CVE-2019-5478 - OpenCVE

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Xilinx	Zynq Ultrascale\+ Mpsoc Zynq Ultrascale\+ Rfsoc Zynq Ultrascale\+ Rfsoc Firmware Zynq Ultrascale\+ Mpsoc Firmware

Configuration 1 [-]

AND

cpe:2.3:o:xilinx:zynq_ultrascale\+_mpsoc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:xilinx:zynq_ultrascale\+_mpsoc:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:xilinx:zynq_ultrascale\+_rfsoc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:xilinx:zynq_ultrascale\+_rfsoc:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt	Third Party Advisory
https://www.xilinx.com/support/answers/72588.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2019-09-03T19:17:35

Updated: 2019-09-03T19:17:35

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5478

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-09-03T20:15:11.530

Modified: 2020-10-16T14:11:49.883

Link: CVE-2019-5478

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Zynq UltraScale+ SoC", "vendor": "n/a", "versions": [{"status": "affected", "version": "Not Fixed"}]}], "descriptions": [{"lang": "en", "value": "A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-657", "description": "Violation of Secure Design Principles (CWE-657)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-09-03T19:17:35", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.xilinx.com/support/answers/72588.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2019-5478", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zynq UltraScale+ SoC", "version": {"version_data": [{"version_value": "Not Fixed"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Violation of Secure Design Principles (CWE-657)"}]}]}, "references": {"reference_data": [{"name": "https://www.xilinx.com/support/answers/72588.html", "refsource": "MISC", "url": "https://www.xilinx.com/support/answers/72588.html"}, {"name": "https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt", "refsource": "MISC", "url": "https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2019-5478", "datePublished": "2019-09-03T19:17:35", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2019-09-03T19:17:35", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq_ultrascale\\+_mpsoc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B455C493-5E77-4F53-946E-16C8B46185D9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq_ultrascale\\+_mpsoc:-:*:*:*:*:*:*:*", "matchCriteriaId": "664ACA6D-1BC9-4D43-BCC4-5F04B0A694DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xilinx:zynq_ultrascale\\+_rfsoc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F5654E9-9DB7-45B3-81DA-CD1578093572", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xilinx:zynq_ultrascale\\+_rfsoc:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D30D555-C736-4CCB-8084-686771506E95", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior."}, {"lang": "es", "value": "Se ha descubierto una debilidad en el modo de inicio Encrypt Only en los dispositivos Zynq UltraScale +. Esto podr\u00eda llevar a que un adversario pueda modificar los campos de control de la imagen de arranque y provocar un comportamiento de arranque seguro incorrecto."}], "id": "CVE-2019-5478", "lastModified": "2020-10-16T14:11:49.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-03T20:15:11.530", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt"}, {"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://www.xilinx.com/support/answers/72588.html"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-657"}], "source": "support@hackerone.com", "type": "Secondary"}]}