All the vulnerabilites related to cisco - c6800-16p10g-xl
Vulnerability from fkie_nvd
Published
2017-09-29 01:34
Modified
2024-11-21 03:09
Severity ?
Summary
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/101040 | Broken Link, Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1039453 | Broken Link, Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101040 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039453 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios | * | |
| cisco | c6800-16p10g | - | |
| cisco | c6800-16p10g-xl | - | |
| cisco | catalyst_6000 | - | |
| cisco | catalyst_6000_ws-svc-nam-1 | 2.2\(1a\) | |
| cisco | catalyst_6000_ws-svc-nam-1 | 3.1\(1a\) | |
| cisco | catalyst_6000_ws-svc-nam-2 | 2.2\(1a\) | |
| cisco | catalyst_6000_ws-svc-nam-2 | 3.1\(1a\) | |
| cisco | catalyst_6000_ws-x6380-nam | 2.1\(2\) | |
| cisco | catalyst_6000_ws-x6380-nam | 3.1\(1a\) | |
| cisco | catalyst_6500 | - | |
| cisco | catalyst_6500-e | - | |
| cisco | catalyst_6500_ws-svc-nam-1 | 2.2\(1a\) | |
| cisco | catalyst_6500_ws-svc-nam-1 | 3.1\(1a\) | |
| cisco | catalyst_6500_ws-svc-nam-2 | 2.2\(1a\) | |
| cisco | catalyst_6500_ws-svc-nam-2 | 3.1\(1a\) | |
| cisco | catalyst_6500_ws-x6380-nam | 2.1\(2\) | |
| cisco | catalyst_6500_ws-x6380-nam | 3.1\(1a\) | |
| cisco | catalyst_6503-e | - | |
| cisco | catalyst_6504-e | - | |
| cisco | catalyst_6506-e | - | |
| cisco | catalyst_6509-e | - | |
| cisco | catalyst_6509-neb-a | - | |
| cisco | catalyst_6509-v-e | - | |
| cisco | catalyst_6513 | - | |
| cisco | catalyst_6513-e | - |
{
"cisaActionDue": "2022-03-24",
"cisaExploitAdd": "2022-03-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8ACCBC-19E5-4960-84BF-BD6EBAE0AC39",
"versionEndIncluding": "15.4",
"versionStartIncluding": "15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:c6800-16p10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D782FEB-FF9A-4F41-95BA-88C239656F7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c6800-16p10g-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F508C81E-D31B-44BA-82C8-FEDA00324B8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38280588-3CE2-4797-A56A-00256E634C62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1A2AF1C7-23EB-4C13-AC71-4FA7E78E8ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0BF0BBC8-04BD-4867-B188-35461E50FF16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A2C1E3F7-D48E-4AF1-8205-33EB71E09E09",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C959C93D-D58C-4AB5-9058-0CF257C68F72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4FDB5EAC-E41D-4A15-B059-45B4BE4813EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2DF345D-AD8A-4DE6-8136-6EF7B011E4B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFBFA86-64F2-4CB0-99E1-FAEFCA690FF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15B48565-92C7-4AE1-AE3A-6FF7DD010745",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EC58B690-8D30-4A04-82AA-A827F87DEE02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E6BED8BD-79D2-4DD9-A895-66A8C9349F62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41491D13-A3F9-464A-A84B-A58320838CBD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9E0747C3-2712-4FA9-92E3-260B3CF080DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CFF4CBFF-56C4-4411-9F12-2506C3DD563E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DD4D3F34-A1B3-4469-BF21-666FDAE9198B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6503-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F202892E-2E58-4D77-B983-38AFA51CDBC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6504-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F57DF3E-4069-4EF0-917E-84CDDFCEBEEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6506-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE25114-ABBC-47A0-9C20-E8D40D721313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6509-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FADD5F49-2817-40EC-861C-C922825708BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6509-neb-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E628F9C4-98C6-4A95-AF81-F1E6A56E8648",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6509-v-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFF899C-1EB3-46D8-9003-EA36A68C90B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6513:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6463491-F63E-44CB-A1D4-C029BE7D3D3D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_6513-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8668D34-096B-4FC3-B9B1-0ECFD6265778",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el c\u00f3digo VPLS (Virtual Private LAN Service) de Cisco IOS desde la versi\u00f3n 15.0 hasta la 15.4 para los switches de la serie 6800 de Cisco Catalyst podr\u00eda permitir que un atacante adyacente sin autenticar provoque el cierre inesperado de las tarjetas de l\u00ednea C6800-16P10G o C6800-16P10G-XL, provocando una denegaci\u00f3n de servicio (DoS) como consecuencia. Esta vulnerabilidad se debe a un problema de gesti\u00f3n de memoria en el software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad creando un gran n\u00famero de entradas MAC generadas por el VPLS en la tabla de direcciones MAC del dispositivo afectado. Si se explota con \u00e9xito, podr\u00eda permitir que el atacante provoque el cierre inesperado de las tarjetas de l\u00ednea C6800-16P10G o C6800-16P10G-XL, provocando una denegaci\u00f3n de servicio (DoS) como consecuencia. Esta vulnerabilidad afecta a los switches de la serie 6800 de Cisco Catalyst que ejecutan una distribuci\u00f3n vulnerable del software de Cisco IOS y tienen una tarjeta de l\u00ednea Cisco C6800-16P10G o C6800-16P10G-XL que se utiliza con Supervisor Engine 6T. Para que sea vulnerable, el dispositivo tiene que estar tambi\u00e9n configurado con VPLS y la tarjeta de l\u00ednea C6800-16P10G o C6800-16P10G-XL necesita estar en las interfaces conectadas al n\u00facleo MPLS Cisco Bug IDs: CSCva61927."
