-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.1680.6
            Cisco Secure Boot Hardware Tampering Vulnerability
                                23 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Secure Boot
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-1649  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

Revision History:  May 23 2019: Updated list of vulnerable products. 
                                Updated fix availability date for some products.
                   May 21 2019: Updated list of vulnerable products. Updated fix availability date for some products.
                   May 17 2019: Updated list of vulnerable products. 
                                Updated fix availability date for some products.
                   May 16 2019: Updated list of vulnerable products. 
                                Updated fix availability date for some products.
                   May 15 2019: Updated list of vulnerable products. Updated fix availability date for some products.
                   May 14 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Secure Boot Hardware Tampering Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190513-secureboot

First Published: 2019 May 13 17:30 GMT

Last Updated:    2019 May 22 20:14 GMT

Version 1.6:     Interim

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvn77141 CSCvn77142 CSCvn77143 CSCvn77147CSCvn77150 CSCvn77151 CSCvn77152 CSCvn77153CSCvn77154 CSCvn77155 CSCvn77156 CSCvn77158CSCvn77159 CSCvn77160 CSCvn77162 CSCvn77166CSCvn77167 CSCvn77168 CSCvn77169 CSCvn77170CSCvn77171 CSCvn77172 CSCvn77175 CSCvn77180CSCvn77181 CSCvn77182 CSCvn77183 CSCvn77184CSCvn77185 CSCvn77191 CSCvn77201 CSCvn77202CSCvn77205 CSCvn77207 CSCvn77209 CSCvn77212CSCvn77219 CSCvn77220 CSCvn77245 CSCvn77246CSCvn77248 CSCvn77249 CSCvn89137 CSCvn89138CSCvn89140 CSCvn89143 CSCvn89144 CSCvn89145CSCvn89146 CSCvn89150 CSCvp42792

CVE-2019-1649    

CWE-284

CVSS Score:
6.7  AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the logic that handles access control to one of the
    hardware components in Cisco's proprietary Secure Boot implementation could
    allow an authenticated, local attacker to write a modified firmware image
    to the component. This vulnerability affects multiple Cisco products that
    support hardware-based Secure Boot functionality.

    The vulnerability is due to an improper check on the area of code that
    manages on-premise updates to a Field Programmable Gate Array (FPGA) part
    of the Secure Boot hardware implementation. An attacker with elevated
    privileges and access to the underlying operating system that is running on
    the affected device could exploit this vulnerability by writing a modified
    firmware image to the FPGA. A successful exploit could either cause the
    device to become unusable (and require a hardware replacement) or allow
    tampering with the Secure Boot verification process, which under some
    circumstances may allow the attacker to install and boot a malicious
    software image.

    This advisory will be updated as additional information becomes available.

    Cisco will release software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190513-secureboot

Affected Products

  o Vulnerable Products

    The following table lists Cisco products that are affected by the
    vulnerability that is described in this advisory. This section will be
    updated as additional information becomes available.

    The table includes Cisco bug IDs for each affected product. The bugs are
    accessible through the Cisco Bug Search Tool and contain additional
    platform-specific information and fixed releases.

    If a future release date is indicated for software, the date provided
    represents an estimate based on all information known to Cisco as of the
    Last Updated date at the top of the advisory. Availability dates are
    subject to change based on a number of factors, including satisfactory
    testing results and delivery of other priority features and fixes. If no
    version or date is listed for an affected component (indicated by a blank
    field and/or an advisory designation of Interim), Cisco is continuing to
    evaluate the fix and will update the advisory as additional information
    becomes available. After the advisory is marked Final, customers should
    refer to the associated Cisco bug(s) for further details.

