{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T03:57:35.213","vulnerabilities":[{"cve":{"id":"CVE-2019-1880","sourceIdentifier":"psirt@cisco.com","published":"2019-06-05T17:29:00.647","lastModified":"2024-11-21T04:37:36.150","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device."},{"lang":"es","value":"Una vulnerabilidad en la utilidad de actualización del BIOS de rack servidores Unified Computing System (UCS) C-Series de Cisco, podría permitir a un atacante local autorizado instalar el firmware del BIOS comprometido en un dispositivo afectado. La vulnerabilidad es debido a una comprobación insuficiente del archivo de imagen del firmware. Un atacante podría explotar esta vulnerabilidad mediante la ejecución de la utilidad de actualización del BIOS con un conjunto específico de opciones. Una operación  con éxito podría permitir al atacante omitir el proceso de comprobación de firmas del firmware e instalar el firmware del BIOS comprometido en un dispositivo afectado."}],"metrics":{"cvssMetricV30":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0\\(2g\\)","matchCriteriaId":"C98B6DE4-8759-498A-93CC-B54376EAC099"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:unified_computing_system_c125_m5:-:*:*:*:*:*:*:*","matchCriteriaId":"0E940DBA-1F06-479A-B697-0070174EB2F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0\\(4l\\)","matchCriteriaId":"83F54B3E-D792-4971-9EDC-31DA712FAFB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.0\\(2g\\)","matchCriteriaId":"3CD23D8E-C2E3-4C51-9E8C-58DDC810AEF6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:unified_computing_system_c220_m4:-:*:*:*:*:*:*:*","matchCriteriaId":"C5502506-02DD-43C8-AED7-847C71AFBBBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0\\(4c\\)","matchCriteriaId":"845FBF06-3662-420A-A096-18EE3DEE18C3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:unified_computing_system_c220_m5:-:*:*:*:*:*:*:*","matchCriteriaId":"4221A779-1C3C-4EA5-980A-4F9BA206824C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0\\(4l\\)","matchCriteriaId":"83F54B3E-D792-4971-9EDC-31DA712FAFB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.0\\(2g\\)","matchCriteriaId":"3CD23D8E-C2E3-4C51-9E8C-58DDC810AEF6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:unified_computing_system_c240_m4:-:*:*:*:*:*:*:*","matchCriteriaId":"596E83E7-E11F-4BF7-AF79-C1A5805C0580"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0\\(4c\\)","matchCriteriaId":"845FBF06-3662-420A-A096-18EE3DEE18C3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:unified_computing_system_c240_m5:-:*:*:*:*:*:*:*","matchCriteriaId":"A69A9518-AC5F-440D-A3F1-328035D3157C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0\\(4l\\)","matchCriteriaId":"83F54B3E-D792-4971-9EDC-31DA712FAFB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.0\\(2g\\)","matchCriteriaId":"3CD23D8E-C2E3-4C51-9E8C-58DDC810AEF6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:unified_computing_system_c460_m4:-:*:*:*:*:*:*:*","matchCriteriaId":"326CD3F6-3DC3-4840-811F-6ED353DC5F33"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:unified_computing_system_server_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0\\(4c\\)","matchCriteriaId":"845FBF06-3662-420A-A096-18EE3DEE18C3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:unified_computing_system_c480_m5:-:*:*:*:*:*:*:*","matchCriteriaId":"51E29763-0766-4AEA-A434-37D48B6FAE08"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/108680","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ucs-biossig-bypass","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/108680","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ucs-biossig-bypass","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}