}
],
"id": "CVE-2017-12238",
"lastModified": "2024-11-21T03:09:06.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-29T01:34:48.997",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101040"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039453"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-13 19:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/108350 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot | Vendor Advisory | |
| ykramarz@cisco.com | https://www.kb.cert.org/vuls/id/400865 | Third Party Advisory, US Government Resource | |
| ykramarz@cisco.com | https://www.us-cert.gov/ics/advisories/icsa-20-072-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108350 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/400865 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-072-03 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "524E28A1-ABD9-416B-804C-EFFD7F822DE5",
"versionEndExcluding": "1.1.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5506-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "763B801D-CA1E-4C56-8B06-3373EA307C7E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asa_5506h-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30AC6907-3091-409F-967D-64A82A0C5A8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asa_5506w-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D11AF728-8EB0-45EB-A7DD-F2D52B3BB7B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asa_5508-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92AE506A-E710-465B-B795-470FDE0E0ECA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asa_5516-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E07AF10-FFB2-4AC7-BBE7-199C3EFED81F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:firepower_2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32B7016C-C909-4F30-A80E-E30E9C2FB607",
"versionEndExcluding": "2.6.1.134",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:firepower_4000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8DB36E-D0AC-4FFC-8FDB-C5520689013A",
"versionEndExcluding": "1.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:firepower_9000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E924AE61-94D5-4A68-A586-CA7119487F67",
"versionEndExcluding": "1.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ons_15454_mstp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8A7F11-B920-4C5B-B3CA-D29740FFE891",
"versionEndExcluding": "11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ons_15454_mstp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBE1DDE-6C69-45EC-A666-D9596E8721DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:analog_voice_network_interface_modules_firmware:*:*:*:*:*:*:4000_series_isrs:*",
"matchCriteriaId": "00BCB49E-E2D2-4374-8D48-A287FC538F4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nim-2bri-nt\\/te:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637D7CA3-89CD-418A-BF87-0935A7805173",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-2fox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBE2B16-B9AD-4ED2-AE18-7087C478FEEC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-2fxs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D94B415B-08E2-4845-BD11-7EBCD08215E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-2fxs\\/4fxo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784ECC2E-F4AC-4430-9F33-9B1DBD89692F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-2fxs\\/4fxop:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A34FAE4-7B2A-47BF-AB0A-5FAF8E8920CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-2fxsp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FADBF85-52F4-468C-A44C-5107484757EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-4bri-nt\\/te:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90E418C4-F91B-4E0D-B1DC-2B099D991F80",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-4e\\/m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E22A4B07-04DF-4AF2-B2A9-E4430C4F3A64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-4fxo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCD640-E1BB-48F8-BEB4-85AAF7099FA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-4fxs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "893147FC-1AD0-441C-B031-6C432ED2FFD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-4fxsp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE30FCF9-DFF6-419C-8DCA-0B695E3FADE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:integrated_services_router_t1\\/e1_voice_and_wan_network_interface_modules_firmware:*:*:*:*:*:*:4000_series:*",
"matchCriteriaId": "239EC4DE-5E2C-44D7-9C32-BFCD854670AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nim-1ce1t1-pri:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2956624-92FC-43D7-A038-15071A90E0B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-1mft-t1\\/e1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "988125C4-DB88-438F-8F6D-0992424081A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-2ce1t1-pri:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9B34B9-78EC-49AE-B342-F2BAD63CD50C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-2mft-t1\\/e1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D258F96-93A5-455E-9542-2C95B3D31455",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-4mft-t1\\/e1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FC34-767F-45B4-8516-A1A8B6C8D917",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-8ce1t1-pri:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08C3403A-3943-4A69-A536-3FA6DEDFF21B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-8mft-t1\\/e1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7259F6BC-BA31-47E4-BFA6-647068A946CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:supervisor_a\\+_firmware:*:*:*:*:*:*:nexus_9500:*",