            Product          Cisco Bug        Fixed Release Availability
                                 ID
                       Network and Content Security Devices
    Cisco ASA 5506-X with    CSCvn77246 Firmware Release 1.1.15 (image name:
    FirePOWER Services                  asa5500-firmware-1115.SPA) (Available)
    Cisco ASA 5506H-X with   CSCvn77246 Firmware Release 1.1.15 (image name:
    FirePOWER Services                  asa5500-firmware-1115.SPA) (Available)
    Cisco ASA 5506W-X with   CSCvn77246 Firmware Release 1.1.15 (image name:
    FirePOWER Services                  asa5500-firmware-1115.SPA) (Available)
    Cisco ASA 5508-X with    CSCvn77246 Firmware Release 1.1.15 (image name:
    FirePOWER Services                  asa5500-firmware-1115.SPA) (Available)
    Cisco ASA 5516-X with    CSCvn77246 Firmware Release 1.1.15 (image name:
    FirePOWER Services                  asa5500-firmware-1115.SPA) (Available)
                                        Cisco Firepower Threat Defense 6.2.2.5
                                        (Available)
                                        Cisco Firepower Threat Defense 6.2.2.12
    Cisco Firepower 2100     CSCvn77248 (Available)
    Series                              Cisco Firepower Threat Defense 6.3.0.3
                                        (Available)
                                        Cisco Firepower Threat Defense 6.4.0.1
                                        (Available)
                                        Firmware bundle package v1.0.18 with
                                        ROMMON rev 1.0.15 and FPGA rev 2.0:
    Cisco Firepower 4000     CSCvn77249 (Image Names:
    Series                              fxos-k9-fpr4k-firmware.1.0.18.SPA and
                                        fxos-k9-fpr9k-firmware.1.0.18.SPA)
                                        (Available)
                                        Firmware bundle package v1.0.18 with
                                        ROMMON rev 1.0.15 and FPGA rev 2.0:
    Cisco Firepower 9000     CSCvn77249 (Image Names:
    Series                              fxos-k9-fpr4k-firmware.1.0.18.SPA and
                                        fxos-k9-fpr9k-firmware.1.0.18.SPA)
                                        (Available)
              Routing and Switching - Enterprise and Service Provider
    10/40/100G MR Muxponder
    - Licensable for         CSCvn77191 11.1 (Jul 2019)
    Encryption
    (NCS2K-MR-MXP-LIC)
    10Gbps Optical
    Encryption Line Card for
    the Cisco NCS 2000       CSCvn77191 11.1 (Jul 2019)
    Series and Cisco ONS
    15454 MSTP
    (15454-M-WSE-K9)
    ASR 903 Router &
    Switching Processor and  CSCvn77169 Cisco IOS XE Software Release 16.12.1
    Controller - 400G                   (Jul 2019)
    (A900-RSP3C-400)
    ASR 907 Router &
    Switching Processor and  CSCvn77169 Cisco IOS XE Software Release 16.12.1
    Controller - 400G                   (Jul 2019)
    (A900-RSP3C-400-W)
    CBR-8 Converged          CSCvn77185 Cisco IOS XE Software Release 16.12.1
    Broadband Router                    (Jul 2019)
    Catalyst 6800 16-port               Cisco IOS XE Software Release 15.5(1)
    10GE with integrated     CSCvn77182 SY4 (Sep 2019)
    DFC4 (C6800-16P10G)
    Catalyst 6800 32-port
    10GE with dual           CSCvn77182 Cisco IOS XE Software Release 15.5(1)
    integrated dual DFC4                SY4 (Sep 2019)
    (C6800-32P10G)
    Catalyst 6800 8-port
    10GE with integrated
    DFC4 (C6800-16P10G)                 Cisco IOS XE Software Release 15.5(1)
    Cisco Catalyst 6800      CSCvn77182 SY4 (Sep 2019)
    8-port 10GE with
    Integrated DFC4-XL
    (C6800-8P10G-XL)
    Catalyst 6800 8-port
    40GE with dual           CSCvn77182 Cisco IOS XE Software Release 15.5(1)
    integrated dual DFC4-E              SY4 (Sep 2019)
    (C6800-8P40G)
                                        Cisco IOS XE Software Release 16.3.9
                                        (Jul 2019)
    Cisco 1-Port Gigabit                Cisco IOS XE Software Release 16.6.7
    Ethernet WAN Network     CSCvn77218 (Oct 2019)
    Interface Module                    Cisco IOS XE Software Release 16.9.4
    (NIM-1GE-CU-SFP)                    (Aug 2019)
                                        Cisco IOS XE Software Release 16.12.1
                                        (Jul 2019)
                                        Cisco IOS Software Release 15.9(3)M
                                        (Aug 2019)
                                        Cisco IOS Software Release 15.8(3)M3
    Cisco 1120 Connected     CSCvn89140 (Aug 2019)
    Grid Router                         Cisco IOS Software Release 15.7(3)M5
                                        (Sep 2019)
                                        Cisco IOS Software Release 15.6(3)M7
                                        (Sep 2019)
                                        Cisco IOS Software Release 15.9(3)M
                                        (Aug 2019)
                                        Cisco IOS Software Release 15.8(3)M3
    Cisco 1240 Connected     CSCvn89137 (Aug 2019)
    Grid Router                         Cisco IOS Software Release 15.7(3)M5
                                        (Sep 2019)
                                        Cisco IOS Software Release 15.6(3)M7
                                        (Sep 2019)
                                        Cisco IOS XE Software Release 16.3.9
                                        (Jul 2019)
    Cisco 2-Port Gigabit                Cisco IOS XE Software Release 16.6.7
    Ethernet WAN Network     CSCvn77218 (Oct 2019)
