Lucene search

CiscoCVE-2019-1736

HistorySep 23, 2020 - 1:15 a.m.

CVE-2019-1736

2020-09-2301:15:14

CWE-347

cisco

web.nvd.nist.gov

cisco

ucs

c-series

rack servers

firmware

vulnerability

uefi secure boot

validation

compromised software

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

Percentile

12.6%

JSON

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

Affected configurations

Nvd

Node

ciscofmc1000-k9_biosRange<4.0.1f.0

AND

ciscofmc1000-k9_firmwareRange<4.0.2h

Node

ciscofmc2500-k9_biosRange<4.0.1f.0

AND

ciscofmc2500-k9_firmwareRange<4.0.2h

Node

ciscofmc4500-k9_biosRange<4.0.1f.0

AND

ciscofmc4500-k9_firmwareRange<4.0.2h

Node

ciscosns-3515-k9_biosRange<4.0.2d

AND

ciscosns-3515-k9_firmwareRange<4.0.2h

Node

ciscosns-3595-k9_biosRange<4.0.2d

AND

ciscosns-3595-k9_firmwareRange<4.0.2h

Node

ciscosns-3615-k9_biosRange<4.0.1i

AND

ciscosns-3615-k9_firmwareRange<4.0.1g

Node

ciscosns-3655-k9_biosRange<4.0.1i

AND

ciscosns-3655-k9_firmwareRange<4.0.1g

Node

ciscosns-3695-k9_biosRange<4.0.1i

AND

ciscosns-3695-k9_firmwareRange<4.0.1g

Node

ciscotg5004-k9_biosRange<4.0.2d

AND

ciscotg5004-k9_firmwareRange<4.0.2h

Node

ciscotg5004-k9-rf_biosRange<4.0.2d

AND

ciscotg5004-k9-rf_firmwareRange<4.0.2h

Node

ciscoidentity_services_engineMatch2.4\(0.357\)

ciscoidentity_services_engineMatch2.6\(0.156\)

ciscounified_computing_systemMatch3.2\(3h\)c

VendorProductVersionCPE
ciscofmc1000-k9_bios*cpe:2.3:o:cisco:fmc1000-k9_bios:*:*:*:*:*:*:*:*
ciscofmc1000-k9_firmware*cpe:2.3:o:cisco:fmc1000-k9_firmware:*:*:*:*:*:*:*:*
ciscofmc2500-k9_bios*cpe:2.3:o:cisco:fmc2500-k9_bios:*:*:*:*:*:*:*:*
ciscofmc2500-k9_firmware*cpe:2.3:o:cisco:fmc2500-k9_firmware:*:*:*:*:*:*:*:*
ciscofmc4500-k9_bios*cpe:2.3:o:cisco:fmc4500-k9_bios:*:*:*:*:*:*:*:*
ciscofmc4500-k9_firmware*cpe:2.3:o:cisco:fmc4500-k9_firmware:*:*:*:*:*:*:*:*
ciscosns-3515-k9_bios*cpe:2.3:o:cisco:sns-3515-k9_bios:*:*:*:*:*:*:*:*
ciscosns-3515-k9_firmware*cpe:2.3:o:cisco:sns-3515-k9_firmware:*:*:*:*:*:*:*:*
ciscosns-3595-k9_bios*cpe:2.3:o:cisco:sns-3595-k9_bios:*:*:*:*:*:*:*:*
ciscosns-3595-k9_firmware*cpe:2.3:o:cisco:sns-3595-k9_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	fmc1000-k9_bios	*	cpe:2.3:o:cisco:fmc1000-k9_bios::::::::
cisco	fmc1000-k9_firmware	*	cpe:2.3:o:cisco:fmc1000-k9_firmware::::::::
cisco	fmc2500-k9_bios	*	cpe:2.3:o:cisco:fmc2500-k9_bios::::::::
cisco	fmc2500-k9_firmware	*	cpe:2.3:o:cisco:fmc2500-k9_firmware::::::::
cisco	fmc4500-k9_bios	*	cpe:2.3:o:cisco:fmc4500-k9_bios::::::::
cisco	fmc4500-k9_firmware	*	cpe:2.3:o:cisco:fmc4500-k9_firmware::::::::
cisco	sns-3515-k9_bios	*	cpe:2.3:o:cisco:sns-3515-k9_bios::::::::
cisco	sns-3515-k9_firmware	*	cpe:2.3:o:cisco:sns-3515-k9_firmware::::::::
cisco	sns-3595-k9_bios	*	cpe:2.3:o:cisco:sns-3595-k9_bios::::::::
cisco	sns-3595-k9_firmware	*	cpe:2.3:o:cisco:sns-3595-k9_firmware::::::::

Rows per page:

1-10 of 231

CNA Affected

[
  {
    "product": "Cisco Identity Services Engine Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-1736