"matchCriteriaId": "3F825D9C-25C6-4F76-A7EE-F61A548A0CE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:n9k-sup-a\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "360B9A25-5272-487A-AF1A-CE2FDFD6F23C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:supervisor_b\\+_firmware:*:*:*:*:*:*:nexus_9500:*",
"matchCriteriaId": "77C59A0F-F256-42C3-A3E1-71F02614F55A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:n9k-sup-b\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADE8708-95D4-4D30-85ED-BE870410F3B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:15454-m-wse-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F99FC1A-2738-468B-BD01-4F715A1B7809",
"versionEndExcluding": "11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:15454-m-wse-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90242967-37AB-4124-87DE-D826A3895BE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB99D062-EE0C-4695-AA4D-2DCE3E2B15AF",
"versionEndExcluding": "16.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:cbr-8_converged_broadband_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CCBE67-E509-43EC-9AFB-8A9B6A115126",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39C9F8C2-9E34-4027-9112-42AEC0B84F7C",
"versionEndExcluding": "16.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76843179-3569-4556-9F4C-6543B8A8E1DE",
"versionEndExcluding": "16.6.7",
"versionStartIncluding": "16.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B526102-9DDC-4E23-B582-DEF7EA35E42C",
"versionEndExcluding": "16.9.4",
"versionStartIncluding": "16.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F50DDAE4-2C87-4B8B-9BCB-2FD32A6976D6",
"versionEndExcluding": "16.12.1",
"versionStartIncluding": "16.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nim-1ge-cu-sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C56A1D02-3061-40C5-AD87-0BEA869838F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nim-2ge-cu-sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F98C767-8E9F-4B01-A09E-359A496B2B3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sm-x-pvdm-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCAA286-6B36-4EB7-9AE5-CA082D125E78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sm-x-pvdm-2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1C2CF-0EF1-428F-8FB8-D45E4C6CB340",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sm-x-pvdm-3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "450EA21E-68E0-4617-85A9-9C39B96E12ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:sm-x-pvdm-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17B65497-2EAC-4B9E-9D05-58A0B6D1F399",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35726753-BAA4-479F-AF9C-F4D012881F83",
"versionEndExcluding": "15.6\\(3\\)m7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3FBAE1-F786-4799-AF70-6E7B5DC19BB9",
"versionEndIncluding": "15.7\\(3\\)m5",
"versionStartIncluding": "15.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72240B45-0D8E-4EA6-8208-068BF6EF8B30",
"versionEndExcluding": "15.8\\(3\\)m3",
"versionStartIncluding": "15.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F56D01-F647-452D-A564-4198A893BC70",
"versionEndExcluding": "15.9\\(3\\)m",
"versionStartIncluding": "15.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:1120_connected_grid_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6835F8AD-B55D-4B57-B3B5-0095E309B2B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1240_connected_grid_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB6ACAE-8C89-48F6-95BA-DE32F4F81FE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:industrial_security_appliances_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83AA5C75-B959-4167-906C-BE9C84C7E676",
"versionEndExcluding": "1.0.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:industrial_security_appliances_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBBA8E7-14B2-4869-8ED4-72F120E547FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:integrated_services_router_4200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB084F19-E475-41FA-A72F-23D4D6913523",
"versionEndExcluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8AED7C-DDA3-4C29-BB95-6518C02C551A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:integrated_services_router_4300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C49E8AE0-745B-459C-AAD9-D41690D48DDE",
"versionEndExcluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9421DBEF-AE42-4234-B49F-FCC34B804D7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5419CB9F-241F-4431-914F-2659BE27BEA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE02DBE-EAD5-4F37-8AB7-DF46A605A0E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:integrated_services_router_4400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5D8FF8-60F8-4F89-A488-F815D0FB00E1",
"versionEndExcluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5720462A-BE6B-4E84-A1A1-01E80BBA86AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:44461_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "697BEF89-6D9B-4870-BE85-9090152F3E6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "818CEFA6-208C-43C3-8E43-474A93ADCF21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13C3D17D-DD95-49CA-918A-A0F5289B0C3D",
"versionEndExcluding": "15.6\\(3\\)m6b",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA254534-247F-47BA-B146-0E3B7E9F9269",
"versionEndIncluding": "15.7\\(3\\)m4b",
"versionStartIncluding": "15.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F05F3A-A38F-4922-AE54-BE1BC64C4B7C",
"versionEndExcluding": "15.8\\(3\\)m2a",
