All the vulnerabilites related to cisco - tg5004-k9_bios
Vulnerability from fkie_nvd
Published
2020-09-23 01:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | fmc1000-k9_bios | * | |
| cisco | fmc1000-k9_firmware | * | |
| cisco | fmc2500-k9_bios | * | |
| cisco | fmc2500-k9_firmware | * | |
| cisco | fmc4500-k9_bios | * | |
| cisco | fmc4500-k9_firmware | * | |
| cisco | sns-3515-k9_bios | * | |
| cisco | sns-3515-k9_firmware | * | |
| cisco | sns-3595-k9_bios | * | |
| cisco | sns-3595-k9_firmware | * | |
| cisco | sns-3615-k9_bios | * | |
| cisco | sns-3615-k9_firmware | * | |
| cisco | sns-3655-k9_bios | * | |
| cisco | sns-3655-k9_firmware | * | |
| cisco | sns-3695-k9_bios | * | |
| cisco | sns-3695-k9_firmware | * | |
| cisco | tg5004-k9_bios | * | |
| cisco | tg5004-k9_firmware | * | |
| cisco | tg5004-k9-rf_bios | * | |
| cisco | tg5004-k9-rf_firmware | * | |
| cisco | identity_services_engine | 2.4\(0.357\) | |
| cisco | identity_services_engine | 2.6\(0.156\) | |
| cisco | unified_computing_system | 3.2\(3h\)c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:fmc1000-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8EFE3-86C3-4BF1-BE42-8B551744CE8A",
"versionEndExcluding": "4.0.1f.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fmc1000-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1433B697-00F9-4406-997D-E17423E029B0",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:fmc2500-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58ABEB14-1978-4153-8DEB-F7E3A4AC6CAA",
"versionEndExcluding": "4.0.1f.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fmc2500-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476C0A42-BB56-46F5-8072-714A5CB83414",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:fmc4500-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05FFE84E-B22E-4879-A278-8CA364DCB54F",
"versionEndExcluding": "4.0.1f.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fmc4500-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0E9F88-B684-48DC-BD8F-2A827F12D0A7",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sns-3515-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE189663-69EE-4729-890B-EBA9D82555E4",
"versionEndExcluding": "4.0.2d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sns-3515-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A507AB2-5532-4580-B5F4-DEDDFEFF6339",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sns-3595-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A8BA98-546F-40AC-91A5-4D8850BF5B38",
"versionEndExcluding": "4.0.2d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sns-3595-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6B2D1D-203A-4039-8D3F-8512316C68E7",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sns-3615-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57E73F85-A9BD-49FF-89D2-55CB1843909A",
"versionEndExcluding": "4.0.1i",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sns-3615-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E04D5924-66BA-461A-B9D3-69617FE21CD4",
"versionEndExcluding": "4.0.1g",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sns-3655-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D4D357-CD06-40C0-B06E-715E0C006AC8",
"versionEndExcluding": "4.0.1i",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sns-3655-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C69DA15A-B655-4C56-A902-2422BC9EC4D1",
"versionEndExcluding": "4.0.1g",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sns-3695-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "090C0243-1592-4569-819E-DE3C141E5760",
"versionEndExcluding": "4.0.1i",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sns-3695-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98E293-64B7-4B98-B456-B08A69D82664",
"versionEndExcluding": "4.0.1g",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:tg5004-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A398C1C9-4A93-4003-8F0D-3F8AC5B7987D",
"versionEndExcluding": "4.0.2d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:tg5004-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02522127-7119-4C28-B5E3-1B3B01D7D7D0",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:tg5004-k9-rf_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3085CB8E-7BAC-469C-B021-0E33169F8A50",
"versionEndExcluding": "4.0.2d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:tg5004-k9-rf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C580A0-E7A6-49B3-9F9B-7F0FB4922933",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4\\(0.357\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B60E8BB7-EAC5-4120-AFD0-5E72CCC97670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6\\(0.156\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2DBAC90B-72AE-4B0B-92DC-D226F3AFD0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3h\\)c:*:*:*:*:*:*:*",
"matchCriteriaId": "94ACCB93-48B4-47D9-90BE-CB1A65994200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el firmware de Cisco UCS C-Series Rack Servers, podr\u00eda permitir a un atacante f\u00edsico autenticado omitir las comprobaciones de validaci\u00f3n de Unified Extensible Firmware Interface (UEFI) Secure Boot y cargar una imagen de software comprometida en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n inapropiada de las im\u00e1genes de actualizaci\u00f3n del firmware del servidor.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante la instalaci\u00f3n una versi\u00f3n de firmware del servidor que le permitir\u00eda deshabilitar el UEFI Secure Boot.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante omitir las comprobaciones de validaci\u00f3n de firmas que realiza la tecnolog\u00eda UEFI Secure Boot y cargar una imagen de software comprometida en el dispositivo afectado.\u0026#xa0;Una imagen de software comprometida es cualquier imagen de software que no haya sido firmada digitalmente por Cisco"
}
],
"id": "CVE-2019-1736",
"lastModified": "2024-11-21T04:37:12.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-23T01:15:14.300",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-1736
Vulnerability from cvelistv5
Published
2020-09-23 00:26
Modified
2024-11-13 18:05
Severity ?
EPSS score ?
Summary
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Identity Services Engine Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200219 Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:18:03.065097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:05:16.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T00:26:09",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200219 Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass"
}
],
"source": {
"advisory": "cisco-sa-20200219-ucs-boot-bypass",
"defect": [
[
"CSCvn09490",
"CSCvq27796",
"CSCvq27803"
]
],
"discovery": "INTERNAL"
},
"title": "Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-02-19T16:00:00",
"ID": "CVE-2019-1736",
"STATE": "PUBLIC",
"TITLE": "Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.2",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200219 Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass"
}
]
},
"source": {
"advisory": "cisco-sa-20200219-ucs-boot-bypass",
"defect": [
[
"CSCvn09490",
"CSCvq27796",
"CSCvq27803"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1736",
"datePublished": "2020-09-23T00:26:09.923718Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-13T18:05:16.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}