cisco-sa-20190513-secureboot
Vulnerability from csaf_cisco
Published
2019-05-13 17:30
Modified
2019-11-20 17:23
Summary
Cisco Secure Boot Hardware Tampering Vulnerability
Notes
Summary
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality.
The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image.
Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot"]
Vulnerable Products
The following table lists Cisco products that are affected by the vulnerability that is described in this advisory.
The table includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool ["https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID"] and contain additional platform-specific information and fixed releases.
If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.
Product Cisco Bug ID Fixed Release Availability Network and Content Security Devices Cisco ASA 5506-X CSCvn77246 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246"] Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5506H-X CSCvn77246 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246"] Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5506W-X CSCvn77246 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246"] Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5508-X CSCvn77246 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246"] Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5516-X CSCvn77246 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246"] Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco Firepower 2100 Series CSCvn77248 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77248"] Cisco Firepower Threat Defense (FTD) Software 6.2.2.5 Hotfix (Available)
Cisco Firepower Threat Defense (FTD) Software 6.2.3.12 Hotfix (Available)
Cisco Firepower Threat Defense (FTD) Software 6.3.0.3 Hotfix (Available)
Cisco Firepower Threat Defense (FTD) Software 6.2.3.13 (Available)
Cisco Firepower Threat Defense (FTD) Software 6.4.0.1 (Available)
Cisco Adaptive Security Appliance (ASA) Software 9.8.4.3 (Available)
Cisco Adaptive Security Appliance (ASA) Software 9.9.2.50 (Available)
Cisco Adaptive Security Appliance (ASA) Software 9.9.2.52 (Available)
Cisco Adaptive Security Appliance (ASA) Software 9.10.1.22 (Available)
Cisco Adaptive Security Appliance (ASA) Software 9.12.2 (Available) Cisco Firepower 4000 Series CSCvn77249 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77249"] Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: (Image Names: fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available) Cisco Firepower 9000 Series CSCvn77249 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77249"] Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: (Image Names: fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available) Routing and Switching - Enterprise and Service Provider 10/40/100G MR Muxponder - Licensable for Encryption (NCS2K-MR-MXP-LIC) CSCvn77191 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77191"] 11.1 (Jul 2019) 10Gbps Optical Encryption Line Card for the Cisco NCS 2000 Series and Cisco ONS 15454 MSTP (15454-M-WSE-K9) CSCvn77191 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77191"] 11.1 (Jul 2019) ASR 903 Router & Switching Processor and Controller - 400G (A900-RSP3C-400-S) CSCvn77169 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77169"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) ASR 907 Router & Switching Processor and Controller - 400G (A900-RSP3C-400-W) CSCvn77169 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77169"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) CBR-8 Converged Broadband Router CSCvn77185 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77185"] Cisco IOS XE Software Release 16.12.1w (Sep 2019) Catalyst 6800 16-port 10GE with integrated DFC4 (C6800-16P10G) CSCvn77182 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Catalyst 6800 32-port 10GE with dual integrated dual DFC4 (C6800-32P10G) CSCvn77182 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Catalyst 6800 8-port 10GE with integrated DFC4 (C6800-8P10G) CSCvn77182 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Catalyst 6800 8-port 40GE with dual integrated dual DFC4-E (C6800-8P40G) CSCvn77182 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco 1-Port Gigabit Ethernet WAN Network Interface Module (NIM-1GE-CU-SFP) CSCvn77218 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77218"] Cisco IOS XE Software Release 16.9.5 (Jan 20)
Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco 1120 Connected Grid Router CSCvn89140 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89140"] Cisco IOS Software Release 15.9(3)M (Aug 2019)
Cisco IOS Software Release 15.8(3)M3 (Aug 2019)
Cisco IOS Software Release 15.7(3)M5 (Sep 2019)
Cisco IOS Software Release 15.6(3)M7 (Sep 2019)
Cisco 1240 Connected Grid Router CSCvn89137 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89137"] Cisco IOS Software Release 15.9(3)M (Aug 2019)
Cisco IOS Software Release 15.8(3)M3 (Aug 2019)
Cisco IOS Software Release 15.7(3)M5 (Sep 2019)
Cisco IOS Software Release 15.6(3)M7 (Sep 2019) Cisco 2-Port Gigabit Ethernet WAN Network Interface Module (NIM-2GE-CU-SFP) CSCvn77218 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77218"] Cisco IOS XE Software Release 16.9.5 (Jan 20)
Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco 3000 Series Industrial Security Appliances CSCvn89146 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89146"] Firmware release 1.0.05 (image name: isa3000-firmware-1005.SPA) (Available)
Cisco 4000 Series Integrated Services Router Packet 1024-Channel High-Density Voice DSP Module (SM-X-PVDM-1000) CSCvn77212 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212"] Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco IOS XE Software Release 16.9.5 (Jan 20) Cisco 4000 Series Integrated Services Router Packet 2048-Channel High-Density Voice DSP Module (SM-X-PVDM-2000) CSCvn77212 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212"] Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco IOS XE Software Release 16.9.5 (Jan 20) Cisco 4000 Series Integrated Services Router Packet 3080-Channel High-Density Voice DSP Module (SM-X-PVDM-3000) CSCvn77212 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212"] Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco IOS XE Software Release 16.9.5 (Jan 20) Cisco 4000 Series Integrated Services Router Packet 768-Channel High-Density Voice DSP Module (SM-X-PVDM-500) CSCvn77212 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212"] Cisco IOS XE Software Release 16.12.2 (Nov 2019)
Cisco IOS XE Software Release 17.1.1 (Nov 2019)
Cisco IOS XE Software Release 16.9.5 (Jan 20) Cisco 4221 Integrated Services Router CSCvn77153 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77153"] Utility File Name: isr4200_cpld_update_v1.1_SPA.bin (Available) Cisco 4321 Integrated Services Router CSCvn77156 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77156"] Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4331 Integrated Services Router CSCvn77156 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77156"] Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4351 Integrated Services Router CSCvn77156 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77156"] Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4431 Integrated Services Router CSCvn77155 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77155"] Utility File Name: isr4400_cpld_update_v1.1_SPA.bin (Available) Cisco 4451-X Integrated Services Router CSCvn77155 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77155"] Utility File Name: isr4400_cpld_update_v1.1_SPA.bin (Available) Cisco 4461 Integrated Services Router CSCvn77154 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77154"] Utility File Name: isr4400v2_cpld_update_v1.1_SPA.bin (Available) Cisco 5000 Series Enterprise Network Compute System CSCvn77150 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77150"] Release no. TBD (Aug 2019) Cisco 809 Industrial Integrated Services Routers CSCvn89138 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89138"] Cisco IOS Software Release 15.8(3)M2a (Available)
Cisco IOS Software Release 15.7(3)M4b (Available)
Cisco IOS Software Release 15.6(3)M6b (Available)
Cisco 829 Industrial Integrated Services Routers CSCvn89143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89143"] Cisco IOS Software Release 15.8(3)M2a (Available)
Cisco IOS Software Release 15.7(3)M4b (Available)
Cisco IOS Software Release 15.6(3)M6b (Available) Cisco ASR 1000 Embedded Services Processor, 200G (ASR1000-ESP200) CSCvn77159 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77159"] Release no. TBD (Dec 2019) Cisco ASR 1000 Fixed Ethernet Line Card (6x10GE) (ASR1000-6TGE) CSCvn89144 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89144"] Release no. TBD (Dec 2019) Cisco ASR 1000 Fixed Ethernet Line Card, 2x10GE + 20x1GE (ASR1000-2T+20X1GE) CSCvn89144 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89144"] Release no. TBD (Dec 2019) Cisco ASR 1000 Series 100-Gbps Embedded Services Processor (ASR1000-ESP100) CSCvn77160 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77160"] Release no. TBD (Dec 2019) Cisco ASR 1000 Series Modular Interface Processor (ASR1000-MIP100) CSCvn77158 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77158"] Release no. TBD (Dec 2019) Cisco ASR 1000 Series Route Processor 3 (Cisco ASR1000-RP3) CSCvn77167 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77167"] Release no. TBD (Dec 2019) Cisco ASR 1001-HX Router CSCvn77162 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77162"] ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 1001-X CSCvn89145 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89145"] ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 1002-HX Router CSCvn77166 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77166"] ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 900 Series Route Switch Processor 2 - 128G, Base Scale (A900-RSP2A-128) CSCvn77168 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77168"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 900 Series Route Switch Processor 2 - 64G, Base Scale (A900-RSP2A-64) CSCvn77168 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77168"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 900 Series Route Switch Processor 3 - 200G, Large Scale (A900-RSP3C-200) CSCvn77169 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77169"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 9000 Series 16-Port 100 Gigabit Ethernet Line Card (A99-16X100GE-X-SE) CSCvn77180 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77180"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series 16-Port 100 Gigabit Ethernet Line Card (A9K-16X100GE-TR, A9K-16X100GE-CM) CSCvn77180 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77180"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series 32-Port 100 Gigabit Ethernet Line Card (A99-32X100GE-TR, A99-32X100GE-CM) CSCvn77180 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77180"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series Route Switch Processor 5 for Packet Transport (A9K-RSP5-TR) CSCvn77175 