Lucene search

[email protected]NVD:CVE-2019-1736

HistorySep 23, 2020 - 1:15 a.m.

CVE-2019-1736

2020-09-2301:15:14

CWE-347

[email protected]

web.nvd.nist.gov

cisco

ucs c-series

firmware

uefi secure boot

vulnerability

signature validation

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

Affected configurations

Nvd

Node

ciscofmc1000-k9_biosRange<4.0.1f.0

AND

ciscofmc1000-k9_firmwareRange<4.0.2h

Node

ciscofmc2500-k9_biosRange<4.0.1f.0

AND

ciscofmc2500-k9_firmwareRange<4.0.2h

Node

ciscofmc4500-k9_biosRange<4.0.1f.0

AND

ciscofmc4500-k9_firmwareRange<4.0.2h

Node

ciscosns-3515-k9_biosRange<4.0.2d

AND

ciscosns-3515-k9_firmwareRange<4.0.2h

Node

ciscosns-3595-k9_biosRange<4.0.2d

AND

ciscosns-3595-k9_firmwareRange<4.0.2h

Node

ciscosns-3615-k9_biosRange<4.0.1i

AND

ciscosns-3615-k9_firmwareRange<4.0.1g

Node

ciscosns-3655-k9_biosRange<4.0.1i

AND

ciscosns-3655-k9_firmwareRange<4.0.1g

Node

ciscosns-3695-k9_biosRange<4.0.1i

AND

ciscosns-3695-k9_firmwareRange<4.0.1g

Node

ciscotg5004-k9_biosRange<4.0.2d

AND

ciscotg5004-k9_firmwareRange<4.0.2h

Node

ciscotg5004-k9-rf_biosRange<4.0.2d

AND

ciscotg5004-k9-rf_firmwareRange<4.0.2h

Node

ciscoidentity_services_engineMatch2.4\(0.357\)

ciscoidentity_services_engineMatch2.6\(0.156\)

ciscounified_computing_systemMatch3.2\(3h\)c

VendorProductVersionCPE
ciscofmc1000-k9_bios*cpe:2.3:o:cisco:fmc1000-k9_bios:*:*:*:*:*:*:*:*
ciscofmc1000-k9_firmware*cpe:2.3:o:cisco:fmc1000-k9_firmware:*:*:*:*:*:*:*:*
ciscofmc2500-k9_bios*cpe:2.3:o:cisco:fmc2500-k9_bios:*:*:*:*:*:*:*:*
ciscofmc2500-k9_firmware*cpe:2.3:o:cisco:fmc2500-k9_firmware:*:*:*:*:*:*:*:*
ciscofmc4500-k9_bios*cpe:2.3:o:cisco:fmc4500-k9_bios:*:*:*:*:*:*:*:*
ciscofmc4500-k9_firmware*cpe:2.3:o:cisco:fmc4500-k9_firmware:*:*:*:*:*:*:*:*
ciscosns-3515-k9_bios*cpe:2.3:o:cisco:sns-3515-k9_bios:*:*:*:*:*:*:*:*
ciscosns-3515-k9_firmware*cpe:2.3:o:cisco:sns-3515-k9_firmware:*:*:*:*:*:*:*:*
ciscosns-3595-k9_bios*cpe:2.3:o:cisco:sns-3595-k9_bios:*:*:*:*:*:*:*:*
ciscosns-3595-k9_firmware*cpe:2.3:o:cisco:sns-3595-k9_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	fmc1000-k9_bios	*	cpe:2.3:o:cisco:fmc1000-k9_bios::::::::
cisco	fmc1000-k9_firmware	*	cpe:2.3:o:cisco:fmc1000-k9_firmware::::::::
cisco	fmc2500-k9_bios	*	cpe:2.3:o:cisco:fmc2500-k9_bios::::::::
cisco	fmc2500-k9_firmware	*	cpe:2.3:o:cisco:fmc2500-k9_firmware::::::::
cisco	fmc4500-k9_bios	*	cpe:2.3:o:cisco:fmc4500-k9_bios::::::::
cisco	fmc4500-k9_firmware	*	cpe:2.3:o:cisco:fmc4500-k9_firmware::::::::
cisco	sns-3515-k9_bios	*	cpe:2.3:o:cisco:sns-3515-k9_bios::::::::
cisco	sns-3515-k9_firmware	*	cpe:2.3:o:cisco:sns-3515-k9_firmware::::::::
cisco	sns-3595-k9_bios	*	cpe:2.3:o:cisco:sns-3595-k9_bios::::::::
cisco	sns-3595-k9_firmware	*	cpe:2.3:o:cisco:sns-3595-k9_firmware::::::::

Rows per page:

1-10 of 231

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2019-1736

cisco1 prion1 cve1 cvelist1