← Back

CVE-2019-1736

nvd nist
Published: Sep 23, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.6
Vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.7 / Impact: 5.9
Source: NVD

Description

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

Affected (23)

Cisco
22 products
Fmc1000 K9 Bios
Fmc1000 K9 Firmware
Fmc2500 K9 Bios
Fmc2500 K9 Firmware
Fmc4500 K9 Bios
Fmc4500 K9 Firmware
Sns 3515 K9 Bios
Sns 3515 K9 Firmware
Sns 3595 K9 Bios
Sns 3595 K9 Firmware
Sns 3615 K9 Bios
Sns 3615 K9 Firmware
Sns 3655 K9 Bios
Sns 3655 K9 Firmware
Sns 3695 K9 Bios
Sns 3695 K9 Firmware
Tg5004 K9 Bios
Tg5004 K9 Firmware
Tg5004 K9 Rf Bios
Tg5004 K9 Rf Firmware
Identity Services Engine
Unified Computing System
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Fmc1000 K9 Bios
Before 4.0.1f.0
Fmc1000 K9 Firmware
Before 4.0.2h
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fmc2500 K9 Bios
Before 4.0.1f.0
Fmc2500 K9 Firmware
Before 4.0.2h
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Fmc4500 K9 Bios
Before 4.0.1f.0
Fmc4500 K9 Firmware
Before 4.0.2h
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Sns 3515 K9 Bios
Before 4.0.2d
Sns 3515 K9 Firmware
Before 4.0.2h
Configuration E
2 vulnerable
Vulnerable SoftwareAffected Versions
Sns 3595 K9 Bios
Before 4.0.2d
Sns 3595 K9 Firmware
Before 4.0.2h
Configuration F
2 vulnerable
Vulnerable SoftwareAffected Versions
Sns 3615 K9 Bios
Before 4.0.1i
Sns 3615 K9 Firmware
Before 4.0.1g
Configuration G
2 vulnerable
Vulnerable SoftwareAffected Versions
Sns 3655 K9 Bios
Before 4.0.1i
Sns 3655 K9 Firmware
Before 4.0.1g
Configuration H
2 vulnerable
Vulnerable SoftwareAffected Versions
Sns 3695 K9 Bios
Before 4.0.1i
Sns 3695 K9 Firmware
Before 4.0.1g
Configuration I
2 vulnerable
Vulnerable SoftwareAffected Versions
Tg5004 K9 Bios
Before 4.0.2d
Tg5004 K9 Firmware
Before 4.0.2h
Configuration J
2 vulnerable
Vulnerable SoftwareAffected Versions
Tg5004 K9 Rf Bios
Before 4.0.2d
Tg5004 K9 Rf Firmware
Before 4.0.2h
Configuration K
3 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Identity Services Engine
Version 2.4(0.357)
Identity Services Engine
Version 2.6(0.156)
Unified Computing System
Version 3.2(3h)c

Related CWEs

CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.