5.5
MEDIUM
CVE-2019-5478
Xilinx Zynq UltraScale+ Encrypt Only Boot Mode WRITE WHAT WHERE Vulnerability
Description

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.

INFO

Published Date :

Sept. 3, 2019, 8:15 p.m.

Last Modified :

Nov. 27, 2024, 4:10 p.m.

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2019-5478 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2019-5478 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Amd zu11eg_firmware
2 Amd zu11eg
3 Amd zu15eg_firmware
4 Amd zu15eg
5 Amd zu17eg_firmware
6 Amd zu17eg
7 Amd zu19eg_firmware
8 Amd zu19eg
9 Amd zu1cg_firmware
10 Amd zu1cg
11 Amd zu1eg_firmware
12 Amd zu1eg
13 Amd zu21dr_firmware
14 Amd zu21dr
15 Amd zu25dr_firmware
16 Amd zu25dr
17 Amd zu27dr_firmware
18 Amd zu27dr
19 Amd zu28dr_firmware
20 Amd zu28dr
21 Amd zu29dr_firmware
22 Amd zu29dr
23 Amd zu2cg_firmware
24 Amd zu2cg
25 Amd zu2eg_firmware
26 Amd zu2eg
27 Amd zu39dr_firmware
28 Amd zu39dr
29 Amd zu3cg_firmware
30 Amd zu3cg
31 Amd zu3eg_firmware
32 Amd zu3eg
33 Amd zu3tcg_firmware
34 Amd zu3tcg
35 Amd zu3teg_firmware
36 Amd zu3teg
37 Amd zu42dr_firmware
38 Amd zu42dr
39 Amd zu43dr_firmware
40 Amd zu43dr
41 Amd zu46dr_firmware
42 Amd zu46dr
43 Amd zu47dr_firmware
44 Amd zu47dr
45 Amd zu48dr_firmware
46 Amd zu48dr
47 Amd zu49dr_firmware
48 Amd zu49dr
49 Amd zu4cg_firmware
50 Amd zu4cg
51 Amd zu4eg_firmware
52 Amd zu4eg
53 Amd zu4ev_firmware
54 Amd zu4ev
55 Amd zu5cg_firmware
56 Amd zu5cg
57 Amd zu5eg_firmware
58 Amd zu5eg
59 Amd zu5ev_firmware
60 Amd zu5ev
61 Amd zu63dr_firmware
62 Amd zu63dr
63 Amd zu64dr_firmware
64 Amd zu64dr
65 Amd zu65dr_firmware
66 Amd zu65dr
67 Amd zu67dr_firmware
68 Amd zu67dr
69 Amd zu6cg_firmware
70 Amd zu6cg
71 Amd zu6eg_firmware
72 Amd zu6eg
73 Amd zu7cg_firmware
74 Amd zu7cg
75 Amd zu7eg_firmware
76 Amd zu7eg
77 Amd zu7ev_firmware
78 Amd zu7ev
79 Amd zu9cg_firmware
80 Amd zu9cg
81 Amd zu9eg_firmware
82 Amd zu9eg
1 Xilinx zynq_ultrascale\+_mpsoc_firmware
2 Xilinx zynq_ultrascale\+_rfsoc_firmware
References to Advisories, Solutions, and Tools

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

(Inverse Path | F-Secure) Hardware Security Team - Security Advisories

Updated: 3 months, 1 week ago
24 stars 4 fork 4 watcher
Born at : July 23, 2019, 3:04 p.m. This repo has been linked 20 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-5478 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-5478 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Nov. 27, 2024

    Action Type Old Value New Value
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu11eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu11eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu15eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu15eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu17eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu17eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu19eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu19eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu1cg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu1cg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu1eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu1eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu21dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu21dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu25dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu25dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu27dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu27dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu28dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu28dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu29dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu29dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu2cg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu2cg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu2eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu2eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu39dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu39dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu3cg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu3cg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu3eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu3eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu3tcg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu3tcg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu3teg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu3teg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu42dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu42dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu43dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu43dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu46dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu46dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu47dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu47dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu48dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu48dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu49dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu49dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu4cg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu4cg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu4eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu4eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu4ev_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu4ev:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu5cg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu5cg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu5eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu5eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu5ev_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu5ev:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu63dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu63dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu64dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu64dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu65dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu65dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu67dr_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu67dr:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu6cg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu6cg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu6eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu6eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu7cg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu7cg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu7eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu7eg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu7ev_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu7ev:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu9cg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu9cg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:zu9eg_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:zu9eg:-:*:*:*:*:*:*:*
    Removed CPE Configuration AND OR *cpe:2.3:o:xilinx:zynq_ultrascale\+_mpsoc_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:xilinx:zynq_ultrascale\+_mpsoc:-:*:*:*:*:*:*:*
    Removed CPE Configuration AND OR *cpe:2.3:o:xilinx:zynq_ultrascale\+_rfsoc_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:xilinx:zynq_ultrascale\+_rfsoc:-:*:*:*:*:*:*:*
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
    Added Reference https://www.xilinx.com/support/answers/72588.html
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Modified Analysis by [email protected]

    Oct. 16, 2020

    Action Type Old Value New Value
    Removed CVSS V3 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
    Removed CWE NIST CWE-20
    Added CWE NIST CWE-345
  • CVE Modified by [email protected]

    Oct. 09, 2019

    Action Type Old Value New Value
    Added CWE HackerOne CWE-657
  • Initial Analysis by [email protected]

    Sep. 05, 2019

    Action Type Old Value New Value
    Added CVSS V2 (AV:L/AC:L/Au:N/C:N/I:P/A:N)
    Added CVSS V3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
    Changed Reference Type https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt No Types Assigned https://github.com/inversepath/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt Third Party Advisory
    Changed Reference Type https://www.xilinx.com/support/answers/72588.html No Types Assigned https://www.xilinx.com/support/answers/72588.html Vendor Advisory
    Added CWE CWE-20
    Added CPE Configuration AND OR *cpe:2.3:o:xilinx:zynq_ultrascale\+_mpsoc_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:xilinx:zynq_ultrascale\+_mpsoc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:xilinx:zynq_ultrascale\+_rfsoc_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:xilinx:zynq_ultrascale\+_rfsoc:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-5478 is associated with the following CWEs:

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10264

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability