CVE-2018-0362
Severity Score
4.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. Cisco Bug IDs: CSCvh83260.
Una vulnerabilidad en la gestión de la autenticación de la BIOS en Cisco 5000 Series Enterprise Network Compute System y Cisco Unified Computing (UCS) E-Series Servers podría permitir que un atacante local no autenticado omita la autenticación de la BIOS y ejecute acciones como usuario no privilegiado. La vulnerabilidad se debe a las restricciones de seguridad indebidas impuestas por el sistema afectado. Un atacante podría explotar esta vulnerabilidad enviando un valor de contraseña vacío a la petición de autenticación de la BIOS de un dispositivo afectado. Su explotación podría permitir que el atacante tenga acceso a un conjunto restringido de comandos de la BIOS de nivel de usuario. Cisco Bug IDs: CSCvh83260.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-11-27 CVE Reserved
- 2018-06-21 CVE Published
- 2024-04-30 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1041173 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | 5400 Enterprise Network Compute System Firmware Search vendor "Cisco" for product "5400 Enterprise Network Compute System Firmware" | 3.2\(3\) Search vendor "Cisco" for product "5400 Enterprise Network Compute System Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | 5400 Enterprise Network Compute System Search vendor "Cisco" for product "5400 Enterprise Network Compute System" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | 5100 Enterprise Network Compute System Firmware Search vendor "Cisco" for product "5100 Enterprise Network Compute System Firmware" | 3.2\(3\) Search vendor "Cisco" for product "5100 Enterprise Network Compute System Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | 5100 Enterprise Network Compute System Search vendor "Cisco" for product "5100 Enterprise Network Compute System" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e160s-m3 Firmware Search vendor "Cisco" for product "Ucs-e160s-m3 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e160s-m3 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e160s-m3 Search vendor "Cisco" for product "Ucs-e160s-m3" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e160s-k9 Firmware Search vendor "Cisco" for product "Ucs-e160s-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e160s-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e160s-k9 Search vendor "Cisco" for product "Ucs-e160s-k9" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e180d-m3 Firmware Search vendor "Cisco" for product "Ucs-e180d-m3 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e180d-m3 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e180d-m3 Search vendor "Cisco" for product "Ucs-e180d-m3" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e180d-k9 Firmware Search vendor "Cisco" for product "Ucs-e180d-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e180d-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e180d-k9 Search vendor "Cisco" for product "Ucs-e180d-k9" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e1120d-m3 Firmware Search vendor "Cisco" for product "Ucs-e1120d-m3 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e1120d-m3 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e1120d-m3 Search vendor "Cisco" for product "Ucs-e1120d-m3" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e1120d-k9 Firmware Search vendor "Cisco" for product "Ucs-e1120d-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e1120d-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e1120d-k9 Search vendor "Cisco" for product "Ucs-e1120d-k9" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e140s-m2 Firmware Search vendor "Cisco" for product "Ucs-e140s-m2 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e140s-m2 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e140s-m2 Search vendor "Cisco" for product "Ucs-e140s-m2" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e140s-k9 Firmware Search vendor "Cisco" for product "Ucs-e140s-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e140s-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e140s-k9 Search vendor "Cisco" for product "Ucs-e140s-k9" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e160d-m2 Firmware Search vendor "Cisco" for product "Ucs-e160d-m2 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e160d-m2 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e160d-m2 Search vendor "Cisco" for product "Ucs-e160d-m2" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e160d-k9 Firmware Search vendor "Cisco" for product "Ucs-e160d-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e160d-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e160d-k9 Search vendor "Cisco" for product "Ucs-e160d-k9" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e180d-m2 Firmware Search vendor "Cisco" for product "Ucs-e180d-m2 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e180d-m2 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e180d-m2 Search vendor "Cisco" for product "Ucs-e180d-m2" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e180d-k9 Firmware Search vendor "Cisco" for product "Ucs-e180d-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e180d-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e180d-k9 Search vendor "Cisco" for product "Ucs-e180d-k9" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e140s-m1 Firmware Search vendor "Cisco" for product "Ucs-e140s-m1 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e140s-m1 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e140s-m1 Search vendor "Cisco" for product "Ucs-e140s-m1" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e140s-k9 Firmware Search vendor "Cisco" for product "Ucs-e140s-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e140s-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e140s-k9 Search vendor "Cisco" for product "Ucs-e140s-k9" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e160d-m1 Firmware Search vendor "Cisco" for product "Ucs-e160d-m1 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e160d-m1 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e160d-m1 Search vendor "Cisco" for product "Ucs-e160d-m1" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e160d-k9 Firmware Search vendor "Cisco" for product "Ucs-e160d-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e160d-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e160d-k9 Search vendor "Cisco" for product "Ucs-e160d-k9" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e160dp-m1 Firmware Search vendor "Cisco" for product "Ucs-e160dp-m1 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e160dp-m1 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e160dp-m1 Search vendor "Cisco" for product "Ucs-e160dp-m1" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e160dp-k9 Firmware Search vendor "Cisco" for product "Ucs-e160dp-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e160dp-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e160dp-k9 Search vendor "Cisco" for product "Ucs-e160dp-k9" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e140d-m1 Firmware Search vendor "Cisco" for product "Ucs-e140d-m1 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e140d-m1 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e140d-m1 Search vendor "Cisco" for product "Ucs-e140d-m1" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e140d-k9 Firmware Search vendor "Cisco" for product "Ucs-e140d-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e140d-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e140d-k9 Search vendor "Cisco" for product "Ucs-e140d-k9" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e140dp-m1 Firmware Search vendor "Cisco" for product "Ucs-e140dp-m1 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e140dp-m1 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e140dp-m1 Search vendor "Cisco" for product "Ucs-e140dp-m1" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ucs-e140dp-k9 Firmware Search vendor "Cisco" for product "Ucs-e140dp-k9 Firmware" | 3.2\(3\) Search vendor "Cisco" for product "Ucs-e140dp-k9 Firmware" and version "3.2\(3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs-e140dp-k9 Search vendor "Cisco" for product "Ucs-e140dp-k9" | - | - |
Safe
|