CVE-2019-5478

EPSS 0.02%
Published 03.09.2019 20:15:11
Last modified 27.11.2024 16:10:16
Source support@hackerone.com
Teams watchlist Login
Open Login

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Amd ≫ Zu11eg Firmware Version-

Amd ≫ Zu11eg Version-

Amd ≫ Zu15eg Firmware Version-

Amd ≫ Zu15eg Version-

Amd ≫ Zu17eg Firmware Version-

Amd ≫ Zu17eg Version-

Amd ≫ Zu19eg Firmware Version-

Amd ≫ Zu19eg Version-

Amd ≫ Zu1cg Firmware Version-

Amd ≫ Zu1cg Version-

Amd ≫ Zu1eg Firmware Version-

Amd ≫ Zu1eg Version-

Amd ≫ Zu21dr Firmware Version-

Amd ≫ Zu21dr Version-

Amd ≫ Zu25dr Firmware Version-

Amd ≫ Zu25dr Version-

Amd ≫ Zu27dr Firmware Version-

Amd ≫ Zu27dr Version-

Amd ≫ Zu28dr Firmware Version-

Amd ≫ Zu28dr Version-

Amd ≫ Zu29dr Firmware Version-

Amd ≫ Zu29dr Version-

Amd ≫ Zu2cg Firmware Version-

Amd ≫ Zu2cg Version-

Amd ≫ Zu2eg Firmware Version-

Amd ≫ Zu2eg Version-

Amd ≫ Zu39dr Firmware Version-

Amd ≫ Zu39dr Version-

Amd ≫ Zu3cg Firmware Version-

Amd ≫ Zu3cg Version-

Amd ≫ Zu3eg Firmware Version-

Amd ≫ Zu3eg Version-

Amd ≫ Zu3tcg Firmware Version-

Amd ≫ Zu3tcg Version-

Amd ≫ Zu3teg Firmware Version-

Amd ≫ Zu3teg Version-

Amd ≫ Zu42dr Firmware Version-

Amd ≫ Zu42dr Version-

Amd ≫ Zu43dr Firmware Version-

Amd ≫ Zu43dr Version-

Amd ≫ Zu46dr Firmware Version-

Amd ≫ Zu46dr Version-

Amd ≫ Zu47dr Firmware Version-

Amd ≫ Zu47dr Version-

Amd ≫ Zu48dr Firmware Version-

Amd ≫ Zu48dr Version-

Amd ≫ Zu49dr Firmware Version-

Amd ≫ Zu49dr Version-

Amd ≫ Zu4cg Firmware Version-

Amd ≫ Zu4cg Version-

Amd ≫ Zu4eg Firmware Version-

Amd ≫ Zu4eg Version-

Amd ≫ Zu4ev Firmware Version-

Amd ≫ Zu4ev Version-

Amd ≫ Zu5cg Firmware Version-

Amd ≫ Zu5cg Version-

Amd ≫ Zu5eg Firmware Version-

Amd ≫ Zu5eg Version-

Amd ≫ Zu5ev Firmware Version-

Amd ≫ Zu5ev Version-

Amd ≫ Zu63dr Firmware Version-

Amd ≫ Zu63dr Version-

Amd ≫ Zu64dr Firmware Version-

Amd ≫ Zu64dr Version-

Amd ≫ Zu65dr Firmware Version-

Amd ≫ Zu65dr Version-

Amd ≫ Zu67dr Firmware Version-

Amd ≫ Zu67dr Version-

Amd ≫ Zu6cg Firmware Version-

Amd ≫ Zu6cg Version-

Amd ≫ Zu6eg Firmware Version-

Amd ≫ Zu6eg Version-

Amd ≫ Zu7cg Firmware Version-

Amd ≫ Zu7cg Version-

Amd ≫ Zu7eg Firmware Version-

Amd ≫ Zu7eg Version-

Amd ≫ Zu7ev Firmware Version-

Amd ≫ Zu7ev Version-

Amd ≫ Zu9cg Firmware Version-

Amd ≫ Zu9cg Version-

Amd ≫ Zu9eg Firmware Version-

Amd ≫ Zu9eg Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

CWE-657 Violation of Secure Design Principles

The product violates well-established principles for secure design.

https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt

Third Party Advisory

https://www.xilinx.com/support/answers/72588.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-5478

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5478

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5478

EUVD