    Interface Module                    Cisco IOS XE Software Release 16.9.4
    (NIM-2GE-CU-SFP)                    (Aug 2019)
                                        Cisco IOS XE Software Release 16.12.1
                                        (Jul 2019)
    Cisco 3000 Series                   Firmware release 1.0.05 (image name:
    Industrial Security      CSCvn89146 isa3000-firmware-1005.SPA) (Available)
    Appliances
                                        Cisco IOS XE Software Release 16.3.9
    Cisco 4000 Series                   (Jul 2019)
    Integrated Services                 Cisco IOS XE Software Release 16.6.7
    Router Packet            CSCvn77212 (Oct 2019)
    1024-Channel                        Cisco IOS XE Software Release 16.9.4
    High-Density Voice DSP              (Aug 2019)
    Module (SM-X-PVDM-1000)             Cisco IOS XE Software Release 16.12.1
                                        (Jul 2019)
                                        Cisco IOS XE Software Release 16.3.9
    Cisco 4000 Series                   (Jul 2019)
    Integrated Services                 Cisco IOS XE Software Release 16.6.7
    Router Packet            CSCvn77212 (Oct 2019)
    2048-Channel                        Cisco IOS XE Software Release 16.9.4
    High-Density Voice DSP              (Aug 2019)
    Module (SM-X-PVDM-2000)             Cisco IOS XE Software Release 16.12.1
                                        (Jul 2019)
                                        Cisco IOS XE Software Release 16.3.9
    Cisco 4000 Series                   (Jul 2019)
    Integrated Services                 Cisco IOS XE Software Release 16.6.7
    Router Packet            CSCvn77212 (Oct 2019)
    3080-Channel                        Cisco IOS XE Software Release 16.9.4
    High-Density Voice DSP              (Aug 2019)
    Module (SM-X-PVDM-3000)             Cisco IOS XE Software Release 16.12.1
                                        (Jul 2019)
                                        Cisco IOS XE Software Release 16.3.9
    Cisco 4000 Series                   (Jul 2019)
    Integrated Services                 Cisco IOS XE Software Release 16.6.7
    Router Packet            CSCvn77212 (Oct 2019)
    768-Channel High-Density            Cisco IOS XE Software Release 16.9.4
    Voice DSP Module                    (Aug 2019)
    (SM-X-PVDM-500)                     Cisco IOS XE Software Release 16.12.1
                                        (Jul 2019)
    Cisco 4221 Integrated               Utility File Name:
    Services Router          CSCvn77153 isr4200_cpld_update_v1.1_SPA.bin (Jun
                                        2019)
    Cisco 4321 Integrated               Utility File Name:
    Services Router          CSCvn77156 isr4300_cpld_update_v1.1_SPA.bin (Jun
                                        2019)
    Cisco 4331 Integrated               Utility File Name:
    Services Router          CSCvn77156 isr4300_cpld_update_v1.1_SPA.bin (Jun
                                        2019)
    Cisco 4351 Integrated               Utility File Name:
    Services Router          CSCvn77156 isr4300_cpld_update_v1.1_SPA.bin (Jun
                                        2019)
    Cisco 4431 Integrated               Utility File Name:
    Services Router          CSCvn77155 isr4400_cpld_update_v1.1_SPA.bin (Jun
                                        2019)
    Cisco 4451-X Integrated             Utility File Name:
    Services Router          CSCvn77155 isr4400_cpld_update_v1.1_SPA.bin (Jun
                                        2019)
    Cisco 4461 Integrated               Utility File Name:
    Services Router          CSCvn77154 isr4400_cpld_update_v1.1_SPA.bin (Jun
                                        2019)
    Cisco 5000 Series
    Enterprise Network       CSCvn77150 Release no. TBD (Jul 2019)
    Compute System
                                        Cisco IOS Software Release 15.8(3)M2a
    Cisco 809 Industrial                (Available)
    Integrated Services      CSCvn89138 Cisco IOS Software Release 15.7(3)M4b
    Routers                             (Available)
                                        Cisco IOS Software Release 15.6(3)M6b
                                        (Available)
                                        Cisco IOS Software Release 15.8(3)M2a
    Cisco 829 Industrial                (Available)
    Integrated Services      CSCvn89143 Cisco IOS Software Release 15.7(3)M4b
    Routers                             (Available)
                                        Cisco IOS Software Release 15.6(3)M6b
                                        (Available)
    Cisco ASR 1000 Embedded
    Services Processor, 200G CSCvn77159 Release no. TBD (Jun 2019)
    (ASR1000-ESP200)
    Cisco ASR 1000 Fixed
    Ethernet Line Card       CSCvn89144 Release no. TBD (Jun 2019)
    (6x10GE) (ASR1000-6TGE)
    Cisco ASR 1000 Fixed
    Ethernet Line Card,      CSCvn89144 Release no. TBD (Jun 2019)
    2x10GE + 20x1GE
    (ASR1000-2T+20X1GE)
    Cisco ASR 1000 Series
    100-Gbps Embedded        CSCvn77160 Release no. TBD (Jun 2019)
    Services Processor (ASR
    1000-ESP100)
    Cisco ASR 1000 Series
    Modular Interface        CSCvn77158 Release no. TBD (Jun 2019)
    Processor
    (ASR1000-MIP100)
    Cisco ASR 1000 Series
    Route Processor 3 (Cisco CSCvn77167 Release no. TBD (Jun 2019)
    ASR1000-RP3)
    Cisco ASR 1001-HX Router CSCvn77162 ASR1K-fpga_prog.16.0.0.xe.bin
                                        (Available)
    Cisco ASR 1001-X         CSCvn89145 ASR1K-fpga_prog.16.0.0.xe.bin
                                        (Available)