"versionStartIncluding": "15.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:809_industrial_integrated_services_routers:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C996F3B-0333-4B9A-B3E7-F50E64B0AAB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:829_industrial_integrated_services_routers:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D05CC9-8D04-4DE0-A854-375192B4D46C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asr_1000_series_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C3BBBB-4349-4D2B-9944-84BE03407650",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_1000-esp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5C1005-0C12-4EDA-BC4A-B52201C4F516",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1000_series:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B7C13F-46C5-460A-A6C9-3837A28A0CE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1000-2t\\+20x1ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77D24BB4-6357-4BFC-A4CB-B33ECDEB3BEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1000-6tge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1F849A-05BA-4CA2-96AA-F8DFD5E725A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1000-esp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB060D83-2924-4D1D-9FEE-F8087FA8976D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1000-mip100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF4D0E5-FF09-4919-B603-B42DB535386C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1000-rp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22C36989-4353-4B81-8B0F-FC6322C1C179",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asr_1001_firmware:16.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A267A86B-144D-46C3-9F63-95606106A5B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_1001-hx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7594E307-AC80-41EC-AE94-07E664A7D701",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09C913FF-63D5-43FB-8B39-598EF436BA5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1002-hx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2794BD-C8CE-46EF-9857-1723FCF04E46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C807F789-3038-42C3-B5EB-6CD628EBF718",
"versionEndExcluding": "16.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:a900-rsp2a-128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DED2353D-A508-4764-975F-57F9DACD91FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a900-rsp2a-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBA765C-B6F0-4D4D-8933-06E655084AF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a900-rsp3c-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6F34E1-7DE4-459B-AF41-D973201ADC49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a900-rsp3c-400\\/w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DAC3AF-FEFC-4B14-A7BE-7008E65FD012",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-10sz-pd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCA2DB2-AE09-4A99-90C9-60AE0CD9A035",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-12cz-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B83BED-5A49-4CF0-9827-AA291D01F60E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-12cz-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1E8937-51D9-43E6-876E-5D39AD3D32C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-12sz-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA7AE63-99B9-4F28-8670-639A9B31E494",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-12sz-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E858B4AB-49B1-4F1C-8722-6E6911194924",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-12sz-im-cc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577D1BF2-5180-4301-941C-3C0ADDD23AA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-24sz-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE70CCD-6062-45D8-8566-7C9E237E030F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-24tz-im:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA3A897-ED4E-417F-BA6C-C1A825A210F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-24tz-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "375F9E12-A61B-4FD3-AE07-D4E686EB112A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-4sz-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D724F932-4548-429D-8CAA-E82C3435A194",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr-920-4sz-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCC94C3-9EEF-4600-BE82-8AEDEB0F1446",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9300-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16088337-C057-4271-B5C7-74FE1573B0F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9300-24t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A69B8AFD-17F5-4809-BDB9-3337BA52BC58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9300-24u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A628A7B-FE58-4881-B705-C3BCBED6F201",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9300-24ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9C769E-ED9C-4F06-928D-CC7FFBA54EC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9300-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B19A31-99E3-4141-9FE8-7A5FD16FAE5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9300-48t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1DFCD7-F14A-4530-8E36-55FE0EE1E7C7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9300-48u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84C89BB9-D62D-4E36-8BFD-D583F383120D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9300-48un:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88262B7E-8C2F-49FE-9F58-8A1C78285A93",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9300-48uxm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6109DBC-5489-4FF9