CVE-2019-5478

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt	Third Party Advisory
https://www.xilinx.com/support/answers/72588.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:xilinx:zynq_ultrascale\+_mpsoc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:xilinx:zynq_ultrascale\+_mpsoc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:xilinx:zynq_ultrascale\+_rfsoc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:xilinx:zynq_ultrascale\+_rfsoc:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-09-03 20:15

Updated : 2024-02-04 20:20

NVD link : CVE-2019-5478

Mitre link : CVE-2019-5478

CVE.ORG link : CVE-2019-5478

JSON object : View

Products Affected

xilinx

zynq_ultrascale\+_rfsoc_firmware
zynq_ultrascale\+_rfsoc
zynq_ultrascale\+_mpsoc
zynq_ultrascale\+_mpsoc_firmware

CWE

CWE-345

Insufficient Verification of Data Authenticity

CWE-657

Violation of Secure Design Principles

{"id": "CVE-2019-5478", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-09-03T20:15:11.530", "references": [{"url": "https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.xilinx.com/support/answers/72588.html", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-657"}]}], "descriptions": [{"lang": "en", "value": "A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior."}, {"lang": "es", "value": "Se ha descubierto una debilidad en el modo de inicio Encrypt Only en los dispositivos Zynq UltraScale +. Esto podr\u00eda llevar a que un adversario pueda modificar los campos de control de la imagen de arranque y provocar un comportamiento de arranque seguro incorrecto."}], "lastModified": "2020-10-16T14:11:49.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq_ultrascale\\+_mpsoc_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B455C493-5E77-4F53-946E-16C8B46185D9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq_ultrascale\\+_mpsoc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "664ACA6D-1BC9-4D43-BCC4-5F04B0A694DD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq_ultrascale\\+_rfsoc_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F5654E9-9DB7-45B3-81DA-CD1578093572"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq_ultrascale\\+_rfsoc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D30D555-C736-4CCB-8084-686771506E95"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "support@hackerone.com"}