    Cisco ASR 1002-HX Router CSCvn77166 ASR1K-fpga_prog.16.0.0.xe.bin
                                        (Available)
    Cisco ASR 900 Series
    Route Switch Processor 2 CSCvn77168 Cisco IOS XE Software Release 16.12.1
    - 128G, Base Scale                  (Jul 2019)
    (A900-RSP2A-128)
    Cisco ASR 900 Series
    Route Switch Processor 2 CSCvn77168 Cisco IOS XE Software Release 16.12.1
    - 64G, Base Scale                   (Jul 2019)
    (A900-RSP2A-64)
    Cisco ASR 900 Series
    Route Switch Processor 3 CSCvn77169 Cisco IOS XE Software Release 16.12.1
    - 200G, Large Scale                 (Jul 2019)
    (A900-RSP3C-200)
    Cisco ASR 9000 Series
    16-Port 100 Gigabit      CSCvn77180 Cisco IOS XR Software Release 7.0.1
    Ethernet Line Card                  (Jul 2019)
    (A99-16X100GE-X-SE)
    Cisco ASR 9000 Series
    16-Port 100 Gigabit                 Cisco IOS XR Software Release 7.0.1
    Ethernet Line Card       CSCvn77180 (Jul 2019)
    (A9K-16X100GE-TR,
    A9K-16X100GE-CM)
    Cisco ASR 9000 Series
    32-Port 100 Gigabit                 Cisco IOS XR Software Release 7.0.1
    Ethernet Line Card       CSCvn77180 (Jul 2019)
    (A99-32X100GE-TR,
    A99-32X100GE-CM)
    Cisco ASR 9000 Series
    Route Switch Processor 5 CSCvn77175 Cisco IOS XR Software Release 7.0.1
    for Packet Transport                (Jul 2019)
    (A9K-RSP5-TR)
    Cisco ASR 9000 Series
    Route Switch Processor 5 CSCvn77175 Cisco IOS XR Software Release 7.0.1
    for Service Edge                    (Jul 2019)
    (A9K-RSP5-SE)
    Cisco ASR 920 Series
    Aggregation Services
    Routers 10GE and 2-10GE
    - Passively Cooled DC               Cisco IOS XE Software Release 16.12.1
    model (ASR-920-10SZ-PD), CSCvn77171 (Jul 2019)
    Cisco ASR920 Series -
    20GE SFP, 4Cu and
    4-10GE: Modular PSU
    (ASR-920-20SZ-M)
    Cisco ASR 920 Series
    Aggregation Services                Cisco IOS XE Software Release 16.12.1
    Routers 12 x 1/10GE SFP, CSCvn77171 (Jul 2019)
    AC Model
    (ASR-920-12SZ-A)
    Cisco ASR 920 Series
    Aggregation Services                Cisco IOS XE Software Release 16.12.1
    Routers 12 x 1/10GE SFP, CSCvn77171 (Jul 2019)
    DC Model
    (ASR-920-12SZ-D)
    Cisco ASR 920 Series
    Aggregation Services                Cisco IOS XE Software Release 16.12.1
    Routers 12GE and 2-10GE  CSCvn77171 (Jul 2019)
    - AC model
    (ASR-920-12CZ-A)
    Cisco ASR 920 Series
    Aggregation Services                Cisco IOS XE Software Release 16.12.1
    Routers 12GE and 2-10GE  CSCvn77171 (Jul 2019)
    - DC model
    (ASR-920-12CZ-D)
    Cisco ASR 920 Series
    Aggregation Services                Cisco IOS XE Software Release 16.12.1
    Routers 24GE Copper and  CSCvn77172 (Jul 2019)
    4-10GE - Modular PSU
    (ASR-920-24TZ-M)
    Cisco ASR 920 Series
    Aggregation Services                Cisco IOS XE Software Release 16.12.1
    Routers 24GE Fiber and   CSCvn77172 (Jul 2019)
    4-10GE - Modular PSU
    (ASR-920-24SZ-M)
    Cisco ASR 920 Series
    Aggregation Services     CSCvn77171 Cisco IOS XE Software Release 16.12.1
    Routers 2GE and 4-10GE -            (Jul 2019)
    AC model (ASR-920-4SZ-A)
    Cisco ASR 920 Series
    Aggregation Services     CSCvn77171 Cisco IOS XE Software Release 16.12.1
    Routers 2GE and 4-10GE -            (Jul 2019)
    DC model (ASR-920-4SZ-D)
    Cisco ASR 920 Series
    Aggregation Services
    Routers Conformal Coated
    - 12GE and 4-10GE, 1 IM             Cisco IOS XE Software Release 16.12.1
    Slot                     CSCvn77170 (Jul 2019)
    (ASR-920-12SZ-IM-CC),
    Cisco ASR920 Series -
    12GE and 4-10GE, 1 IM
    slot (ASR-920-12SZ-IM)
    Cisco ASR 9900 Route                Cisco IOS XR Software Release 7.0.1
    Processor 3 for Packet   CSCvn77175 (Jul 2019)
    Transport (A99-RP3-TR)
    Cisco ASR 9900 Route                Cisco IOS XR Software Release 7.0.1
    Processor 3 for Service  CSCvn77175 (Jul 2019)
    Edge (A99-RP3-SE)
    Cisco ASR920 Series -
    24GE and 4-10GE -        CSCvn77172 Cisco IOS XE Software Release 16.12.1
    Modular PSU and IM                  (Jul 2019)
    (ASR-920-24SZ-IM)
    Cisco Catalyst 6800
    16-port 10GE with        CSCvn77182 Cisco IOS XE Software Release 15.5(1)
    Integrated DFC4-XL                  SY4 (Sep 2019)
    (C6800-16P10G-XL)
    Cisco Catalyst 6800
    32-port 10GE with Dual   CSCvn77182 Cisco IOS XE Software Release 15.5(1)
    Integrated Dual DFC4-XL             SY4 (Sep 2019)
    (C6800-32P10G-XL)
    Cisco Catalyst 6800
    8-port 40GE with Dual    CSCvn77182 Cisco IOS XE Software Release 15.5(1)
    Integrated Dual DFC4-EXL            SY4 (Sep 2019)
    (C6800-8P40G-XL)
    Cisco Catalyst 6800                 Cisco IOS XE Software Release 15.5(1)
    Series Supervisor Engine CSCvn77181 SY4 (Sep 2019)
    6T XL
    Cisco Catalyst                      Cisco IOS Software Release 15.5(1)SY4
    6816-X-Chassis (Standard CSCvn77183 (Sep 2019)
    Tables) (C6816-X-LE)
    Cisco Catalyst
    6824-X-Chassis and 2 x   CSCvn77183 Cisco IOS Software Release 15.5(1)SY4
    40G (Standard Tables)               (Sep 2019)
    (C6824-X-LE-40G)
    Cisco Catalyst                      Cisco IOS Software Release 15.5(1)SY4
    6832-X-Chassis (Standard CSCvn77183 (Sep 2019)
    Tables) (C6832-X-LE)
    Cisco Catalyst
    6840-X-Chassis and 2 x   CSCvn77183 Cisco IOS Software Release 15.5(1)SY4
    40G (Standard Tables)               (Sep 2019)
    (C6840-X-LE-40G)
    Cisco Catalyst 9300                 Utility name:
    Series Switches          CSCvn77209 cat9k_iosxe.16.00.00fpgautility.SPA.bin
                                        (Available)
