CVE-2019-1649 – Cisco Secure Boot Hardware Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-1649
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. • http://www.securityfocus.com/bid/108350 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot https://www.kb.cert.org/vuls/id/400865 https://www.us-cert.gov/ics/advisories/icsa-20-072-03 • CWE-284: Improper Access Control CWE-667: Improper Locking •
CVE-2016-9211
https://notcve.org/view.php?id=CVE-2016-9211
A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases: 10.51. Una vulnerabilidad en la administración del puerto TCP en Cisco ONS 15454 Series Multiservice Provisioning Platforms podría permitir a un atacante remoto no autenticado provocar un reinicio inesperado de la tarjeta de control. Más Información: CSCuw26032. • http://www.securityfocus.com/bid/94795 http://www.securitytracker.com/id/1037425 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons • CWE-20: Improper Input Validation •
CVE-2015-0765
https://notcve.org/view.php?id=CVE-2015-0765
Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263. Cisco ONS 15454 System Software 10.30 y 10.301 permite a atacantes remotos causar una denegación de servicio (consumo de CPU tNetTask o reconfiguración de tarjeta) a través de una inundación de trafico de (1) IPs o (2) Ethernet, También conocido como Bug ID CSCus57263. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39172 http://www.securitytracker.com/id/1032483 • CWE-399: Resource Management Errors •
CVE-2014-2142
https://notcve.org/view.php?id=CVE-2014-2142
Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870. Las tarjetas de controlador de Cisco ONS 15454 con software 10.0 y anteriores permiten a atacantes remotos causar una denegación de servicio (reinicio de tarjeta) a través de una URI HTTP manipulada, también conocido como Bug ID CSCun06870. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2142 http://tools.cisco.com/security/center/viewAlert.x?alertId=33679 •
CVE-2014-2140
https://notcve.org/view.php?id=CVE-2014-2140
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348. Las tarjetas de controlador de Cisco ONS 15454 con software 9.6 y anteriores permiten a atacantes remotos causar una denegación de servicio (reinicio de tarjeta) a través de un ataque TCP FIN que provoca agotamiento de descriptores de archivo y un fallo de apertura de una tubería CAL, también conocido como Bug ID CSCug97348. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2140 http://tools.cisco.com/security/center/viewAlert.x?alertId=33680 •