco IOS XR Software Release 7.1.1 36x100G Scale Chassis CSCvn77201 (Nov 2019) (NCS-55A1-36H-SE-S) Cisco Network CSCvp88427 Cisco IOS XR Software Release 7.0.1 Convergence System 1001 (Jul 2019) Cisco Network CSCvn77219 Cisco IOS XR Software Release 7.0.1 Convergence System 1002 (Jul 2019) Cisco Network CSCvn77207 Cisco IOS XR Software Release 7.1.1 Convergence System 5001 (Nov 2019) Cisco Network CSCvn77205 Cisco IOS XR Software Release 7.1.1 Convergence System 5002 (Nov 2019) Cisco Network Convergence System 540 Cisco IOS XR Software Release 7.1.1 (N540-ACC-SYS, CSCvn77201 (Nov 2019) N540-24Z8Q2C-M, N540-24Z8Q2C-SYS) Cisco Network Convergence System 540 CSCvn77201 Cisco IOS XR Software Release 7.1.1 Conformal Coated (Nov 2019) (N540X-ACC-SYS) Cisco Network Convergence System 5500 Cisco IOS XR Software Release 7.1.1 Series: 1.2-Tbps IPoDWDM CSCvn77202 (Nov 2019) Modular Line Card (NC55-6X200-DWDM-S) Cisco Network Convergence System 5500 Cisco IOS XR Software Release 7.1.1 Series: 36X100G MACsec CSCvn77202 (Nov 2019) Modular Line Cards (NC55-36X100G-S) Cisco Nexus 31108PC-V, Cisco NX-OS Software Release 9.3(1) 48 SFP+ and 6 QSFP28 CSCvn77245 (Aug 2019) ports (N3K-C31108PC-V) Cisco Nexus 31108TC-V, 48 10Gbase-T RJ-45 and 6 CSCvn77245 Cisco NX-OS Software Release 9.3(1) QSFP28 ports (Aug 2019) (N3K-C31108TC-V) Cisco Nexus 3132C-Z CSCvn77245 Cisco NX-OS Software Release 9.3(1) Switches (N3K-C3132C-Z) (Aug 2019) Cisco Nexus 3264C-E CSCvn77245 Cisco NX-OS Software Release 9.3(1) Switches (N3K-C3264C-E) (Aug 2019) N7K-M348XP-25L, N7K-M324FQ-25L, Cisco Nexus 7000 N77-M348XP-23L, N77-M312CQ-26L, M3-Series 48-Port 1/10G N77-F430CQ-36, and N77-M324FQ: Cisco Ethernet Module CSCvn77141 NX-OS Software Release 8.4.2 (Sep 2019) (N7K-M348XP-25L) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) N7K-M348XP-25L, N7K-M324FQ-25L, Cisco Nexus 7700 N77-M348XP-23L, N77-M312CQ-26L, F4-Series 30-Port 100G N77-F430CQ-36, and N77-M324FQ: Cisco Ethernet Module CSCvn77141 NX-OS Software Release 8.4.2 (Sep 2019) (N77-F430CQ-36) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) N7K-M348XP-25L, N7K-M324FQ-25L, Cisco Nexus 7700 N77-M348XP-23L, N77-M312CQ-26L, M3-Series 12-Port 100G N77-F430CQ-36, and N77-M324FQ: Cisco Ethernet Module CSCvn77141 NX-OS Software Release 8.4.2 (Sep 2019) (N77-M312CQ-26L) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) N7K-M348XP-25L, N7K-M324FQ-25L, Cisco Nexus 7700 N77-M348XP-23L, N77-M312CQ-26L, M3-Series 24-Port 40G N77-F430CQ-36, and N77-M324FQ: Cisco Ethernet Module CSCvn77141 NX-OS Software Release 8.4.2 (Sep 2019) (N7K-M324FQ-25L) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) N7K-M348XP-25L, N7K-M324FQ-25L, Cisco Nexus 7700 N77-M348XP-23L, N77-M312CQ-26L, M3-Series 48-Port 1/10G N77-F430CQ-36, and N77-M324FQ: Cisco Ethernet Module CSCvn77141 NX-OS Software Release 8.4.2 (Sep 2019) (N77-M348XP-23L) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, Cisco Nexus 7700 N77-F430CQ-36, and N77-M324FQ: Cisco Supervisor 3 (N77-SUP3E) CSCvn77141 NX-OS Software Release 8.4.2 (Sep 2019) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 9200 with NX-OS: Cisco NX-OS Software Release 9.3 36p 40G 100G QSFP28 CSCvn77143 (1) (Aug 2019) (N9K-C9236C) ACI: Switch Software Release 4.2(1) (Aug 2019) Cisco Nexus 9200 with NX-OS: Cisco NX-OS Software Release 9.3 48p 1/10G/25G SFP+ and CSCvn77143 (1) (Aug 2019) 6p 40G QSFP or 4p 100G ACI: Switch Software Release 4.2(1) QSFP28 (N9K-C92160YC-X) (Aug 2019) Cisco Nexus 9200 with NX-OS: Cisco NX-OS Software Release 9.3 48p 10/25 Gbps and 18p CSCvn77143 (1) (Aug 2019) 100G QSFP28 ACI: Switch Software Release 4.2(1) (N9K-C92300YC) (Aug 2019) Cisco Nexus 9200 with NX-OS: Cisco NX-OS Software Release 9.3 56p 40G QSFP+ and 8p CSCvn77143 (1) (Aug 2019) 100G QSFP28 ACI: Switch Software Release 4.2(1) (N9K-C92304QC) (Aug 2019) Cisco Nexus 9200 with NX-OS: Cisco NX-OS Software Release 9.3 72p 40G QSFP+ CSCvn77143 (1) (Aug 2019) (N9K-C9272Q) ACI: Switch Software