    Cisco Catalyst 9500
    Series High-Performance             Utility name:
    Switch with 24x 1/10/25G CSCvn89150 cat9k_iosxe.16.00.00fpgautility.SPA.bin
    Gigabit Ethernet + 4x 40            (Available)
    /100G Uplink
    (C9500-24Y4C)
    Cisco Catalyst 9500
    Series High-Performance             Utility name:
    Switch with 32x 100      CSCvn89150 cat9k_iosxe.16.00.00fpgautility.SPA.bin
    Gigabit Ethernet                    (Available)
    (C9500-32C)
    Cisco Catalyst 9500
    Series High-Performance             Utility name:
    Switch with 32x 40       CSCvn89150 cat9k_iosxe.16.00.00fpgautility.SPA.bin
    Gigabit Ethernet                    (Available)
    (C9500-32QC)
    Cisco Catalyst 9500
    Series High-Performance             Utility name:
    Switch with 48x 1/10/25G CSCvn89150 cat9k_iosxe.16.00.00fpgautility.SPA.bin
    Gigabit Ethernet + 4x 40            (Available)
    /100G Uplink
    (C9500-48Y4C)
    Cisco Catalyst 9500                 Utility name:
    Series Switch with 12x   CSCvn77220 cat9k_iosxe.16.00.00fpgautility.SPA.bin
    40G Gigabit Ethernet                (Available)
    (C9500-12Q)
    Cisco Catalyst 9500                 Utility name:
    Series Switch with 16x 1 CSCvn77220 cat9k_iosxe.16.00.00fpgautility.SPA.bin
    /10G Gigabit Ethernet               (Available)
    (C9500-16X)
    Cisco Catalyst 9500                 Utility name:
    Series Switch with 24x   CSCvn77220 cat9k_iosxe.16.00.00fpgautility.SPA.bin
    40G Gigabit Ethernet                (Available)
    (C9500-24Q)
    Cisco Catalyst 9500                 Utility name:
    Series Switch with 40x 1 CSCvn77220 cat9k_iosxe.16.00.00fpgautility.SPA.bin
    /10G Gigabit Ethernet               (Available)
    (C9500-40X)
    Cisco Catalyst 9600      CSCvn95346 Cisco IOS XE Software Release 16.12.1
    Supervisor Engine-1                 (Jul 2019)
    Cisco Catalyst 9800-40   CSCvn77165 C9800-40_fpga_prog.16.0.0.xe.bin
    Wireless Controller                 (Available)
    Cisco Catalyst 9800-80   CSCvn77163 C9800-80_fpga_prog.16.0.0.xe.bin
    Wireless Controller                 (Available)
    Cisco IC3000 Industrial  CSCvp42792 Firmware Release 1.0.2 (image name
    Compute Gateway                     IC3000-K9-1.0.3.SPA) (Jul 2019)
    Cisco MDS 9000 Family 24            Cisco NX-OS Software Release 8.4.1
    /10 SAN Extension Module CSCvn77141 (June 2019)
    (DS-X9334-K9)
    Cisco NCS 200 Series 10/
    40/100G MR Muxponder     CSCvn77191 11.1 (Jul 2019)
    (NCS2K-MR-MXP-K9)
    Cisco NCS 5500 12X10,               Cisco IOS XR Software Release 7.1.1
    2X40 2XMPA Line Card     CSCvn77202 (Nov 2019)
    Base (NC55-MOD-A-S)
    Cisco NCS 5500 Series 24
    Ports of 100GE and 12               Cisco IOS XR Software Release 7.1.1
    Ports of 40GE High-Scale CSCvn77202 (Nov 2019)
    Line Card
    (NC55-24H12F-SE)
    Cisco NCS 5500 Series 36
    ports of 100GE           CSCvn77202 Cisco IOS XR Software Release 7.1.1
    High-Scale Line Card                (Nov 2019)
    (NC55-36X100G-A-SE)
    Cisco NCS 5504 Fabric    CSCvn77202 Cisco IOS XR Software Release 7.1.1
    Card (NC55-5504-FC)                 (Nov 2019)
    Cisco NCS 5516 Fabric    CSCvn77202 Cisco IOS XR Software Release 7.1.1
    Card (NC55-5516-FC)                 (Nov 2019)
    Cisco NCS 55A2 Fixed                Cisco IOS XR Software Release 7.1.1
    24X10G + 16X25G MPA      CSCvn77201 (Nov 2019)
    Chassis (NCS-55A2-MOD-S)
    Cisco NCS 55A2 Fixed
    24X10G + 16X25G MPA                 Cisco IOS XR Software Release 7.1.1
    Chassis, Temperature     CSCvn77201 (Nov 2019)
    Hardened
    (NCS-55A2-MOD-HD-S)
    Cisco NCS 55A2 Fixed
    24X10G + 16X25G MPA
    Chassis, Temperature     CSCvn77201 Cisco IOS XR Software Release 7.1.1
    Hardened with Conformal             (Nov 2019)
    Coating
    (NCS-55A2-MOD-HX-S)
    Cisco NCS 55A2 Fixed
    24X10G + 16X25G MPA      CSCvn77201 Cisco IOS XR Software Release 7.1.1
    Scale Chassis                       (Nov 2019)
    (NCS-55A2-MOD-SE-S)
    Cisco NCS 55A2 Fixed
    24X10G + 16X25G MPA
    Scale Chassis,           CSCvn77201 Cisco IOS XR Software Release 7.1.1
    Temperature Hardened                (Nov 2019)
    with Conformal Coating
    (NCS-55A2-MOD-SE-H-S)
    Cisco NCS5501 - 40x10G              Cisco IOS XR Software Release 7.1.1
    and 4x100G Scale Chassis CSCvn77201 (Nov 2019)
    (NCS-5501-SE)
    Cisco NCS5501 Fixed                 Cisco IOS XR Software Release 7.1.1
    48x10G and 6x100G        CSCvn77201 (Nov 2019)
    Chassis (NCS-5501)
    Cisco NCS5502 - 48x100G             Cisco IOS XR Software Release 7.1.1
    Scale Chassis            CSCvn77201 (Nov 2019)
    (NCS-5502-SE)
    Cisco NCS5502 Fixed                 Cisco IOS XR Software Release 7.1.1
    48x100G Chassis          CSCvn77201 (Nov 2019)
    (NCS-5502)
    Cisco NCS55A1 Fixed                 Cisco IOS XR Software Release 7.1.1
    24x100G Chassis          CSCvn77201 (Nov 2019)
    (NCS-55A1-24H)
    Cisco NCS55A1 Fixed                 Cisco IOS XR Software Release 7.1.1
    36x100G Base Chassis     CSCvn77201 (Nov 2019)
    (NCS-55A1-36H-S)
    Cisco NCS55A1 Fixed                 Cisco IOS XR Software Release 7.1.1
    36x100G Scale Chassis    CSCvn77201 (Nov 2019)
    (NCS-55A1-36H-SE-S)
    Cisco Network            CSCvn77219 Cisco IOS XR Software Release 7.0.1
    Convergence System 1002             (Jul 2019)
    Cisco Network            CSCvn77207 Cisco IOS XR Software Release 7.1.1
    Convergence System 5001             (Nov 2019)
    Cisco Network            CSCvn77205 Cisco IOS XR Software Release 7.1.1
    Convergence System 5002             (Nov 2019)
