ID
VAR-201909-0122
CVE
CVE-2019-5478
TITLE
Zynq UltraScale+ Vulnerability related to input validation on devices
Trust: 0.8
sources:
JVNDB: JVNDB-2019-008879
DESCRIPTION
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior. Zynq UltraScale+ The device contains an input validation vulnerability.Information may be tampered with
Trust: 1.71
sources:
NVD: CVE-2019-5478 //
JVNDB: JVNDB-2019-008879 //
VULHUB: VHN-156913
AFFECTED PRODUCTS
| vendor: | amd | model: | zu5eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu5cg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu6eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu2cg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu11eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu28dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu15eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu42dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu49dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu46dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu19eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu3teg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu4eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu7ev | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu1eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu5ev | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu67dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu47dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu27dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu4ev | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu9eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu25dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu64dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu3eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu7eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu39dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu2eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu17eg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu21dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu43dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu6cg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu3tcg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu4cg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu9cg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu65dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu29dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu7cg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu1cg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu48dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu3cg | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | amd | model: | zu63dr | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | xilinx | model: | ultrascale+ mpsoc | scope: | - | version: | - | Trust: 0.8 |
| vendor: | xilinx | model: | ultrascale+ rfsoc | scope: | - | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2019-008879 //
NVD: CVE-2019-5478
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-156913 //
JVNDB: JVNDB-2019-008879 //
CNNVD: CNNVD-201909-055 //
NVD: CVE-2019-5478
PROBLEMTYPE DATA
| problemtype: | CWE-345 | Trust: 1.1 |
| problemtype: | CWE-657 | Trust: 1.0 |
| problemtype: | CWE-20 | Trust: 0.9 |
sources:
VULHUB: VHN-156913 //
JVNDB: JVNDB-2019-008879 //
NVD: CVE-2019-5478
THREAT TYPE
local
Trust: 0.6
sources:
CNNVD: CNNVD-201909-055
TYPE
data forgery
Trust: 0.6
sources:
CNNVD: CNNVD-201909-055
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-008879
PATCH
| title: | AR# 72588 | url: | https://www.xilinx.com/support/answers/72588.html | Trust: 0.8 |
sources:
JVNDB: JVNDB-2019-008879
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-5478 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2019-008879 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201909-055 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-156913 | Trust: 0.1 |
sources:
VULHUB: VHN-156913 //
JVNDB: JVNDB-2019-008879 //
CNNVD: CNNVD-201909-055 //
NVD: CVE-2019-5478
REFERENCES
| url: | https://github.com/inversepath/advisories/blob/master/security_advisory-ref_fsc-hwsec-vr2019-0001-xilinx_zu+-encrypt_only_secure_boot_bypass.txt | Trust: 1.7 |
| url: | https://www.xilinx.com/support/answers/72588.html | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-5478 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5478 | Trust: 0.8 |
sources:
VULHUB: VHN-156913 //
JVNDB: JVNDB-2019-008879 //
CNNVD: CNNVD-201909-055 //
NVD: CVE-2019-5478
SOURCES
| db: | VULHUB | id: | VHN-156913 |
| db: | JVNDB | id: | JVNDB-2019-008879 |
| db: | CNNVD | id: | CNNVD-201909-055 |
| db: | NVD | id: | CVE-2019-5478 |
LAST UPDATE DATE
2024-11-27T23:01:07.471000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-156913 | date: | 2020-10-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-008879 | date: | 2019-09-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201909-055 | date: | 2020-10-21T00:00:00 |
| db: | NVD | id: | CVE-2019-5478 | date: | 2024-11-27T16:10:16.277 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-156913 | date: | 2019-09-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-008879 | date: | 2019-09-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201909-055 | date: | 2019-09-03T00:00:00 |
| db: | NVD | id: | CVE-2019-5478 | date: | 2019-09-03T20:15:11.530 |