-B940-E174126488AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9600_supervisor_engine-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA59279-3504-417D-9E86-E5886EE198BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:cbr-ccap-lc-40g-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C44B33A5-DB73-4A3B-AA5B-97B8493AD28B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:cbr-lc-8d31-16u31:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB82552-DD9D-45C9-8296-B4C8D510FFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:a99-16x100ge-x-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EA89F6-14B5-4EC7-BAEB-E783FF1982AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a99-32x100ge-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BF29D2-7C65-4724-B6AE-249BB22725CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a99-32x100ge-tr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D55DC09B-CF82-4461-8886-BE90451BFF9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a99-rp3-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F393681D-7EC1-46D5-BAFB-786528E259B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a99-rp3-tr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE8CE5B-09CF-4138-9495-7223FFA64443",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a9k-16x100ge-cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15AEC57E-7851-4C8D-AB02-A932C3929F26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a9k-16x100ge-tr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B14DB778-9B07-4AFF-8BF3-4631B23501BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a9k-rsp5-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326F9936-57E7-4E8F-9C51-093788454A3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:a9k-rsp5-tr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "884F1D0A-8A6F-45E4-9AC7-A8603AB8AE4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:network_convergence_system_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D54F012-3136-4CA8-B119-FD7446EC96C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0514874D-C8F0-496E-9B04-FA699B339EEE",
"versionEndExcluding": "15.5\\(1\\)sy4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:c6800-16p10g-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F508C81E-D31B-44BA-82C8-FEDA00324B8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c6800-32p10g-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05A9E0CA-BB70-4F74-BAD6-BE80669D1699",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c6800-8p10g-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CAE1989-0E75-414E-BCB3-E0057F1492E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c6800-8p40g-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A1BA05-615E-4304-992D-6EEA176D852F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c6800-sup6t-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D883A807-6909-4087-892B-1E505521EA7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c6816-x-le:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2D76C8-552A-44C2-9C30-0CF31F6BC719",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c6824-x-le-40g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "649A1287-A03D-48B8-ADFA-26F175366C91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c6832-x-le:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8776111D-894D-4EEB-8ADD-A9AC26AE30D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c6840-x-le-40g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "975D2EC3-3499-48FD-87F2-4BAD1CDB0E4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27ACCA11-D39B-468E-9C3C-BBF110ED3581",
"versionEndExcluding": "16.9.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB36C23-9303-4E3D-8C4A-B2E2150CF3FE",
"versionEndExcluding": "16.12.1",
"versionStartIncluding": "16.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:c9500-12q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B37D793-0EE3-49CA-98B2-3E1F3D561A9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9500-16x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F5F6FA-9499-4232-A80A-494CE287A87A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9500-24q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58918BAA-7070-4901-B1C8-344E8A4DBEE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9500-24y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08B9D533-FCF5-4B35-A0D2-2EA1E4A907AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9500-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C809A939-105E-471E-A150-859015641989",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9500-32qc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C657B7-172E-4E85-8027-4B5563F2CE14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9500-40x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B42926F-0841-4D40-BABE-852893C6020F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:c9500-48y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "381144D6-7CDE-46E6-ADE7-76372740F283",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:catalyst_9800-40_wireless_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "902D1451-9E2E-4BC3-8B61-D87C142F4485",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-40_wireless_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E283C34-43AE-49A5-A72B-32DEA185ABD3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:catalyst_9800-80_wireless_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59CD23DF-9B9D-459F-A3BF-F2D53FBDAF71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-80_wireless_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB3AF13-5324-42CD-8EDB-6F730BF46214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ic3000-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13174CD9-8564-4041-93EC-8E8D7F4F3443",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ic3000-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B443B2C3-E3C1-4ADF-BF9B-164D00318B08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5DCCAC-A8CC-40B5-AA01-6D46CB9B7053",