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series Route Switch Processor 5 for Service Edge (A9K-RSP5-SE) CSCvn77175 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 10GE and 2-10GE - Passively Cooled DC model (ASR-920-10SZ-PD), Cisco ASR920 Series - 20GE SFP, 4Cu and 4-10GE: Modular PSU (ASR-920-20SZ-M) CSCvn77171 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12 x 1/10GE SFP, AC Model (ASR-920-12SZ-A) CSCvn77171 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12 x 1/10GE SFP, DC Model (ASR-920-12SZ-D) CSCvn77171 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12GE and 2-10GE - AC model (ASR-920-12CZ-A) CSCvn77171 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12GE and 2-10GE - DC model (ASR-920-12CZ-D) CSCvn77171 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 24GE Copper and 4-10GE – Modular PSU (ASR-920-24TZ-M) CSCvn77172 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77172"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 24GE Fiber and 4-10GE – Modular PSU (ASR-920-24SZ-M) CSCvn77172 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77172"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 2GE and 4-10GE - AC model (ASR-920-4SZ-A) CSCvn77171 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 2GE and 4-10GE - DC model (ASR-920-4SZ-D) CSCvn77171 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers Conformal Coated - 12GE and 4-10GE, 1 IM Slot (ASR-920-12SZ-IM-CC) CSCvn77170 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77170"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 9900 Route Processor 3 for Packet Transport (A99-RP3-TR) CSCvn77175 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9900 Route Processor 3 for Service Edge (A99-RP3-SE) CSCvn77175 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR920 Series - 12GE and 4-10GE, 1 IM slot (ASR-920-12SZ-IM) CSCvn77170 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77170"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR920 Series – 24GE and 4-10GE – Modular PSU and IM (ASR-920-24SZ-IM) CSCvn77172 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77172"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco Catalyst 6800 16-port 10GE with Integrated DFC4-XL (C6800-16P10G-XL) CSCvn77182 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 32-port 10GE with Dual Integrated Dual DFC4-XL (C6800-32P10G-XL) CSCvn77182 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 8-port 10GE with Integrated DFC4-XL (C6800-8P10G-XL) CSCvn77182 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 8-port 40GE with Dual Integrated Dual DFC4-EXL (C6800-8P40G-XL) CSCvn77182 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 Series Supervisor Engine 6T (C6800-SUP6T) CSCvn77181 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77181"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 Series Supervisor Engine 6T XL (C6800-SUP6T-XL) CSCvn77181 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77181"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6816-X-Chassis (Standard Tables) (C6816-X-LE) CSCvn77183 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183"] Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6824-X-Chassis and 2 x 40G (Standard Tables) (C6824-X-LE-40G) CSCvn77183 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183"] Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6832-X-Chassis (Standard Tables) (C6832-X-LE) CSCvn77183 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183"] Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6840-X-Chassis and 2 x 40G (Standard Tables) (C6840-X-LE-40G) CSCvn77183 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183"] Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 9300 Series Switches CSCvn77209 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77209"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 24x 1/10/25G Gigabit Ethernet + 4x 40/100G Uplink (C9500-24Y4C) CSCvn89150 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 32x 100 Gigabit Ethernet (C9500-32C) CSCvn89150 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 32x 40 Gigabit Ethernet (C9500-32QC) CSCvn89150 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 48x 1/10/25G Gigabit Ethernet + 4x 40/100G Uplink (C9500-48Y4C) CSCvn89150 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 12x 40G Gigabit Ethernet (C9500-12Q) CSCvn77220 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 16x 1/10G Gigabit Ethernet (C9500-16X) CSCvn77220 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 24x 40G Gigabit Ethernet (C9500-24Q) CSCvn77220 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 40x 1/10G Gigabit Ethernet (C9500-40X) CSCvn77220 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9600 Supervisor Engine-1 CSCvn95346 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn95346"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco Catalyst 9800-40 Wireless Controller CSCvn77165 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77165"] C9800-40_fpga_prog.16.0.0.xe.bin (Available) Cisco Catalyst 9800-80 Wireless Controller CSCvn77163 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77163"] C9800-80_fpga_prog.16.0.0.xe.bin (Available) Cisco IC3000 Industrial Compute Gateway CSCvp42792 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp42792"] Firmware Release 1.0.2 (image name IC3000-K9-1.0.3.SPA) (Aug 2019) Cisco MDS 9000 Family 24/10 SAN Extension Module (DS-X9334-K9) CSCvn77141 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco NCS 200 Series 10/40/100G MR Muxponder (NCS2K-MR-MXP-K9) CSCvn77191 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77191"] 11.1 (Jul 2019) Cisco NCS 5500 12X10, 2X40 2XMPA Line Card Base (NC55-MOD-A-S) CSCvn77202 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5500 Series 24 Ports of 100GE and 12 Ports of 40GE High-Scale Line Card (NC55-24H12F-SE) CSCvn77202 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5500 Series 36 ports of 100GE High-Scale Line Card (NC55-36X100G-A-SE) CSCvn77202 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5504 Fabric Card (NC55-5504-FC) CSCvn77202 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5516 Fabric Card (NC55-5516-FC) CSCvn77202 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis (NCS-55A2-MOD-S) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature Hardened (NCS-55A2-MOD-HD-S) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature Hardened with Conformal Coating (NCS-55A2-MOD-HX-S) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis (NCS-55A2-MOD-SE-S) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis, Temperature Hardened with Conformal Coating (NC55A2-MOD-SE-H-S) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5501 - 40x10G and 4x100G Scale Chassis (NCS-5501-SE) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5501 Fixed 48x10G and 6x100G Chassis (NCS-5501) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5502 - 48x100G Scale Chassis (NCS-5502-SE) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5502 Fixed 48x100G Chassis (NCS-5502) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS55A1 Fixed 24x100G Chassis (NCS-55A1-24H) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS55A1 Fixed 36x100G Base Chassis (NCS-55A1-36H-S) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS55A1 Fixed 36x100G Scale Chassis (NCS-55A1-36H-SE-S) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 1001 CSCvp88427 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp88427"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco Network Convergence System 1002 CSCvn77219 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77219"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco Network Convergence System 5001 CSCvn77207 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77207"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 5002 CSCvn77205 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77205"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 540 (N540-ACC-SYS, N540-24Z8Q2C-M, N540-24Z8Q2C-SYS) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 540 Conformal Coated (N540X-ACC-SYS) CSCvn77201 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 5500 Series: 1.2-Tbps IPoDWDM Modular Line Card (NC55-6X200-DWDM-S) CSCvn77202 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 5500 Series: 36X100G MACsec Modular Line Cards (NC55-36X100G-S) CSCvn77202 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Nexus 31108PC-V, 48 SFP+ and 6 QSFP28 ports (N3K-C31108PC-V) CSCvn77245 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245"] Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 31108TC-V, 48 10Gbase-T RJ-45 and 6 QSFP28 ports (N3K-C31108TC-V) CSCvn77245 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245"] Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 3132C-Z Switches (N3K-C3132C-Z) CSCvn77245 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245"] Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 3264C-E Switches (N3K-C3264C-E) CSCvn77245 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245"] Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 7000 M3-Series 48-Port 1/10G Ethernet Module (N7K-M348XP-25L) CSCvn77141 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 7700 F4-Series 30-Port 100G Ethernet Module (N77-F430CQ-36) CSCvn77141 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 7700 M3-Series 12-Port 100G Ethernet Module (N77-M312CQ-26L) CSCvn77141 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 7700 M3-Series 24-Port 40G Ethernet Module (N7K-M324FQ-25L) CSCvn77141 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 7700 M3-Series 48-Port 1/10G Ethernet Module (N77-M348XP-23L) CSCvn77141 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 7700 Supervisor 3 (N77-SUP3E) CSCvn77141 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 9200 with 36p 40G 100G QSFP28 (N9K-C9236C) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9200 with 48p 1/10G/25G SFP+ and 6p 40G QSFP or 4p 100G QSFP28 (N9K-C92160YC-X) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9200 with 48p 10/25 Gbps and 18p 100G QSFP28 (N9K-C92300YC) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9200 with 56p 40G QSFP+ and 8p 100G QSFP28 (N9K-C92304QC) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9200 with 72p 40G QSFP+ (N9K-C9272Q) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9300 with 48p 1/10G/25G SFP and 6p 40G/100G QSFP28, MACsec, and Unified Ports Capable (N9K-C93180YC-FX) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9300 with 48p 100M/1G BASE-T, 4p 10/25G SFP28 and 2p 40G/100G QSFP28 (N9K-C9348GC-FXP) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9300 with 48p 10G BASE-T and 6p 40G/100G QSFP28, MACsec Capable (N9K-C93108TC-FX) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9332C Spine Switch with 32p 40/100G QSFP28, 2p 1/10G SFP (N9K-C9332C) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9364C Spine Switch with 64p 40/100G QSFP28, 2p 1/10G SFP (N9K-C9364C) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9500 4-Core/4-Thread Supervisor (N9K-SUP-A) CSCvn77142 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019) Cisco Nexus 9500 6-Core/12-Thread Supervisor (N9K-SUP-B) CSCvn77142 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019) Cisco Nexus 9K Fixed with 32p 40G/100G QSFP28 (N9K-C9232C) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9K Fixed with 36p 40G/100G QSFP28 (N9K-C9336C-FX2) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9K Fixed with 48p 1/10G/25G SFP and 12p 40G/100G QSFP28 (N9K-C93240YC-FX2) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9K Fixed with 48p 1/10G/25G SFP and 6p 40G/100G QSFP28 (N9K-C93180YC-EX) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9K Fixed with 48p 10G BASE-T and 6p 40G/100G QSFP28 (N9K-C93108TC-EX) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Nexus 9K Fixed with up to 32p 40/50G QSFP+ or up to 18p 100G QSFP28 (N9K-C93180LC-EX) CSCvn77143 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019)