Release 4.2(1) (Aug 2019) Cisco Nexus 9300 with 48p 1/10G/25G SFP and 6p NX-OS: Cisco NX-OS Software Release 9.3 40G/100G QSFP28, MACsec, CSCvn77143 (1) (Aug 2019) and Unified Ports ACI: Switch Software Release 4.2(1) Capable (Aug 2019) (N9K-C93180YC-FX) Cisco Nexus 9300 with NX-OS: Cisco NX-OS Software Release 9.3 48p 100M/1G BASE-T, 4p (1) (Aug 2019) 10/25G SFP28 and 2p 40G/ CSCvn77143 ACI: Switch Software Release 4.2(1) 100G QSFP28 (Aug 2019) (N9K-C9348GC-FXP) Cisco Nexus 9300 with NX-OS: Cisco NX-OS Software Release 9.3 48p 10G BASE-T and 6p (1) (Aug 2019) 40G/100G QSFP28, MACsec CSCvn77143 ACI: Switch Software Release 4.2(1) Capable (Aug 2019) (N9K-C93108TC-FX) Cisco Nexus 9332C Spine NX-OS: Cisco NX-OS Software Release 9.3 Switch with 32p 40/100G CSCvn77143 (1) (Aug 2019) QSFP28, 2p 1/10G SFP ACI: Switch Software Release 4.2(1) (N9K-C9332C) (Aug 2019) Cisco Nexus 9364C Spine NX-OS: Cisco NX-OS Software Release 9.3 Switch with 64p 40/100G CSCvn77143 (1) (Aug 2019) QSFP28, 2p 1/10G SFP ACI: Switch Software Release 4.2(1) (N9K-C9364C) (Aug 2019) Cisco Nexus 9500 4-Core/ NX-OS: Cisco NX-OS Software Release 9.3 4-Thread Supervisor CSCvn77142 (1) (Aug 2019) (N9K-SUP-A) ACI: Switch Software Release 4.2(1) (Aug 2019) Cisco Nexus 9500 6-Core/ NX-OS: Cisco NX-OS Software Release 9.3 12-Thread Supervisor CSCvn77142 (1) (Aug 2019) (N9K-SUP-B) ACI: Switch Software Release 4.2(1) (Aug 2019) Cisco Nexus 9K Fixed NX-OS: Cisco NX-OS Software Release 9.3 with 32p 40G/100G QSFP28 CSCvn77143 (1) (Aug 2019) (N9K-C9232C) ACI: Switch Software Release 4.2(1) (Aug 2019) Cisco Nexus 9K Fixed NX-OS: Cisco NX-OS Software Release 9.3 with 36p 40G/100G QSFP28 CSCvn77143 (1) (Aug 2019) (N9K-C9336C-FX2) ACI: Switch Software Release 4.2(1) (Aug 2019) Cisco Nexus 9K Fixed NX-OS: Cisco NX-OS Software Release 9.3 with 48p 1/10G/25G SFP CSCvn77143 (1) (Aug 2019) and 12p 40G/100G QSFP28 ACI: Switch Software Release 4.2(1) (N9K-C93240YC-FX2) (Aug 2019) Cisco Nexus 9K Fixed NX-OS: Cisco NX-OS Software Release 9.3 with 48p 1/10G/25G SFP CSCvn77143 (1) (Aug 2019) and 6p 40G/100G QSFP28 ACI: Switch Software Release 4.2(1) (N9K-C93180YC-EX) (Aug 2019) Cisco Nexus 9K Fixed NX-OS: Cisco NX-OS Software Release 9.3 with 48p 10G BASE-T and CSCvn77143 (1) (Aug 2019) 6p 40G/100G QSFP28 ACI: Switch Software Release 4.2(1) (N9K-C93108TC-EX) (Aug 2019) Cisco Nexus 9K Fixed NX-OS: Cisco NX-OS Software Release 9.3 with up to 32p 40/50G CSCvn77143 (1) (Aug 2019) QSFP+ or up to 18p 100G ACI: Switch Software Release 4.2(1) QSFP28 (N9K-C93180LC-EX) (Aug 2019) Cisco Packet-over-T3/E3 Service Module (SM-X-1T3 CSCvn77147 Release no. TBD (Oct 2019) /E3) Cisco cBR-8 Integrated Cisco IOS XE Software Release 16.12.1 CCAP 40G Remote PHY Line CSCvn77184 (Jul 2019) Card (CBR-CCAP-LC-40G-R) N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, MDS 9700 48-Port 32-Gbps N77-F430CQ-36, and N77-M324FQ: Cisco Fibre Channel Switching CSCvn77141 NX-OS Software Release 8.4.2 (Sep 2019) Module (DS-X9648-1536K9) DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) NX-OS: Cisco NX-OS Software Release 9.3 Supervisor A+ for Nexus CSCvn77142 (1) (Aug 2019) 9500 (N9K-SUP-A+) ACI: Switch Software Release 4.2(1) (Aug 2019) NX-OS: Cisco NX-OS Software Release 9.3 Supervisor B+ for Nexus CSCvn77142 (1) (Aug 2019) 9500 (N9K-SUP-B+) ACI: Switch Software Release 4.2(1) (Aug 2019) Voice and Unified Communications Devices Analog Voice Network Interface Modules for Cisco 4000 Series ISRs (NIM-2FXO, NIM-4FXO, NIM-2FXS, NIM-4FXS, CSCvn77151 Release no. TBD (Sep 2019) NIM-2FXS/4FXO, NIM-2FXSP, NIM-4FXSP, NIM-2FXS/4FXOP, NIM-4E/ M, NIM-2BRI-NT/TE, NIM-4BRI-NT/TE) Cisco 4000 Series Integrated Services Router T1/E1 Voice and WAN Network Interface Modules (NIM-1MFT-T1/E1, NIM-2MFT-T1/E1, CSCvn77152 Release no. TBD (Sep 2019) NIM-4MFT-T1/E1, NIM-8MFT-T1/E1, NIM-1CE1T1-PRI, NIM-2CE1T1-PRI, NIM-8CE1T1-PRI) Products Confirmed Not Vulnerable Cisco has investigated all Cisco products that support hardware-based Secure Boot functionality to verify that they are enforcing the appropriate access control checks. Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. No other Cisco products that support hardware-based Secure Boot functionality are vulnerable. Details o An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform. Cisco is in the process of developing and releasing software fixes for all affected platforms. In most cases, the fix will require an on-premise reprogramming of a low-level hardware component that is required for normal device operation. A failure during this reprogramming process may cause the device to become unusable and require a hardware replacement. Customers are advised to consult the Release Note Enclosure for the Cisco bug relevant to their platform for the following information: 1. Causes that could lead to a failure of the reprogramming process and cause the device to become unusable 2. A platform-specific set of steps that are required to reprogram a device 3. The procedure required to determine whether a given device is running an affected firmware version (that therefore must be fixed) or whether the device is already running a fixed firmware version The product release notes that are published with each platform-specific fixed software release will include more detailed information about items 2 and 3 in the preceding list. The product release notes should be considered the most up-to-date source of information about these items. For details about Secure Boot and related Trustworthy Technologies, please refer to the Trustworthy Technologies Datasheet . A list of all Cisco products supporting secure boot technology can be found at the following link: https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/ docs/cisco-secure-boot-product-list.pdf Workarounds o There are no workarounds that address this vulnerability. Cisco Guide to Harden Cisco IOS Devices provides information about how to harden the device and secure management access. Implementing the recommendations in this document would reduce the attack surface for this vulnerability. Fixed Software o For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products section of this advisory. Cisco will release free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Exploitation and Public Announcements o This vulnerability was publicly disclosed by Red Balloon Security on May 13, 2019. The Cisco Product Security Incident Response Team (PSIRT) is aware of the existence of proof-of-concept code that demonstrates this vulnerability on the Cisco ASR 1001-X. There are no indications at this time that this proof-of-concept code is publicly available. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory. Source o Cisco would like to thank Mr. Jatin Kataria (Principal Research Scientist), Mr. Richard Housley (Research Scientist), and Dr. Ang Cui (Chief Scientist) of Red Balloon Security for reporting this vulnerability to Cisco and working toward a coordinated disclosure. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190513-secureboot Revision History o +---------+--------------------+------------+---------+-------------------+ | Version | Description | Section | Status | Date | +---------+--------------------+------------+---------+-------------------+ | | Updated fixed | Vulnerable | | | | 1.16 | version for some | Products | Final | 2019-September-06 | | | products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | Vulnerable | | | | 1.15 | vulnerable | Products | Final | 2019-September-03 | | | products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | Vulnerable | | | | 1.14 | vulnerable | Products | Final | 2019-August-21 | | | products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated fix | Vulnerable | | | | 1.13 | availability date | Products | Final | 2019-August-02 | | | for some products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated fix | Vulnerable | | | | 