Cisco released security advisories to address the vulnerabilities in Cisco IOS XE software and the implementation of the hardware-based Secure Boot. An authenticated attacker could exploit the vulnerabilities by writing a modified firmware image to the vulnerable device, or submitting a specially crafted input parameter through the Web UI to an affected system.
For detailed information of the affected products, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.
Successful exploitation of the vulnerabilities could lead to arbitrary command execution, privilege escalation, tampering, denial of services, system failure or take control of an affected system.
Software updates for affected systems are now available. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.
Users should contact their product support vendors for the fixes and assistance.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-webui
https://www.us-cert.gov/ncas/current-activity/2019/05/13/Cisco-Releases-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1862