Cisco Packet-over-T3/E3 Service Module (SM-X-1T3/E3) CSCvn77147 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77147"] Release no. TBD (Oct 2019) Cisco cBR-8 Integrated CCAP 40G Remote PHY Line Card (CBR-CCAP-LC-40G-R) CSCvn77184 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77184"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) MDS 9700 48-Port 32-Gbps Fibre Channel Switching Module (DS-X9648-1536K9) CSCvn77141 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)
DS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Supervisor A+ for Nexus 9500 (N9K-SUP-A+) CSCvn77142 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019) Supervisor B+ for Nexus 9500 (N9K-SUP-B+) CSCvn77142 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)
ACI: Switch Software Release 4.2(1) (Aug 2019) Voice and Unified Communications Devices Analog Voice Network Interface Modules for Cisco 4000 Series ISRs (NIM-2FXO, NIM-4FXO, NIM-2FXS, NIM-4FXS, NIM-2FXS/4FXO, NIM-2FXSP, NIM-4FXSP, NIM-2FXS/4FXOP, NIM-4E/M, NIM-2BRI-NT/TE, NIM-4BRI-NT/TE) CSCvn77151 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77151"] Release no. TBD (Sep 2019) Cisco 4000 Series Integrated Services Router T1/E1 Voice and WAN Network Interface Modules (NIM-1MFT-T1/E1, NIM-2MFT-T1/E1, NIM-4MFT-T1/E1, NIM-8MFT-T1/E1, NIM-1CE1T1-PRI, NIM-2CE1T1-PRI, NIM-8CE1T1-PRI) CSCvn77152 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77152"] Release no. TBD (Sep 2019)
Products Confirmed Not Vulnerable
Cisco has investigated all Cisco products that support hardware-based Secure Boot functionality to verify that they are enforcing the appropriate access control checks.
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.
No other Cisco products that support hardware-based Secure Boot functionality are vulnerable.
Details
An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability:
Have privileged administrative access to the device.
Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access.
Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.
Cisco is in the process of developing and releasing software fixes for all affected platforms. In most cases, the fix will require an on-premise reprogramming of a low-level hardware component that is required for normal device operation. A failure during this reprogramming process may cause the device to become unusable and require a hardware replacement. Customers are advised to consult the Release Note Enclosure for the Cisco bug relevant to their platform for the following information:
Causes that could lead to a failure of the reprogramming process and cause the device to become unusable
A platform-specific set of steps that are required to reprogram a device
The procedure required to determine whether a given device is running an affected firmware version (that therefore must be fixed) or whether the device is already running a fixed firmware version
The product release notes that are published with each platform-specific fixed software release will include more detailed information about items 2 and 3 in the preceding list. The product release notes should be considered the most up-to-date source of information about these items.
For details about Secure Boot and related Trustworthy Technologies, please refer to the Trustworthy Technologies Datasheet ["https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/trustworthy-technologies-datasheet.pdf"]. A list of all Cisco products supporting secure boot technology can be found at the following link: https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-boot-product-list.pdf ["https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-boot-product-list.pdf"]
Workarounds
There are no workarounds that address this vulnerability.
Cisco Guide to Harden Cisco IOS Devices ["https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html"] provides information about how to harden the device and secure management access. Implementing the recommendations in this document would reduce the attack surface for this vulnerability.
Fixed Software
For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products ["#vp"] section of this advisory.
Cisco will release free software updates ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"] that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"]
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"]
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
This vulnerability was publicly disclosed by Red Balloon Security on May 13, 2019.
The Cisco Product Security Incident Response Team (PSIRT) is aware of the existence of proof-of-concept code that demonstrates this vulnerability on the Cisco ASR 1001-X. There are no indications at this time that this proof-of-concept code is publicly available.
Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.
Source
Cisco would like to thank Mr. Jatin Kataria (Principal Research Scientist), Mr. Richard Housley (Research Scientist), and Dr. Ang Cui (Chief Scientist) of Red Balloon Security for reporting this vulnerability to Cisco and working toward a coordinated disclosure.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{
"document": {
"acknowledgments": [
{
"summary": "Cisco would like to thank Mr. Jatin Kataria (Principal Research Scientist), Mr. Richard Housley (Research Scientist), and Dr. Ang Cui (Chief Scientist) of Red Balloon Security for reporting this vulnerability to Cisco and working toward a coordinated disclosure."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "A vulnerability in the logic that handles access control to one of the hardware components in Cisco\u0027s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality.\r\n\r\nThe vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image.\r\n\r\nCisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot\"]",
"title": "Summary"
},
{
"category": "general",
"text": "The following table lists Cisco products that are affected by the vulnerability that is described in this advisory.\r\n\r\nThe table includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool [\"https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID\"] and contain additional platform-specific information and fixed releases.\r\n\r\nIf a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.\r\n Product Cisco Bug ID Fixed Release Availability Network and Content Security Devices Cisco ASA 5506-X CSCvn77246 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246\"] Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5506H-X CSCvn77246 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246\"] Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5506W-X CSCvn77246 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246\"] Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5508-X CSCvn77246 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246\"] Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco ASA 5516-X CSCvn77246 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246\"] Firmware Release 1.1.15 (image name: asa5500-firmware-1115.SPA) (Available) Cisco Firepower 2100 Series CSCvn77248 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77248\"] Cisco Firepower Threat Defense (FTD) Software 6.2.2.5 Hotfix (Available)\r\nCisco Firepower Threat Defense (FTD) Software 6.2.3.12 Hotfix (Available)\r\nCisco Firepower Threat Defense (FTD) Software 6.3.0.3 Hotfix (Available)\r\nCisco Firepower Threat Defense (FTD) Software 6.2.3.13 (Available)\r\nCisco Firepower Threat Defense (FTD) Software 6.4.0.1 (Available)\r\nCisco Adaptive Security Appliance (ASA) Software 9.8.4.3 (Available)\r\nCisco Adaptive Security Appliance (ASA) Software 9.9.2.50 (Available)\r\nCisco Adaptive Security Appliance (ASA) Software 9.9.2.52 (Available)\r\nCisco Adaptive Security Appliance (ASA) Software 9.10.1.22 (Available)\r\nCisco Adaptive Security Appliance (ASA) Software 9.12.2 (Available) Cisco Firepower 4000 Series CSCvn77249 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77249\"] Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: (Image Names: fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available) Cisco Firepower 9000 Series CSCvn77249 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77249\"] Firmware bundle package v1.0.18 with ROMMON rev 1.0.15 and FPGA rev 2.0: (Image Names: fxos-k9-fpr4k-firmware.1.0.18.SPA and fxos-k9-fpr9k-firmware.1.0.18.SPA) (Available) Routing and Switching - Enterprise and Service Provider 10/40/100G MR Muxponder - Licensable for Encryption (NCS2K-MR-MXP-LIC) CSCvn77191 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77191\"] 11.1 (Jul 2019) 10Gbps Optical Encryption Line Card for the Cisco NCS 2000 Series and Cisco ONS 15454 MSTP (15454-M-WSE-K9) CSCvn77191 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77191\"] 11.1 (Jul 2019) ASR 903 Router \u0026 Switching Processor and Controller - 400G (A900-RSP3C-400-S) CSCvn77169 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77169\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) ASR 907 Router \u0026 Switching Processor and Controller - 400G (A900-RSP3C-400-W) CSCvn77169 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77169\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) CBR-8 Converged Broadband Router CSCvn77185 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77185\"] Cisco IOS XE Software Release 16.12.1w (Sep 2019) Catalyst 6800 16-port 10GE with integrated DFC4 (C6800-16P10G) CSCvn77182 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182\"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Catalyst 6800 32-port 10GE with dual integrated dual DFC4 (C6800-32P10G) CSCvn77182 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182\"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Catalyst 6800 8-port 10GE with integrated DFC4 (C6800-8P10G) CSCvn77182 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182\"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Catalyst 6800 8-port 40GE with dual integrated dual DFC4-E (C6800-8P40G) CSCvn77182 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182\"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco 1-Port Gigabit Ethernet WAN Network Interface Module (NIM-1GE-CU-SFP) CSCvn77218 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77218\"] Cisco IOS XE Software Release 16.9.5 (Jan 20)\r\nCisco IOS XE Software Release 