"versionEndExcluding": "8.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ds-x9334-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE54217-EF6D-4191-9267-113041B14A08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ncs2k-mr-mxp-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE58C19-66CD-45DD-BF5C-C333A30AA096",
"versionEndExcluding": "11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs2k-mr-mxp-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EFF3999-1FF6-42C0-BE62-3FA227297264",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E90BEFD1-AAA5-4D39-A180-4B5ED3427AFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nc55-24h12f-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "966F7DF8-1F20-4A74-B633-8B5AEE63C193",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nc55-36x100g-a-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46EA0E17-C399-4DA0-A550-F5469CC82F3F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nc55-36x100g-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41C4BF85-7077-463B-8E52-F67949849123",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nc55-5504-fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9102353-A21A-41C2-AA0B-9B00F66B693E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nc55-5516-fc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1536A363-E423-42DD-928B-FC6E91264371",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nc55-6x200-dwdm-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB4F5CA4-BBD2-4DC9-8F99-9CC1B2A90BF2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nc55-mod-a-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2442B13-F163-4219-AED9-7FA4CCD1A8D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7617BA24-6474-49CF-B78D-0056D3F8385B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DCE7D6-0E78-4CF3-BF7A-6A4945ADD4F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "344675F6-9045-492D-9577-E0CE333AD6E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7F2221-B5BE-408C-BA84-9776469EE2D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a1-24h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D61548-61B4-4B53-8574-9DB92B00A627",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a1-36h-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF08FAF-67DD-4361-947A-40D5938DB8BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a1-36h-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE2AD36-5D52-4489-AAC1-A7AC1B3D2581",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a2-mod-hd-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A95FEA95-703B-44E0-A7CA-9E38B2EB1980",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a2-mod-hx-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D37BF94-9D5F-4A88-8115-3A88FF144845",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a2-mod-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33F0D81-1314-440B-9FC2-56D76CA4CD79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a2-mod-se-h-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E50806D-115D-4903-A5B2-62654FFDD9F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs-55a2-mod-se-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15AE071E-0CEF-4305-A92D-9F4C324BD4ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:network_convergence_system_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E007368-04AF-49C7-892F-ED2BB1E4EA61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:network_convergence_system_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DBEF775-EC98-4391-BAD2-61870A7DEE88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68A586A3-0291-4BA3-9211-6EE0BBB7F39C",
"versionEndExcluding": "9.3\\(2\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:n3k-c31108pc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AEB8547-3FA8-42F5-8106-57B0F994BEC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n3k-c31108tc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D2069C-23A2-4113-B674-024D36E40BDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n3k-c3132c-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "572F9105-9B6C-4460-8B49-14812AC3DC28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n3k-c3264c-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5CF4C9-3B75-4DC5-BC38-8A2B87FEAE01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-c92300yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE8EFEE8-FC8D-480C-917E-24C3B8D56E29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-c93108tc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7482F9FB-CA6A-4CA2-B6FB-FD0DCDF603ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-c93108tc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6487A95B-0D04-4ABA-B491-8A935694AFD3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-c93180lc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E84307-41BC-4F85-BC9A-FF02178765F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-c93180yc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55A31452-5B60-4273-BA38-8FA684DED953",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-c93180yc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3FCA39-927B-4C89-A58B-E6859ED8176A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-c93240yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B464B3-DE25-4980-ABC3-10D7C79C12E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-c9348gc-fxp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "214472EB-424C-48B7-8EF3-7B679A5042BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5DCCAC-A8CC-40B5-AA01-6D46CB9B7053",