    Cisco Network
    Convergence System 5500             Cisco IOS XR Software Release 7.1.1
    Series: 1.2-Tbps IPoDWDM CSCvn77202 (Nov 2019)
    Modular Line Card
    (NC55-6X200-DWDM-S)
    Cisco Network
    Convergence System 5500             Cisco IOS XR Software Release 7.1.1
    Series: 36X100G MACsec   CSCvn77202 (Nov 2019)
    Modular Line Cards
    (NC55-36X100G-S)
    Cisco Nexus 31108PC-V,              Cisco NX-OS Software Release 9.3(2)
    48 SFP+ and 6 QSFP28     CSCvn77245 (Aug 2019)
    ports (N3K-C31108PC-V)
    Cisco Nexus 31108TC-V,
    48 10Gbase-T RJ-45 and 6 CSCvn77245 Cisco NX-OS Software Release 9.3(2)
    QSFP28 ports                        (Aug 2019)
    (N3K-C31108TC-V)
    Cisco Nexus 3132C-Z      CSCvn77245 Cisco NX-OS Software Release 9.3(2)
    Switches (N3K-C3132C-Z)             (Aug 2019)
    Cisco Nexus 3264C-E      CSCvn77245 Cisco NX-OS Software Release 9.3(2)
    Switches (N3K-C3264C-E)             (Aug 2019)
    Cisco Nexus 7000
    M3-Series 48-Port 1/10G  CSCvn77141 Cisco NX-OS Software Release 8.4.1
    Ethernet Module                     (June 2019)
    (N7K-M348XP-25L)
    Cisco Nexus 7700
    M3-Series 12-Port 100G   CSCvn77141 Cisco NX-OS Software Release 8.4.1
    Ethernet Module                     (June 2019)
    (N77-M312CQ-26L)
    Cisco Nexus 7700
    M3-Series 24-Port 40G    CSCvn77141 Cisco NX-OS Software Release 8.4.1
    Ethernet Module                     (June 2019)
    (N7K-M324FQ-25L)
    Cisco Nexus 7700
    M3-Series 48-Port 1/10G  CSCvn77141 Cisco NX-OS Software Release 8.4.1
    Ethernet Module                     (June 2019)
    (N77-M348XP-23L)
    Cisco Nexus 7700         CSCvn77141 Cisco NX-OS Software Release 8.4.1
    Supervisor 3 (N77-SUP3E)            (June 2019)
    Cisco Nexus 9332C ACI
    Spine Switch with 32p 40 CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    /100G QSFP28, 2p 1/10G              (Aug 2019)
    SFP (N9K-C9332C)
    Cisco Nexus 9364C ACI
    Spine Switch with 64p 40 CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    /100G QSFP28, 2p 1/10G              (Aug 2019)
    SFP (N9K-C9364C)
    Cisco Nexus 9500 4-Core/
    4-Thread Supervisor      CSCvn77142
    (N9K-SUP-A)
    Cisco Nexus 9500 6-Core/
    12-Thread Supervisor     CSCvn77142
    (N9K-SUP-B)
    Cisco Packet-over-T3/E3
    Service Module (SM-X-1T3 CSCvn77147 Release no. TBD (Oct 2019)
    /E3)
    Cisco cBR-8 Integrated              Cisco IOS XE Software Release 16.12.1
    CCAP 40G Remote PHY Line CSCvn77184 (Jul 2019)
    Card (CBR-CCAP-LC-40G-R)
    MDS 9700 48-Port 32-Gbps            Cisco NX-OS Software Release 8.4.1
    Fibre Channel Switching  CSCvn77141 (June 2019)
    Module (DS-X9648-1536K9)
    Nexus 9200 with 36p 40G  CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    100G QSFP28 (N9K-C9236C)            (Aug 2019)
    Nexus 9200 with 48p 1/
    10G/25G SFP+ and 6p 40G  CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    QSFP or 4p 100G QSFP28              (Aug 2019)
    (N9K-C92160YC-X)
    Nexus 9200 with 48p 10/             Cisco NX-OS Software Release 9.3(2)
    25 Gbps and 18p 100G     CSCvn77143 (Aug 2019)
    QSFP28 (N9K-C92300YC)
    Nexus 9200 with 56p 40G             Cisco NX-OS Software Release 9.3(2)
    QSFP+ and 8p 100G QSFP28 CSCvn77143 (Aug 2019)
    (N9K-C92304QC)
    Nexus 9200 with 72p 40G  CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    QSFP+ (N9K-C9272Q)                  (Aug 2019)
    Nexus 9300 with 48p 1/
    10G/25G SFP and 6p 40G/             Cisco NX-OS Software Release 9.3(2)
    100G QSFP28, MACsec, and CSCvn77143 (Aug 2019)
    Unified Ports Capable
    (N9K-C93180YC-FX)
    Nexus 9300 with 48p 100M
    /1G BASE-T, 4p 10/25G    CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    SFP28 and 2p 40G/100G               (Aug 2019)
    QSFP28 (N9K-C9348GC-FXP)
    Nexus 9300 with 48p 10G
    BASE-T and 6p 40G/100G   CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    QSFP28, MACsec Capable              (Aug 2019)
    (N9K-C93108TC-FX)
    Nexus 9K Fixed with 32p  CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    100G QSFP28 (N9K-C9232C)            (Aug 2019)
    Nexus 9K Fixed with 48p
    1/10G/25G SFP and 12p    CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    40G/100G QSFP28                     (Aug 2019)
    (N9K-C93240YC-FX2)
    Nexus 9K Fixed with 48p
    1/10G/25G SFP and 6p 40G CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    /100G QSFP28                        (Aug 2019)
    (N9K-C93180YC-EX)
    Nexus 9K Fixed with 48p
    10G BASE-T and 6p 40G/   CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    100G QSFP28                         (Aug 2019)
    (N9K-C93108TC-EX)
    Nexus 9K Fixed with up
    to 32p 40/50G QSFP+ or   CSCvn77143 Cisco NX-OS Software Release 9.3(2)
    up to 18p 100G QSFP28               (Aug 2019)
    (N9K-C93180LC-EX)
    Supervisor A+ for Nexus  CSCvn77142
    9500 (N9K-SUP-A+)
    Supervisor B+ for Nexus  CSCvn77142
    9500 (N9K-SUP-B+)
                     Voice and Unified Communications Devices
    Analog Voice Network
    Interface Modules for
    Cisco 4000 Series ISRs
    (NIM-2FXO, NIM-4FXO,
    NIM-2FXS, NIM-4FXS,      CSCvn77151 Release no. TBD (Sep 2019)
    NIM-2FXS/4FXO,
    NIM-2FXSP, NIM-4FXSP,
    NIM-2FXS/4FXOP, NIM-4E/
    M, NIM-2BRI-NT/TE,
    NIM-4BRI-NT/TE)
    Cisco 4000 Series
    Integrated Services
    Router T1/E1 Voice and
    WAN Network Interface
    Modules (NIM-1MFT-T1/E1,
    NIM-2MFT-T1/E1,          CSCvn77152 Release no. TBD (Sep 2019)
    NIM-4MFT-T1/E1,
    NIM-8MFT-T1/E1,
    NIM-1CE1T1-PRI,
    NIM-2CE1T1-PRI,
    NIM-8CE1T1-PRI)