16.12.2 (Nov 2019)\r\nCisco IOS XE Software Release 17.1.1 (Nov 2019)\r\n Cisco 1120 Connected Grid Router CSCvn89140 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89140\"] Cisco IOS Software Release 15.9(3)M (Aug 2019)\r\nCisco IOS Software Release 15.8(3)M3 (Aug 2019)\r\nCisco IOS Software Release 15.7(3)M5 (Sep 2019)\r\nCisco IOS Software Release 15.6(3)M7 (Sep 2019)\r\n Cisco 1240 Connected Grid Router CSCvn89137 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89137\"] Cisco IOS Software Release 15.9(3)M (Aug 2019)\r\nCisco IOS Software Release 15.8(3)M3 (Aug 2019)\r\nCisco IOS Software Release 15.7(3)M5 (Sep 2019)\r\nCisco IOS Software Release 15.6(3)M7 (Sep 2019) Cisco 2-Port Gigabit Ethernet WAN Network Interface Module (NIM-2GE-CU-SFP) CSCvn77218 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77218\"] Cisco IOS XE Software Release 16.9.5 (Jan 20)\r\nCisco IOS XE Software Release 16.12.2 (Nov 2019)\r\nCisco IOS XE Software Release 17.1.1 (Nov 2019)\r\n Cisco 3000 Series Industrial Security Appliances CSCvn89146 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89146\"] Firmware release 1.0.05 (image name: isa3000-firmware-1005.SPA) (Available)\r\n Cisco 4000 Series Integrated Services Router Packet 1024-Channel High-Density Voice DSP Module (SM-X-PVDM-1000) CSCvn77212 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212\"] Cisco IOS XE Software Release 16.12.2 (Nov 2019)\r\nCisco IOS XE Software Release 17.1.1 (Nov 2019)\r\nCisco IOS XE Software Release 16.9.5 (Jan 20) Cisco 4000 Series Integrated Services Router Packet 2048-Channel High-Density Voice DSP Module (SM-X-PVDM-2000) CSCvn77212 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212\"] Cisco IOS XE Software Release 16.12.2 (Nov 2019)\r\nCisco IOS XE Software Release 17.1.1 (Nov 2019)\r\nCisco IOS XE Software Release 16.9.5 (Jan 20) Cisco 4000 Series Integrated Services Router Packet 3080-Channel High-Density Voice DSP Module (SM-X-PVDM-3000) CSCvn77212 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212\"] Cisco IOS XE Software Release 16.12.2 (Nov 2019)\r\nCisco IOS XE Software Release 17.1.1 (Nov 2019)\r\nCisco IOS XE Software Release 16.9.5 (Jan 20) Cisco 4000 Series Integrated Services Router Packet 768-Channel High-Density Voice DSP Module (SM-X-PVDM-500) CSCvn77212 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212\"] Cisco IOS XE Software Release 16.12.2 (Nov 2019)\r\nCisco IOS XE Software Release 17.1.1 (Nov 2019)\r\nCisco IOS XE Software Release 16.9.5 (Jan 20) Cisco 4221 Integrated Services Router CSCvn77153 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77153\"] Utility File Name: isr4200_cpld_update_v1.1_SPA.bin (Available) Cisco 4321 Integrated Services Router CSCvn77156 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77156\"] Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4331 Integrated Services Router CSCvn77156 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77156\"] Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4351 Integrated Services Router CSCvn77156 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77156\"] Utility File Name: isr4300_cpld_update_v1.1_SPA.bin (Available) Cisco 4431 Integrated Services Router CSCvn77155 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77155\"] Utility File Name: isr4400_cpld_update_v1.1_SPA.bin (Available) Cisco 4451-X Integrated Services Router CSCvn77155 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77155\"] Utility File Name: isr4400_cpld_update_v1.1_SPA.bin (Available) Cisco 4461 Integrated Services Router CSCvn77154 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77154\"] Utility File Name: isr4400v2_cpld_update_v1.1_SPA.bin (Available) Cisco 5000 Series Enterprise Network Compute System CSCvn77150 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77150\"] Release no. TBD (Aug 2019) Cisco 809 Industrial Integrated Services Routers CSCvn89138 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89138\"] Cisco IOS Software Release 15.8(3)M2a (Available)\r\nCisco IOS Software Release 15.7(3)M4b (Available)\r\nCisco IOS Software Release 15.6(3)M6b (Available)\r\n Cisco 829 Industrial Integrated Services Routers CSCvn89143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89143\"] Cisco IOS Software Release 15.8(3)M2a (Available)\r\nCisco IOS Software Release 15.7(3)M4b (Available)\r\nCisco IOS Software Release 15.6(3)M6b (Available) Cisco ASR 1000 Embedded Services Processor, 200G (ASR1000-ESP200) CSCvn77159 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77159\"] Release no. TBD (Dec 2019) Cisco ASR 1000 Fixed Ethernet Line Card (6x10GE) (ASR1000-6TGE) CSCvn89144 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89144\"] Release no. TBD (Dec 2019) Cisco ASR 1000 Fixed Ethernet Line Card, 2x10GE + 20x1GE (ASR1000-2T+20X1GE) CSCvn89144 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89144\"] Release no. TBD (Dec 2019) Cisco ASR 1000 Series 100-Gbps Embedded Services Processor (ASR1000-ESP100) CSCvn77160 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77160\"] Release no. TBD (Dec 2019) Cisco ASR 1000 Series Modular Interface Processor (ASR1000-MIP100) CSCvn77158 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77158\"] Release no. TBD (Dec 2019) Cisco ASR 1000 Series Route Processor 3 (Cisco ASR1000-RP3) CSCvn77167 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77167\"] Release no. TBD (Dec 2019) Cisco ASR 1001-HX Router CSCvn77162 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77162\"] ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 1001-X CSCvn89145 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89145\"] ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 1002-HX Router CSCvn77166 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77166\"] ASR1K-fpga_prog.16.0.0.xe.bin (Available) Cisco ASR 900 Series Route Switch Processor 2 - 128G, Base Scale (A900-RSP2A-128) CSCvn77168 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77168\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 900 Series Route Switch Processor 2 - 64G, Base Scale (A900-RSP2A-64) CSCvn77168 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77168\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 900 Series Route Switch Processor 3 - 200G, Large Scale (A900-RSP3C-200) CSCvn77169 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77169\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 9000 Series 16-Port 100 Gigabit Ethernet Line Card (A99-16X100GE-X-SE) CSCvn77180 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77180\"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series 16-Port 100 Gigabit Ethernet Line Card (A9K-16X100GE-TR, A9K-16X100GE-CM) CSCvn77180 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77180\"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series 32-Port 100 Gigabit Ethernet Line Card (A99-32X100GE-TR, A99-32X100GE-CM) CSCvn77180 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77180\"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series Route Switch Processor 5 for Packet Transport (A9K-RSP5-TR) CSCvn77175 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175\"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9000 Series Route Switch Processor 5 for Service Edge (A9K-RSP5-SE) CSCvn77175 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175\"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 10GE and 2-10GE - Passively Cooled DC model (ASR-920-10SZ-PD), Cisco ASR920 Series - 20GE SFP, 4Cu and 4-10GE: Modular PSU (ASR-920-20SZ-M) CSCvn77171 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12 x 1/10GE SFP, AC Model (ASR-920-12SZ-A) CSCvn77171 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12 x 1/10GE SFP, DC Model (ASR-920-12SZ-D) CSCvn77171 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12GE and 2-10GE - AC model (ASR-920-12CZ-A) CSCvn77171 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 12GE and 2-10GE - DC model (ASR-920-12CZ-D) CSCvn77171 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 24GE Copper and 4-10GE \u2013 Modular PSU (ASR-920-24TZ-M) CSCvn77172 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77172\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 24GE Fiber and 4-10GE \u2013 Modular PSU (ASR-920-24SZ-M) CSCvn77172 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77172\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 2GE and 4-10GE - AC model (ASR-920-4SZ-A) CSCvn77171 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers 2GE and 4-10GE - DC model (ASR-920-4SZ-D) CSCvn77171 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 920 Series Aggregation Services Routers Conformal Coated - 12GE and 4-10GE, 1 IM Slot (ASR-920-12SZ-IM-CC) CSCvn77170 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77170\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR 9900 Route Processor 3 for Packet Transport (A99-RP3-TR) CSCvn77175 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175\"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR 9900 Route Processor 3 for Service Edge (A99-RP3-SE) CSCvn77175 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175\"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco ASR920 Series - 12GE and 4-10GE, 1 IM slot (ASR-920-12SZ-IM) CSCvn77170 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77170\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco ASR920 Series \u2013 24GE and 4-10GE \u2013 Modular PSU and IM (ASR-920-24SZ-IM) CSCvn77172 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77172\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco Catalyst 6800 16-port 10GE with Integrated DFC4-XL (C6800-16P10G-XL) CSCvn77182 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182\"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 32-port 10GE with Dual Integrated Dual DFC4-XL (C6800-32P10G-XL) CSCvn77182 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182\"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 8-port 10GE with Integrated DFC4-XL (C6800-8P10G-XL) CSCvn77182 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182\"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 8-port 40GE with Dual Integrated Dual DFC4-EXL (C6800-8P40G-XL) CSCvn77182 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182\"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 Series Supervisor Engine 6T (C6800-SUP6T) CSCvn77181 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77181\"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6800 Series Supervisor Engine 6T XL (C6800-SUP6T-XL) CSCvn77181 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77181\"] Cisco IOS XE Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6816-X-Chassis (Standard Tables) (C6816-X-LE) CSCvn77183 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183\"] Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6824-X-Chassis and 2 x 40G (Standard Tables) (C6824-X-LE-40G) CSCvn77183 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183\"] Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6832-X-Chassis (Standard Tables) (C6832-X-LE) CSCvn77183 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183\"] Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 