1.12 | availability date | Products | Final | 2019-July-17 | | | for some products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated fix | Vulnerable | | | | 1.11 | availability date | Products | Final | 2019-June-28 | | | for some products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | | | | | | vulnerable | | | | | 1.10 | products. Updated | Vulnerable | Final | 2019-June-17 | | | fix availability | Products | | | | | date for some | | | | | | products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | | | | | | vulnerable | | | | | | products. Updated | | | | | | fix availability | | | | | | date for some | | | | | | products. Changed | Summary | | | | 1.9 | document status to | and | Final | 2019-June-10 | | | Final. Removed | Vulnerable | | | | | statements | Products | | | | | indicating the | | | | | | advisory will be | | | | | | updated (Summary | | | | | | and Vulnerable | | | | | | Products). | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | | | | | | vulnerable | | | | | 1.8 | products. Updated | Vulnerable | Interim | 2019-May-30 | | | fix availability | Products | | | | | date for some | | | | | | products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | | | | | | vulnerable | | | | | | products. Updated | | | | | | fix availability | Vulnerable | | | | 1.7 | date for some | Products, | Interim | 2019-May-23 | | | products. Added | Details | | | | | link to list of | | | | | | Cisco products | | | | | | supporting secure | | | | | | boot. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | | | | | | vulnerable | | | | | 1.6 | products. Updated | Vulnerable | Interim | 2019-May-22 | | | fix availability | Products | | | | | date for some | | | | | | products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | | | | | | vulnerable | | | | | 1.5 | products. Updated | Vulnerable | Interim | 2019-May-20 | | | fix availability | Products | | | | | date for some | | | | | | products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | | | | | | vulnerable | | | | | 1.4 | products. Updated | Vulnerable | Interim | 2019-May-16 | | | fix availability | Products | | | | | date for some | | | | | | products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | | | | | | vulnerable | | | | | 1.3 | products. Updated | Vulnerable | Interim | 2019-May-15 | | | fix availability | Products | | | | | date for some | | | | | | products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | | | | | | vulnerable | | | | | 1.2 | products. Updated | Vulnerable | Interim | 2019-May-14 | | | fix availability | Products | | | | | date for some | | | | | | products. | | | | +---------+--------------------+------------+---------+-------------------+ | | Updated list of | | | | | | vulnerable | | | | | | products. Added | Vulnerable | | | | 1.1 | link to Datasheet | Products, | Interim | 2019-May-13 | | | for Cisco | Details | | | | | Trustworthy | | | | | | Technologies. | | | | +---------+--------------------+------------+---------+-------------------+ | 1.0 | Initial public | - | Interim | 2019-May-13 | | | release. | | | | +---------+--------------------+------------+---------+-------------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXXWoWmaOgq3Tt24GAQjzHw//RF5GxgOMdh4ssqAaRDPl/Xe7rhhA7KwA c9bv2m6HqdvyM9+SKKllsImmCILpmOpC5oF0+3ZzVMiggIbTgRO38XzSNWaGC8kg h02VkdWVJ+nVm+paSYnQs7dvR06paRnSDrPIrH+ckAaGPelwT6Q7E1+FiVAHXqbq SdNtdIYJtF/3eqd0Nu7eOoLPqAV/SkNy6kmmMZ0QBDc20MzwwoT+eL1oVulzYUqe qCREaFQqh9kLdZfb4hytQtAfg93YmWJHAI93iKVzLFkTM3amKR5lUz2DUdTNMnmu blOZ63wUnfXXCsuU75aizdbcIQQpO88sglhPKwtgA2j/ri2CH0gaMSEKfkt/RbuQ 6sGXjtGhNhw4vPKHWNlZ5didQy5ru0qZ90tx6vW65lGfJkD6choYpDezQDY22Op2 WHTqcG18DjlEzAk2TDpJ3k10UU1rRjYoT0pk7uGCNuGOrw+KhGf5PY4XT4aom0dD TG7hcZ/Wi74B+u/sbFRwWoqNW2+jOwOzrR6uEvu5p3x35s96ffAUSfsiUDhB2aSG BzzzYXkyFxB4yIew3iIYx++wWaE4FiLfBZvqjYOHzhuRfl6hEW4vD5YZqhI85MI4 QUADM/6Ll8tY3sNbr1f48DBD5JCqEebcvpnZqiShacthkSCnDo2JFH/ett+6I6xw t8hE40KqpEw= =y+6S -----END PGP SIGNATURE-----