"versionEndExcluding": "8.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ds-x9648-1536k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E3CF0C-5AD0-4A30-9335-4945CBC04A60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n3k-c3264c-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5CF4C9-3B75-4DC5-BC38-8A2B87FEAE01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n77-m312cq-26l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFA9BC1-3386-4AAE-A1B6-D81761D3EA9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n77-m348xp-23l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6AC35C-29B2-42C7-862D-D9AC3461D8D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n77-sup3e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F33AB95C-62FC-48EC-84AB-5EFA5C061F3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n7k-m324fq-25l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6BF05BA-E0CC-45D6-963F-27F0BD7B3C4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n7k-m348xp-25l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D409BDF3-9F35-4D94-9DF0-7B58A519A005",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sm-x-1t3\\/e3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98B12A01-8EF8-4DDE-9A40-51A9BC7D42AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:sm-x-1t3\\/e3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "696AFE49-10E1-4C56-93D3-F4118B3E01AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:encs_5100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6741CC-EEA4-4DC8-A21B-DB84B861316B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "678F3A32-372A-441E-8115-95181FBAF628",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:encs_5400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF426F3E-4474-43C7-84F5-EF61957E5004",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the logic that handles access control to one of the hardware components in Cisco\u0027s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la l\u00f3gica que maneja el control de acceso de uno de los componentes de hardware en la implementaci\u00f3n Secure Boot de propiedad de Cisco, podr\u00eda permitir que un atacante local autenticado escriba una imagen de firmware modificada en el componente. Esta vulnerabilidad afecta a varios productos de Cisco que admiten la funcionalidad de Secure Boot basada en hardware. La vulnerabilidad se genera por una comprobaci\u00f3n incorrecta en el \u00e1rea de c\u00f3digo que administra las actualizaciones en las instalaciones de Field Programmable Gate Array (FPGA) parte de la implementaci\u00f3n del hardware Secure Boot. Un atacante con privilegios elevados y acceso al sistema operativo subyacente que se ejecuta en el dispositivo afectado podr\u00eda explotar esta vulnerabilidad al escribir una imagen de firmware modificada en el FPGA. Una explotaci\u00f3n exitosa podr\u00eda hacer que el dispositivo se vuelva inutilizable (y requiera un reemplazo de hardware) o permitir la manipulaci\u00f3n del proceso de comprobaci\u00f3n de Secure Boot, que en algunas circunstancias puede permitir al atacante instalar y arrancar una imagen de software malicioso. Un atacante deber\u00e1 cumplir todas las condiciones siguientes para intentar explotar esta vulnerabilidad: Tener acceso administrativo privilegiado al dispositivo. Poder acceder al sistema operativo subyacente que se ejecuta en el dispositivo; Esto se puede lograr mediante el uso de un mecanismo documentado de soporte o mediante la explotaci\u00f3n de otra vulnerabilidad que proporcionar\u00eda a un atacante con dicho acceso. Desarrollar o tener acceso a un exploit espec\u00edfico de la plataforma. Un atacante que busque explotar esta vulnerabilidad en m\u00faltiples plataformas afectadas necesitar\u00e1 investigar cada una de esas plataformas y despu\u00e9s desarrollar una vulnerabilidad espec\u00edfica de la plataforma. Si bien el proceso de investigaci\u00f3n se podr\u00eda realizar en diferentes plataformas, es poco probable que una vulnerabilidad desarrollada para una plataforma de hardware determinada opere en una plataforma de hardware diferente."
}
],
"id": "CVE-2019-1649",
"lastModified": "2024-11-21T04:37:00.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-13T19:29:01.520",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108350"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/400865"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/400865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-03"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-1649
Vulnerability from cvelistv5
Published
2019-05-13 19:10
Modified
2024-11-20 17:23
Severity ?
EPSS score ?
Summary
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot | vendor-advisory, x_refsource_CISCO | |
| https://www.kb.cert.org/vuls/id/400865 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/108350 | vdb-entry, x_refsource_BID | |
| https://www.us-cert.gov/ics/advisories/icsa-20-072-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Routers |
Version: unspecified < 16.12.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:28.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190513 Cisco Secure Boot Hardware Tampering Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot"
},
{
"name": "VU#400865",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/400865"
},
{
"name": "108350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:55:08.575056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:23:01.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Routers",
"vendor": "Cisco",
"versions": [
{
"lessThan": "16.12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the logic that handles access control to one of the hardware components in Cisco\u0027s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform."