6840-X-Chassis and 2 x 40G (Standard Tables) (C6840-X-LE-40G) CSCvn77183 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183\"] Cisco IOS Software Release 15.5(1)SY4 (Sep 2019) Cisco Catalyst 9300 Series Switches CSCvn77209 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77209\"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 24x 1/10/25G Gigabit Ethernet + 4x 40/100G Uplink (C9500-24Y4C) CSCvn89150 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150\"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 32x 100 Gigabit Ethernet (C9500-32C) CSCvn89150 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150\"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 32x 40 Gigabit Ethernet (C9500-32QC) CSCvn89150 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150\"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series High-Performance Switch with 48x 1/10/25G Gigabit Ethernet + 4x 40/100G Uplink (C9500-48Y4C) CSCvn89150 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150\"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 12x 40G Gigabit Ethernet (C9500-12Q) CSCvn77220 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220\"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 16x 1/10G Gigabit Ethernet (C9500-16X) CSCvn77220 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220\"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 24x 40G Gigabit Ethernet (C9500-24Q) CSCvn77220 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220\"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9500 Series Switch with 40x 1/10G Gigabit Ethernet (C9500-40X) CSCvn77220 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220\"] Utility name: cat9k_iosxe.16.00.00fpgautility.SPA.bin (Available) Cisco Catalyst 9600 Supervisor Engine-1 CSCvn95346 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn95346\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) Cisco Catalyst 9800-40 Wireless Controller CSCvn77165 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77165\"] C9800-40_fpga_prog.16.0.0.xe.bin (Available) Cisco Catalyst 9800-80 Wireless Controller CSCvn77163 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77163\"] C9800-80_fpga_prog.16.0.0.xe.bin (Available) Cisco IC3000 Industrial Compute Gateway CSCvp42792 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp42792\"] Firmware Release 1.0.2 (image name IC3000-K9-1.0.3.SPA) (Aug 2019) Cisco MDS 9000 Family 24/10 SAN Extension Module (DS-X9334-K9) CSCvn77141 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141\"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)\r\nDS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco NCS 200 Series 10/40/100G MR Muxponder (NCS2K-MR-MXP-K9) CSCvn77191 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77191\"] 11.1 (Jul 2019) Cisco NCS 5500 12X10, 2X40 2XMPA Line Card Base (NC55-MOD-A-S) CSCvn77202 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5500 Series 24 Ports of 100GE and 12 Ports of 40GE High-Scale Line Card (NC55-24H12F-SE) CSCvn77202 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5500 Series 36 ports of 100GE High-Scale Line Card (NC55-36X100G-A-SE) CSCvn77202 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5504 Fabric Card (NC55-5504-FC) CSCvn77202 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 5516 Fabric Card (NC55-5516-FC) CSCvn77202 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis (NCS-55A2-MOD-S) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature Hardened (NCS-55A2-MOD-HD-S) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Chassis, Temperature Hardened with Conformal Coating (NCS-55A2-MOD-HX-S) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis (NCS-55A2-MOD-SE-S) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS 55A2 Fixed 24X10G + 16X25G MPA Scale Chassis, Temperature Hardened with Conformal Coating (NC55A2-MOD-SE-H-S) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5501 - 40x10G and 4x100G Scale Chassis (NCS-5501-SE) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5501 Fixed 48x10G and 6x100G Chassis (NCS-5501) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5502 - 48x100G Scale Chassis (NCS-5502-SE) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS5502 Fixed 48x100G Chassis (NCS-5502) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS55A1 Fixed 24x100G Chassis (NCS-55A1-24H) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS55A1 Fixed 36x100G Base Chassis (NCS-55A1-36H-S) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco NCS55A1 Fixed 36x100G Scale Chassis (NCS-55A1-36H-SE-S) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 1001 CSCvp88427 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp88427\"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco Network Convergence System 1002 CSCvn77219 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77219\"] Cisco IOS XR Software Release 7.0.1 (Jul 2019) Cisco Network Convergence System 5001 CSCvn77207 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77207\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 5002 CSCvn77205 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77205\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 540 (N540-ACC-SYS, N540-24Z8Q2C-M, N540-24Z8Q2C-SYS) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 540 Conformal Coated (N540X-ACC-SYS) CSCvn77201 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 5500 Series: 1.2-Tbps IPoDWDM Modular Line Card (NC55-6X200-DWDM-S) CSCvn77202 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Network Convergence System 5500 Series: 36X100G MACsec Modular Line Cards (NC55-36X100G-S) CSCvn77202 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202\"] Cisco IOS XR Software Release 7.1.1 (Nov 2019) Cisco Nexus 31108PC-V, 48 SFP+ and 6 QSFP28 ports (N3K-C31108PC-V) CSCvn77245 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245\"] Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 31108TC-V, 48 10Gbase-T RJ-45 and 6 QSFP28 ports (N3K-C31108TC-V) CSCvn77245 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245\"] Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 3132C-Z Switches (N3K-C3132C-Z) CSCvn77245 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245\"] Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 3264C-E Switches (N3K-C3264C-E) CSCvn77245 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245\"] Cisco NX-OS Software Release 9.3(1) (Aug 2019) Cisco Nexus 7000 M3-Series 48-Port 1/10G Ethernet Module (N7K-M348XP-25L) CSCvn77141 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141\"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)\r\nDS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 7700 F4-Series 30-Port 100G Ethernet Module (N77-F430CQ-36) CSCvn77141 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141\"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)\r\nDS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 7700 M3-Series 12-Port 100G Ethernet Module (N77-M312CQ-26L) CSCvn77141 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141\"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)\r\nDS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 7700 M3-Series 24-Port 40G Ethernet Module (N7K-M324FQ-25L) CSCvn77141 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141\"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)\r\nDS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 7700 M3-Series 48-Port 1/10G Ethernet Module (N77-M348XP-23L) CSCvn77141 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141\"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)\r\nDS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 7700 Supervisor 3 (N77-SUP3E) CSCvn77141 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141\"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)\r\nDS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Cisco Nexus 9200 with 36p 40G 100G QSFP28 (N9K-C9236C) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9200 with 48p 1/10G/25G SFP+ and 6p 40G QSFP or 4p 100G QSFP28 (N9K-C92160YC-X) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9200 with 48p 10/25 Gbps and 18p 100G QSFP28 (N9K-C92300YC) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9200 with 56p 40G QSFP+ and 8p 100G QSFP28 (N9K-C92304QC) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9200 with 72p 40G QSFP+ (N9K-C9272Q) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9300 with 48p 1/10G/25G SFP and 6p 40G/100G QSFP28, MACsec, and Unified Ports Capable (N9K-C93180YC-FX) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9300 with 48p 100M/1G BASE-T, 4p 10/25G SFP28 and 2p 40G/100G QSFP28 (N9K-C9348GC-FXP) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9300 with 48p 10G BASE-T and 6p 40G/100G QSFP28, MACsec Capable (N9K-C93108TC-FX) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9332C Spine Switch with 32p 40/100G QSFP28, 2p 1/10G SFP (N9K-C9332C) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9364C Spine Switch with 64p 40/100G QSFP28, 2p 1/10G SFP (N9K-C9364C) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9500 4-Core/4-Thread Supervisor (N9K-SUP-A) CSCvn77142 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019) Cisco Nexus 9500 6-Core/12-Thread Supervisor (N9K-SUP-B) CSCvn77142 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019) Cisco Nexus 9K Fixed with 32p 40G/100G QSFP28 (N9K-C9232C) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9K Fixed with 36p 40G/100G QSFP28 (N9K-C9336C-FX2) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9K Fixed with 48p 1/10G/25G SFP and 12p 40G/100G QSFP28 (N9K-C93240YC-FX2) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9K Fixed with 48p 1/10G/25G SFP and 6p 40G/100G QSFP28 (N9K-C93180YC-EX) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9K Fixed with 48p 10G BASE-T and 6p 40G/100G QSFP28 (N9K-C93108TC-EX) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Nexus 9K Fixed with up to 32p 40/50G QSFP+ or up to 18p 100G QSFP28 (N9K-C93180LC-EX) CSCvn77143 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019)\r\n Cisco Packet-over-T3/E3 Service Module (SM-X-1T3/E3) CSCvn77147 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77147\"] Release no. TBD (Oct 2019) Cisco cBR-8 Integrated CCAP 40G Remote PHY Line Card (CBR-CCAP-LC-40G-R) CSCvn77184 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77184\"] Cisco IOS XE Software Release 16.12.1 (Jul 2019) MDS 9700 48-Port 32-Gbps Fibre Channel Switching Module (DS-X9648-1536K9) CSCvn77141 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141\"] N7K-M348XP-25L, N7K-M324FQ-25L, N77-M348XP-23L, N77-M312CQ-26L, N77-F430CQ-36, and N77-M324FQ: Cisco NX-OS Software Release 8.4.2 (Sep 2019)\r\nDS-X9648-1536K9 and DS-X9334-K9: Cisco NX-OS Software Release 8.4.1a (Sep 2019) Supervisor A+ for Nexus 9500 (N9K-SUP-A+) CSCvn77142 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019) Supervisor B+ for Nexus 9500 (N9K-SUP-B+) CSCvn77142 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142\"] NX-OS: Cisco NX-OS Software Release 9.3(1) (Aug 2019)\r\nACI: Switch Software Release 4.2(1) (Aug 2019) Voice and Unified Communications Devices Analog Voice Network Interface Modules for Cisco 4000 Series ISRs (NIM-2FXO, NIM-4FXO, NIM-2FXS, NIM-4FXS, NIM-2FXS/4FXO, NIM-2FXSP, NIM-4FXSP, NIM-2FXS/4FXOP, NIM-4E/M, NIM-2BRI-NT/TE, NIM-4BRI-NT/TE) CSCvn77151 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77151\"] Release no. TBD (Sep 2019) Cisco 4000 Series Integrated Services Router T1/E1 Voice and WAN Network Interface Modules (NIM-1MFT-T1/E1, NIM-2MFT-T1/E1, NIM-4MFT-T1/E1, NIM-8MFT-T1/E1, NIM-1CE1T1-PRI, NIM-2CE1T1-PRI, NIM-8CE1T1-PRI) CSCvn77152 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77152\"] Release no. TBD (Sep 2019)",
