How severe is CVE-2019-1880?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2019-1880?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2019-1880 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device.

Related Vulnerabilities

CVE-2016-3016

MEDIUM

CVSS:4.4(Medium)

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker ...

CWE-3452016

CVE-2018-10626

MEDIUM

CVSS:4.4(Medium)

Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired im...

CWE-3452018

CVE-2019-16000

MEDIUM

CVSS:4.4(Medium)

A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted de...

CWE-3452019

CVE-2021-26368

MEDIUM

CVSS:4.4(Medium)

Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in...

CWE-3452021

CVE-2021-26396

MEDIUM

CVSS:4.4(Medium)

Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest.

CWE-3452021

CVE-2017-7674

MEDIUM

CVSS:4.3(Medium)

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origi...

CWE-3452017