}
],
"exploits": [
{
"lang": "en",
"value": "This vulnerability was publicly disclosed by Red Balloon Security on May 13, 2019."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T02:22:29",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190513 Cisco Secure Boot Hardware Tampering Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot"
},
{
"name": "VU#400865",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/400865"
},
{
"name": "108350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-03"
}
],
"source": {
"advisory": "cisco-sa-20190513-secureboot",
"defect": [
[
"CSCvn77141",
"CSCvn77142",
"CSCvn77143",
"CSCvn77147",
"CSCvn77150",
"CSCvn77151",
"CSCvn77152",
"CSCvn77153",
"CSCvn77154",
"CSCvn77155",
"CSCvn77156",
"CSCvn77158",
"CSCvn77159",
"CSCvn77160",
"CSCvn77162",
"CSCvn77166",
"CSCvn77167",
"CSCvn77168",
"CSCvn77169",
"CSCvn77170",
"CSCvn77171",
"CSCvn77172",
"CSCvn77175",
"CSCvn77178",
"CSCvn77180",
"CSCvn77181",
"CSCvn77182",
"CSCvn77183",
"CSCvn77184",
"CSCvn77185",
"CSCvn77191",
"CSCvn77201",
"CSCvn77202",
"CSCvn77205",
"CSCvn77207",
"CSCvn77209",
"CSCvn77212",
"CSCvn77219",
"CSCvn77220",
"CSCvn77222",
"CSCvn77245",
"CSCvn77246",
"CSCvn77248",
"CSCvn77249",
"CSCvn89137",
"CSCvn89138",
"CSCvn89140",
"CSCvn89143",
"CSCvn89144",
"CSCvn89145",
"CSCvn89146",
"CSCvn89150",
"CSCvp42792"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Secure Boot Hardware Tampering Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-05-13T17:30:00-0700",
"ID": "CVE-2019-1649",
"STATE": "PUBLIC",
"TITLE": "Cisco Secure Boot Hardware Tampering Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Routers",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "16.12.1"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the logic that handles access control to one of the hardware components in Cisco\u0027s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform."
}
]
},
"exploit": [
{
"lang": "en",
"value": "This vulnerability was publicly disclosed by Red Balloon Security on May 13, 2019."
}
],
"impact": {
"cvss": {
"baseScore": "6.7",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190513 Cisco Secure Boot Hardware Tampering Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot"
},
{
"name": "VU#400865",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/400865"
},
{
"name": "108350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108350"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-072-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-03"
}
]
},
"source": {
"advisory": "cisco-sa-20190513-secureboot",
"defect": [
[
"CSCvn77141",
"CSCvn77142",
"CSCvn77143",
"CSCvn77147",
"CSCvn77150",
"CSCvn77151",
"CSCvn77152",
"CSCvn77153",
"CSCvn77154",
"CSCvn77155",
"CSCvn77156",
"CSCvn77158",
"CSCvn77159",
"CSCvn77160",
"CSCvn77162",
"CSCvn77166",
"CSCvn77167",
"CSCvn77168",
"CSCvn77169",
"CSCvn77170",
"CSCvn77171",
"CSCvn77172",
"CSCvn77175",
"CSCvn77178",
"CSCvn77180",
"CSCvn77181",
"CSCvn77182",
"CSCvn77183",
"CSCvn77184",
"CSCvn77185",
"CSCvn77191",
"CSCvn77201",
"CSCvn77202",
"CSCvn77205",
"CSCvn77207",
"CSCvn77209",
"CSCvn77212",
"CSCvn77219",
"CSCvn77220",
"CSCvn77222",
"CSCvn77245",
"CSCvn77246",
"CSCvn77248",
"CSCvn77249",
"CSCvn89137",
"CSCvn89138",
"CSCvn89140",
"CSCvn89143",
"CSCvn89144",
"CSCvn89145",
"CSCvn89146",
"CSCvn89150",
"CSCvp42792"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1649",
"datePublished": "2019-05-13T19:10:14.147871Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-20T17:23:01.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12238
Vulnerability from cvelistv5
Published
2017-09-28 07:00
Modified
2024-11-15 17:56
Severity ?
EPSS score ?
Summary
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039453 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101040 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039453",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039453"
},
{
"name": "101040",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-12238",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T17:32:27.818663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12238"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:56:48.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco IOS"
}
]
}
],
"datePublic": "2017-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-29T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1039453",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039453"
},
{
"name": "101040",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS",
"version": {
"version_data": [
{
"version_value": "Cisco IOS"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039453",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039453"
},
{
"name": "101040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101040"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-12238",
"datePublished": "2017-09-28T07:00:00",
"dateReserved": "2017-08-03T00:00:00",
"dateUpdated": "2024-11-15T17:56:48.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}