"title": "Vulnerable Products"
},
{
"category": "general",
"text": "Cisco has investigated all Cisco products that support hardware-based Secure Boot functionality to verify that they are enforcing the appropriate access control checks.\r\n\r\nOnly products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nNo other Cisco products that support hardware-based Secure Boot functionality are vulnerable.",
"title": "Products Confirmed Not Vulnerable"
},
{
"category": "general",
"text": "An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability:\r\n\r\nHave privileged administrative access to the device.\r\nBe able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access.\r\nDevelop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.\r\n\r\nCisco is in the process of developing and releasing software fixes for all affected platforms. In most cases, the fix will require an on-premise reprogramming of a low-level hardware component that is required for normal device operation. A failure during this reprogramming process may cause the device to become unusable and require a hardware replacement. Customers are advised to consult the Release Note Enclosure for the Cisco bug relevant to their platform for the following information:\r\n\r\nCauses that could lead to a failure of the reprogramming process and cause the device to become unusable\r\nA platform-specific set of steps that are required to reprogram a device\r\nThe procedure required to determine whether a given device is running an affected firmware version (that therefore must be fixed) or whether the device is already running a fixed firmware version\r\n\r\nThe product release notes that are published with each platform-specific fixed software release will include more detailed information about items 2 and 3 in the preceding list. The product release notes should be considered the most up-to-date source of information about these items.\r\n\r\n For details about Secure Boot and related Trustworthy Technologies, please refer to the Trustworthy Technologies Datasheet [\"https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/trustworthy-technologies-datasheet.pdf\"]. A list of all Cisco products supporting secure boot technology can be found at the following link: https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-boot-product-list.pdf [\"https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-boot-product-list.pdf\"]",
"title": "Details"
},
{
"category": "general",
"text": "There are no workarounds that address this vulnerability.\r\n\r\nCisco Guide to Harden Cisco IOS Devices [\"https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html\"] provides information about how to harden the device and secure management access. Implementing the recommendations in this document would reduce the attack surface for this vulnerability.",
"title": "Workarounds"
},
{
"category": "general",
"text": "For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nCisco will release free software updates [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:\r\nhttps://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.",
"title": "Fixed Software"
},
{
"category": "general",
"text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
"title": "Vulnerability Policy"
},
{
"category": "general",
"text": "This vulnerability was publicly disclosed by Red Balloon Security on May 13, 2019.\r\n\r\nThe Cisco Product Security Incident Response Team (PSIRT) is aware of the existence of proof-of-concept code that demonstrates this vulnerability on the Cisco ASR 1001-X. There are no indications at this time that this proof-of-concept code is publicly available.\r\n\r\nCisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.",
"title": "Exploitation and Public Announcements"
},
{
"category": "general",
"text": "Cisco would like to thank Mr. Jatin Kataria (Principal Research Scientist), Mr. Richard Housley (Research Scientist), and Dr. Ang Cui (Chief Scientist) of Red Balloon Security for reporting this vulnerability to Cisco and working toward a coordinated disclosure.",
"title": "Source"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
"title": "Legal Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
"issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
"name": "Cisco",
"namespace": "https://wwww.cisco.com"
},
"references": [
{
"category": "self",
"summary": "Cisco Secure Boot Hardware Tampering Vulnerability",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot"
},
{
"category": "external",
"summary": "Cisco Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
},
{
"category": "external",
"summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot"
},
{
"category": "external",
"summary": "Cisco Bug Search Tool",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID"
},
{
"category": "external",
"summary": "CSCvn77246",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246"
},
{
"category": "external",
"summary": "CSCvn77246",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246"
},
{
"category": "external",
"summary": "CSCvn77246",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246"
},
{
"category": "external",
"summary": "CSCvn77246",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246"
},
{
"category": "external",
"summary": "CSCvn77246",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77246"
},
{
"category": "external",
"summary": "CSCvn77248",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77248"
},
{
"category": "external",
"summary": "CSCvn77249",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77249"
},
{
"category": "external",
"summary": "CSCvn77249",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77249"
},
{
"category": "external",
"summary": "CSCvn77191",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77191"
},
{
"category": "external",
"summary": "CSCvn77191",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77191"
},
{
"category": "external",
"summary": "CSCvn77169",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77169"
},
{
"category": "external",
"summary": "CSCvn77169",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77169"
},
{
"category": "external",
"summary": "CSCvn77185",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77185"
},
{
"category": "external",
"summary": "CSCvn77182",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"
},
{
"category": "external",
"summary": "CSCvn77182",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"
},
{
"category": "external",
"summary": "CSCvn77182",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"
},
{
"category": "external",
"summary": "CSCvn77182",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"
},
{
"category": "external",
"summary": "CSCvn77218",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77218"
},
{
"category": "external",
"summary": "CSCvn89140",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89140"
},
{
"category": "external",
"summary": "CSCvn89137",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89137"
},
{
"category": "external",
"summary": "CSCvn77218",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77218"
},
{
"category": "external",
"summary": "CSCvn89146",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89146"
},
{
"category": "external",
"summary": "CSCvn77212",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212"
},
{
"category": "external",
"summary": "CSCvn77212",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212"
},
{
"category": "external",
"summary": "CSCvn77212",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212"
},
{
"category": "external",
"summary": "CSCvn77212",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77212"
},
{
"category": "external",
"summary": "CSCvn77153",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77153"
},
{
"category": "external",
"summary": "CSCvn77156",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77156"
},
{
"category": "external",
"summary": "CSCvn77156",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77156"
},
{
"category": "external",
"summary": "CSCvn77156",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77156"
},
{
"category": "external",
"summary": "CSCvn77155",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77155"
},
{
"category": "external",
"summary": "CSCvn77155",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77155"
},
{
"category": "external",
"summary": "CSCvn77154",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77154"
},
{
"category": "external",
"summary": "CSCvn77150",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77150"
},
{
"category": "external",
"summary": "CSCvn89138",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89138"
},
{
"category": "external",
"summary": "CSCvn89143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89143"
},
{
"category": "external",
"summary": "CSCvn77159",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77159"
},
{
"category": "external",
"summary": "CSCvn89144",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89144"
},
{
"category": "external",
"summary": "CSCvn89144",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89144"
},
{
"category": "external",
"summary": "CSCvn77160",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77160"
},
{
"category": "external",
"summary": "CSCvn77158",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77158"
},
{
"category": "external",
"summary": "CSCvn77167",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77167"
},
{
"category": "external",
"summary": "CSCvn77162",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77162"
},
{
"category": "external",
"summary": "CSCvn89145",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89145"
},
{
"category": "external",
"summary": "CSCvn77166",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77166"
},
{
"category": "external",
"summary": "CSCvn77168",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77168"
},
{
"category": "external",
"summary": "CSCvn77168",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77168"
},
{
"category": "external",
"summary": "CSCvn77169",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77169"
},
{
"category": "external",
"summary": "CSCvn77180",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77180"
},
{
"category": "external",
"summary": "CSCvn77180",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77180"
},
{
"category": "external",
"summary": "CSCvn77180",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77180"
},
{
"category": "external",
"summary": "CSCvn77175",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175"
},
{
"category": "external",