   
    Products Confirmed Not Vulnerable

    Cisco has investigated all Cisco products that support hardware-based
    Secure Boot functionality to verify that they are enforcing the appropriate
    access control checks.

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    No other Cisco products that support hardware-based Secure Boot
    functionality are vulnerable.

Details

  o An attacker will need to fulfill all the following conditions to attempt to
    exploit this vulnerability:

       Have privileged administrative access to the device.
       Be able to access the underlying operating system running on the
        device; this can be achieved either by using a supported, documented
        mechanism or by exploiting another vulnerability that would provide an
        attacker with such access.
       Develop or have access to a platform-specific exploit. An attacker
        attempting to exploit this vulnerability across multiple affected
        platforms would need to research each one of those platforms and then
        develop a platform-specific exploit. Although the research process
        could be reused across different platforms, an exploit developed for a
        given hardware platform is unlikely to work on a different hardware
        platform.

    Cisco is in the process of developing and releasing software fixes for all
    affected platforms. In most cases, the fix will require an on-premise
    reprogramming of a low-level hardware component that is required for normal
    device operation. A failure during this reprogramming process may cause the
    device to become unusable and require a hardware replacement. Customers are
    advised to consult the Release Note Enclosure for the Cisco bug relevant to
    their platform for the following information:

     1. Causes that could lead to a failure of the reprogramming process and
        cause the device to become unusable
     2. A platform-specific set of steps that are required to reprogram a
        device
     3. The procedure required to determine whether a given device is running
        an affected firmware version (that therefore must be fixed) or whether
        the device is already running a fixed firmware version

    The product release notes that are published with each platform-specific
    fixed software release will include more detailed information about items 2
    and 3 in the preceding list. The product release notes should be considered
    the most up-to-date source of information about these items.

