CVE编号
CVE-2018-0362利用情况
暂无补丁情况
N/A披露时间
2018-06-22漏洞描述
Cisco 5000 Series Enterprise Network Compute System和UCS E-Series Servers都是美国思科(Cisco)公司的产品。Cisco 5000 Series Enterprise Network Compute System是一套企业网络功能虚拟化解决方案。UCS E-Series Servers是一款数据中心级刀片服务器设备。Cisco 5000 Series Enterprise Network Compute System和UCS E-Series Servers中的BIOS身份验证管理存在认证绕过漏洞,该漏洞源于受影响的系统未能执行正确的安全限制。本地攻击者可通过向受影响设备的BIOS身份验证对话框提交空密码值利用该漏洞访问受限制的BIOS命令。
解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh83260
参考链接 |
|
|---|---|
| http://www.securitytracker.com/id/1041173 | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | cisco | 5100_enterprise_network_compute_system_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | 5400_enterprise_network_compute_system_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e1120d-k9_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e1120d-m3_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e140d-k9_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e140d-m1_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e140dp-k9_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e140dp-m1_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e140s-k9_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e140s-m1_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e140s-m2_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e160d-k9_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e160d-m1_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e160d-m2_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e160dp-k9_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e160dp-m1_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e160s-k9_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e160s-m3_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e180d-k9_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e180d-m2_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | cisco | ucs-e180d-m3_firmware | 3.2(3) | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | 5100_enterprise_network_compute_system | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | 5400_enterprise_network_compute_system | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e1120d-k9 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e1120d-m3 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e140d-k9 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e140d-m1 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e140dp-k9 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e140dp-m1 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e140s-k9 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e140s-m1 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e140s-m2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e160d-k9 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e160d-m1 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e160d-m2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e160dp-k9 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e160dp-m1 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e160s-k9 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e160s-m3 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e180d-k9 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e180d-m2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | cisco | ucs-e180d-m3 | - | - | |||||
- 攻击路径 物理
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 低
- 保密性 低
- 完整性 低
还没有评论,来说两句吧...