"summary": "CSCvn77175",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175"
},
{
"category": "external",
"summary": "CSCvn77171",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"
},
{
"category": "external",
"summary": "CSCvn77171",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"
},
{
"category": "external",
"summary": "CSCvn77171",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"
},
{
"category": "external",
"summary": "CSCvn77171",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"
},
{
"category": "external",
"summary": "CSCvn77171",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"
},
{
"category": "external",
"summary": "CSCvn77172",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77172"
},
{
"category": "external",
"summary": "CSCvn77172",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77172"
},
{
"category": "external",
"summary": "CSCvn77171",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"
},
{
"category": "external",
"summary": "CSCvn77171",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77171"
},
{
"category": "external",
"summary": "CSCvn77170",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77170"
},
{
"category": "external",
"summary": "CSCvn77175",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175"
},
{
"category": "external",
"summary": "CSCvn77175",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77175"
},
{
"category": "external",
"summary": "CSCvn77170",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77170"
},
{
"category": "external",
"summary": "CSCvn77172",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77172"
},
{
"category": "external",
"summary": "CSCvn77182",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"
},
{
"category": "external",
"summary": "CSCvn77182",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"
},
{
"category": "external",
"summary": "CSCvn77182",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"
},
{
"category": "external",
"summary": "CSCvn77182",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77182"
},
{
"category": "external",
"summary": "CSCvn77181",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77181"
},
{
"category": "external",
"summary": "CSCvn77181",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77181"
},
{
"category": "external",
"summary": "CSCvn77183",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183"
},
{
"category": "external",
"summary": "CSCvn77183",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183"
},
{
"category": "external",
"summary": "CSCvn77183",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183"
},
{
"category": "external",
"summary": "CSCvn77183",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77183"
},
{
"category": "external",
"summary": "CSCvn77209",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77209"
},
{
"category": "external",
"summary": "CSCvn89150",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150"
},
{
"category": "external",
"summary": "CSCvn89150",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150"
},
{
"category": "external",
"summary": "CSCvn89150",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150"
},
{
"category": "external",
"summary": "CSCvn89150",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn89150"
},
{
"category": "external",
"summary": "CSCvn77220",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220"
},
{
"category": "external",
"summary": "CSCvn77220",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220"
},
{
"category": "external",
"summary": "CSCvn77220",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220"
},
{
"category": "external",
"summary": "CSCvn77220",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77220"
},
{
"category": "external",
"summary": "CSCvn95346",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn95346"
},
{
"category": "external",
"summary": "CSCvn77165",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77165"
},
{
"category": "external",
"summary": "CSCvn77163",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77163"
},
{
"category": "external",
"summary": "CSCvp42792",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp42792"
},
{
"category": "external",
"summary": "CSCvn77141",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"
},
{
"category": "external",
"summary": "CSCvn77191",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77191"
},
{
"category": "external",
"summary": "CSCvn77202",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"
},
{
"category": "external",
"summary": "CSCvn77202",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"
},
{
"category": "external",
"summary": "CSCvn77202",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"
},
{
"category": "external",
"summary": "CSCvn77202",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"
},
{
"category": "external",
"summary": "CSCvn77202",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvp88427",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp88427"
},
{
"category": "external",
"summary": "CSCvn77219",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77219"
},
{
"category": "external",
"summary": "CSCvn77207",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77207"
},
{
"category": "external",
"summary": "CSCvn77205",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77205"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77201",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77201"
},
{
"category": "external",
"summary": "CSCvn77202",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"
},
{
"category": "external",
"summary": "CSCvn77202",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77202"
},
{
"category": "external",
"summary": "CSCvn77245",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245"
},
{
"category": "external",
"summary": "CSCvn77245",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245"
},
{
"category": "external",
"summary": "CSCvn77245",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245"
},
{
"category": "external",
"summary": "CSCvn77245",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77245"
},
{
"category": "external",
"summary": "CSCvn77141",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"
},
{
"category": "external",
"summary": "CSCvn77141",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"
},
{
"category": "external",
"summary": "CSCvn77141",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"
},
{
"category": "external",
"summary": "CSCvn77141",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"
},
{
"category": "external",
"summary": "CSCvn77141",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"
},
{
"category": "external",
"summary": "CSCvn77141",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77142",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142"
},
{
"category": "external",
"summary": "CSCvn77142",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77143",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77143"
},
{
"category": "external",
"summary": "CSCvn77147",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77147"
},
{
"category": "external",
"summary": "CSCvn77184",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77184"
},
{
"category": "external",
"summary": "CSCvn77141",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77141"
},
{
"category": "external",
"summary": "CSCvn77142",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142"
},
{
"category": "external",
"summary": "CSCvn77142",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77142"
},
{
"category": "external",
"summary": "CSCvn77151",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77151"
},
{
"category": "external",
"summary": "CSCvn77152",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn77152"
},
{
"category": "external",
"summary": "Trustworthy Technologies Datasheet",
"url": "https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/trustworthy-technologies-datasheet.pdf"
},
{
"category": "external",
"summary": "https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-boot-product-list.pdf",
"url": "https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-boot-product-list.pdf"
},
{
"category": "external",
"summary": "Cisco Guide to Harden Cisco IOS Devices",
"url": "https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html"
},
{
"category": "external",
"summary": "software updates",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
},
{
"category": "external",
"summary": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
"url": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"
},
{
"category": "external",
"summary": "Cisco Security Advisories and Alerts page",
"url": "https://www.cisco.com/go/psirt"
},
{
"category": "external",
"summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
"url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
},
{
"category": "external",
"summary": "Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
}
],
"title": "Cisco Secure Boot Hardware Tampering Vulnerability",
"tracking": {
"current_release_date": "2019-11-20T17:23:18+00:00",
"generator": {
"date": "2022-09-03T03:01:56+00:00",
"engine": {
"name": "TVCE"
}
},
"id": "cisco-sa-20190513-secureboot",
"initial_release_date": "2019-05-13T17:30:00+00:00",
"revision_history": [
{
"date": "2019-05-13T17:09:22+00:00",
"number": "1.0.0",
"summary": "Initial public release."
},
{
"date": "2019-05-13T20:48:38+00:00",
"number": "1.1.0",
"summary": "Updated list of vulnerable products. Added link to Datasheet for Cisco Trustworthy Technologies."
},
{
"date": "2019-05-14T20:41:42+00:00",
"number": "1.2.0",
"summary": "Updated list of vulnerable products. Updated fix availability date for some products."
},
{
"date": "2019-05-15T21:46:30+00:00",
"number": "1.3.0",
"summary": "Updated list of vulnerable products. Updated fix availability date for some products."
},
{
"date": "2019-05-16T20:00:50+00:00",
"number": "1.4.0",
"summary": "Updated list of vulnerable products. Updated fix availability date for some products."
},
{
"date": "2019-05-20T20:01:09+00:00",
"number": "1.5.0",
"summary": "Updated list of vulnerable products. Updated fix availability date for some products."
},
{
"date": "2019-05-22T20:14:00+00:00",
"number": "1.6.0",
"summary": "Updated list of vulnerable products. Updated fix availability date for some products."
},
{
"date": "2019-05-23T20:01:59+00:00",
"number": "1.7.0",
"summary": "Updated list of vulnerable products. Updated fix availability date for some products. Added link to list of Cisco products supporting secure boot."
},
{
"date": "2019-05-30T19:55:14+00:00",
"number": "1.8.0",
"summary": "Updated list of vulnerable products. Updated fix availability date for some products."
},
{
"date": "2019-06-10T21:16:08+00:00",
"number": "1.9.0",
"summary": "Updated list of vulnerable products. Updated fix availability date for some products. Changed document status to Final. Removed statements indicating the advisory will be updated (Summary and Vulnerable Products)."
},
{
"date": "2019-06-17T17:46:40+00:00",
"number": "1.10.0",
"summary": "Updated list of vulnerable products. Updated fix availability date for some products."