    For details about Secure Boot and related Trustworthy Technologies, please
    refer to the Trustworthy Technologies Datasheet .

Workarounds

  o There are no workarounds that address this vulnerability.

    Cisco Guide to Harden Cisco IOS Devices provides information about how to
    harden the device and secure management access. Implementing the
    recommendations in this document would reduce the attack surface for this
    vulnerability.

Fixed Software

  o For information about fixed software releases, consult the Cisco bugs
    identified in the Vulnerable Products section of this advisory.

    Cisco will release free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

Exploitation and Public Announcements

  o This vulnerability was publicly disclosed by Red Balloon Security on May
    13, 2019.

    The Cisco Product Security Incident Response Team (PSIRT) is aware of the
    existence of proof-of-concept code that demonstrates this vulnerability on
    the Cisco ASR 1001-X. There are no indications at this time that this
    proof-of-concept code is publicly available.

    Cisco PSIRT is not aware of any malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Mr. Jatin Kataria (Principal Research Scientist),
    Mr. Richard Housley (Research Scientist), and Dr. Ang Cui (Chief Scientist)
    of Red Balloon Security for reporting this vulnerability to Cisco and
    working toward a coordinated disclosure.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190513-secureboot

Revision History

  o +---------+--------------------------+------------+---------+-------------+
    | Version |       Description        |  Section   | Status  |    Date     |
    +---------+--------------------------+------------+---------+-------------+
    |         | Updated list of          |            |         |             |
    | 1.6     | vulnerable products.     | Vulnerable | Interim | 2019-May-22 |
    |         | Updated fix availability | Products   |         |             |
    |         | date for some products.  |            |         |             |
    +---------+--------------------------+------------+---------+-------------+
    |         | Updated list of          |            |         |             |
    | 1.5     | vulnerable products.     | Vulnerable | Interim | 2019-May-20 |
    |         | Updated fix availability | Products   |         |             |
    |         | date for some products.  |            |         |             |
    +---------+--------------------------+------------+---------+-------------+
    |         | Updated list of          |            |         |             |
    | 1.4     | vulnerable products.     | Vulnerable | Interim | 2019-May-16 |
    |         | Updated fix availability | Products   |         |             |
    |         | date for some products.  |            |         |             |
    +---------+--------------------------+------------+---------+-------------+
    |         | Updated list of          |            |         |             |
    | 1.3     | vulnerable products.     | Vulnerable | Interim | 2019-May-15 |
    |         | Updated fix availability | Products   |         |             |
    |         | date for some products.  |            |         |             |
    +---------+--------------------------+------------+---------+-------------+
    |         | Updated list of          |            |         |             |
    | 1.2     | vulnerable products.     | Vulnerable | Interim | 2019-May-14 |
    |         | Updated fix availability | Products   |         |             |
    |         | date for some products.  |            |         |             |
    +---------+--------------------------+------------+---------+-------------+
    |         | Updated list of          |            |         |             |
    |         | vulnerable products.     | Vulnerable |         |             |
    | 1.1     | Added link to Datasheet  | Products,  | Interim | 2019-May-13 |
    |         | for Cisco Trustworthy    | Details    |         |             |
    |         | Technologies.            |            |         |             |
    +---------+--------------------------+------------+---------+-------------+
    | 1.0     | Initial public release.  | -          | Interim | 2019-May-13 |
    +---------+--------------------------+------------+---------+-------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXOXwaWaOgq3Tt24GAQiTjBAAxPOrTam11fhIspTIgpzAMsQkkIClRUXB
sKukfKuLkUeUpikbgsWvv7fP1OCrcXf/S5vWkFcNLFdv6d6SRrI7ymQ31j2FkemQ
cxO9lu8P5bQ5Ku3wKwbMlud/AVVxkrgAAmpbs/+rr3FK1t8FkV0VS38ctFrUSpFT
mhEfG9y4SL2xcDtjKOOpVxbMmh6D4RJaTdp/+jaSlj8dnygNvxmFzxbWT4pXM7MO
76y9JkuHYZAOGJz+rLPXC4v+Wjunz0gfHP7zWYrvZzrrfJOMnaS6Us6laZNvyoYm
PRNewFUZ9Z0TyuD+jyV3FLlr5FnO0wYJ9uHMfkeOhEpMhlrenxgrsJghUNY0iVON
5Y3JDHnP5kXMgD9uGhrhAh5Szhj7IBkFr6SNfuxgSozY9/BuyCl0ZN0Yk2Bc2CUS
HOP8pHfQPozDapNvNTL3I2wiA4CxfX5bw/drI/sT/bPMjGNABL6hg7zSjgDxjueJ
BTZDyrTOZwL1JwKW40tO8pohQz5glXyAlcpVEHTKD2btgxJrWA6gjTtJ7wvb8yed
JpVF07r3KwQrdydIIEB5dTAwkPfZEKs7CZGkf4ekwTZoNuh9b4jg78BJENwVZL3t
Znmw8CmbDcv20a3wTaWdTiskSRNyccajgJhTAFBYKlw9EGD/I/FcHSApjX4SJq23
w1AOjm92qHk=
=hyUe
-----END PGP SIGNATURE-----