},
{
"date": "2019-06-28T16:18:25+00:00",
"number": "1.11.0",
"summary": "Updated fix availability date for some products."
},
{
"date": "2019-07-17T19:56:25+00:00",
"number": "1.12.0",
"summary": "Updated fix availability date for some products."
},
{
"date": "2019-08-02T13:57:45+00:00",
"number": "1.13.0",
"summary": "Updated fix availability date for some products."
},
{
"date": "2019-08-21T19:32:38+00:00",
"number": "1.14.0",
"summary": "Updated list of vulnerable products."
},
{
"date": "2019-09-03T17:17:32+00:00",
"number": "1.15.0",
"summary": "Updated list of vulnerable products."
},
{
"date": "2019-09-06T20:26:29+00:00",
"number": "1.16.0",
"summary": "Updated fixed version for some products."
},
{
"date": "2019-11-20T17:23:18+00:00",
"number": "1.17.0",
"summary": "Updated fix availability date for some products."
}
],
"status": "final",
"version": "1.17.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "Cisco ASR 9000 Series Aggregation Services Routers",
"product": {
"name": "Cisco ASR 9000 Series Aggregation Services Routers ",
"product_id": "CSAFPID-202356"
}
},
{
"category": "product_family",
"name": "Cisco ASA with FirePOWER Services",
"product": {
"name": "Cisco ASA with FirePOWER Services ",
"product_id": "CSAFPID-206520"
}
},
{
"category": "product_family",
"name": "Cisco ASR 1000 Series Aggregation Services Routers",
"product": {
"name": "Cisco ASR 1000 Series Aggregation Services Routers ",
"product_id": "CSAFPID-209961"
}
},
{
"category": "product_family",
"name": "Cisco ASR 900 Series Aggregation Services Routers",
"product": {
"name": "Cisco ASR 900 Series Aggregation Services Routers ",
"product_id": "CSAFPID-211571"
}
},
{
"category": "product_family",
"name": "Cisco Nexus 3000 Series Switch",
"product": {
"name": "Cisco Nexus 3000 Series Switch ",
"product_id": "CSAFPID-213561"
}
},
{
"category": "product_family",
"name": "Cisco cBR-8 Converged Broadband Routers",
"product": {
"name": "Cisco cBR-8 Converged Broadband Routers ",
"product_id": "CSAFPID-225134"
}
},
{
"category": "product_family",
"name": "Cisco Network Convergence System 5500 Series",
"product": {
"name": "Cisco Network Convergence System 5500 Series ",
"product_id": "CSAFPID-227648"
}
},
{
"category": "product_family",
"name": "Cisco 5000 Series Enterprise Network Compute System",
"product": {
"name": "Cisco 5000 Series Enterprise Network Compute System ",
"product_id": "CSAFPID-239218"
}
},
{
"category": "product_family",
"name": "Cisco NX-OS System Software in ACI Mode",
"product": {
"name": "Cisco NX-OS System Software in ACI Mode ",
"product_id": "CSAFPID-241202"
}
},
{
"category": "product_family",
"name": "Cisco Catalyst 6800 Series Switches",
"product": {
"name": "Cisco Catalyst 6800 Series Switches ",
"product_id": "CSAFPID-243268"
}
},
{
"category": "product_family",
"name": "Cisco Network Convergence System 1000 Series",
"product": {
"name": "Cisco Network Convergence System 1000 Series ",
"product_id": "CSAFPID-255125"
}
},
{
"category": "product_family",
"name": "Cisco Catalyst 9500 Series Switches",
"product": {
"name": "Cisco Catalyst 9500 Series Switches ",
"product_id": "CSAFPID-261466"
}
},
{
"category": "product_family",
"name": "Cisco Firepower 2100 Series",
"product": {
"name": "Cisco Firepower 2100 Series ",
"product_id": "CSAFPID-261518"
}
},
{
"category": "product_family",
"name": "Cisco 4000 Series Integrated Services Routers",
"product": {
"name": "Cisco 4000 Series Integrated Services Routers ",
"product_id": "CSAFPID-261519"
}
},
{
"category": "product_family",
"name": "Cisco 3000 Series Industrial Security Appliances (ISA)",
"product": {
"name": "Cisco 3000 Series Industrial Security Appliances (ISA) ",
"product_id": "CSAFPID-261520"
}
},
{
"category": "product_family",
"name": "Cisco 1000 Series Connected Grid Routers",
"product": {
"name": "Cisco 1000 Series Connected Grid Routers ",
"product_id": "CSAFPID-261521"
}
},
{
"category": "product_family",
"name": "Cisco 800 Series Industrial Integrated Services Routers",
"product": {
"name": "Cisco 800 Series Industrial Integrated Services Routers ",
"product_id": "CSAFPID-261522"
}
},
{
"category": "product_family",
"name": "Cisco Nexus 7000 Series Switches",
"product": {
"name": "Cisco Nexus 7000 Series Switches ",
"product_id": "CSAFPID-261523"
}
},
{
"category": "product_family",
"name": "Cisco MDS 9700 Series Multilayer Directors",
"product": {
"name": "Cisco MDS 9700 Series Multilayer Directors ",
"product_id": "CSAFPID-261525"
}
},
{
"category": "product_family",
"name": "Cisco Firepower 4100 Series",
"product": {
"name": "Cisco Firepower 4100 Series ",
"product_id": "CSAFPID-261526"
}
},
{
"category": "product_family",
"name": "Cisco Firepower 9000 Series",
"product": {
"name": "Cisco Firepower 9000 Series ",
"product_id": "CSAFPID-261527"
}
},
{
"category": "product_family",
"name": "Cisco IC3000 Industrial Compute Gateway",
"product": {
"name": "Cisco IC3000 Industrial Compute Gateway ",
"product_id": "CSAFPID-261528"
}
},
{
"category": "product_family",
"name": "Cisco ASR 920 Series Aggregation Services Router",
"product": {
"name": "Cisco ASR 920 Series Aggregation Services Router ",
"product_id": "CSAFPID-261529"
}
},
{
"category": "product_family",
"name": "Cisco Nexus 9000 Series Switches",
"product": {
"name": "Cisco Nexus 9000 Series Switches ",
"product_id": "CSAFPID-261530"
}
},
{
"category": "product_family",
"name": "Cisco ONS 15454 Series Multiservice Transport Platforms",
"product": {
"name": "Cisco ONS 15454 Series Multiservice Transport Platforms ",
"product_id": "CSAFPID-261531"
}
},
{
"category": "product_family",
"name": "Cisco Network Convergence System 2000 Series",
"product": {
"name": "Cisco Network Convergence System 2000 Series ",
"product_id": "CSAFPID-261532"
}
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1649",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77150"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77246"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77162"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn89145"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77166"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77159"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn89144"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77160"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77158"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77167"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77168"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77169"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77175"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn89150"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77180"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77182"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77181"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77183"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77202"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77201"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77207"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77205"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77245"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77143"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77209"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77220"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77185"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77184"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77219"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77248"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77147"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77154"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77155"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77156"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77153"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77152"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77212"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77151"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn89146"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn89137"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn89140"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn89138"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn89143"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77141"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77249"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvp42792"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77170"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77171"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77172"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77142"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvn77191"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-239218",
"CSAFPID-206520",
"CSAFPID-209961",
"CSAFPID-211571",
"CSAFPID-202356",
"CSAFPID-243268",
"CSAFPID-227648",
"CSAFPID-213561",
"CSAFPID-241202",
"CSAFPID-261466",
"CSAFPID-225134",
"CSAFPID-255125",
"CSAFPID-261518",
"CSAFPID-261519",
"CSAFPID-261520",
"CSAFPID-261521",
"CSAFPID-261522",
"CSAFPID-261523",
"CSAFPID-261525",
"CSAFPID-261526",
"CSAFPID-261527",
"CSAFPID-261528",
"CSAFPID-261529",
"CSAFPID-261530",
"CSAFPID-261531",
"CSAFPID-261532"
]
},
"release_date": "2019-05-13T17:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-239218",
"CSAFPID-261531",
"CSAFPID-213561",
"CSAFPID-261518",
"CSAFPID-261530",
"CSAFPID-211571",
"CSAFPID-241202",
"CSAFPID-261522",
"CSAFPID-261525",
"CSAFPID-206520",
"CSAFPID-243268",
"CSAFPID-255125",
"CSAFPID-261519",
"CSAFPID-261526",
"CSAFPID-261528",
"CSAFPID-202356",
"CSAFPID-225134",
"CSAFPID-261520",
"CSAFPID-261527",
"CSAFPID-261529",
"CSAFPID-227648",
"CSAFPID-261521",
"CSAFPID-261523",
"CSAFPID-261466",
"CSAFPID-261532",
"CSAFPID-209961"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-239218"
]
}
],
"title": "Cisco Secure Boot Hardware Tampering Vulnerability"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.