FKIE_CVE-2019-1736
Vulnerability from fkie_nvd - Published: 2020-09-23 01:15 - Updated: 2024-11-21 04:37
Severity ?
Summary
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | fmc1000-k9_bios | * | |
| cisco | fmc1000-k9_firmware | * | |
| cisco | fmc2500-k9_bios | * | |
| cisco | fmc2500-k9_firmware | * | |
| cisco | fmc4500-k9_bios | * | |
| cisco | fmc4500-k9_firmware | * | |
| cisco | sns-3515-k9_bios | * | |
| cisco | sns-3515-k9_firmware | * | |
| cisco | sns-3595-k9_bios | * | |
| cisco | sns-3595-k9_firmware | * | |
| cisco | sns-3615-k9_bios | * | |
| cisco | sns-3615-k9_firmware | * | |
| cisco | sns-3655-k9_bios | * | |
| cisco | sns-3655-k9_firmware | * | |
| cisco | sns-3695-k9_bios | * | |
| cisco | sns-3695-k9_firmware | * | |
| cisco | tg5004-k9_bios | * | |
| cisco | tg5004-k9_firmware | * | |
| cisco | tg5004-k9-rf_bios | * | |
| cisco | tg5004-k9-rf_firmware | * | |
| cisco | identity_services_engine | 2.4\(0.357\) | |
| cisco | identity_services_engine | 2.6\(0.156\) | |
| cisco | unified_computing_system | 3.2\(3h\)c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:fmc1000-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8EFE3-86C3-4BF1-BE42-8B551744CE8A",
"versionEndExcluding": "4.0.1f.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fmc1000-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1433B697-00F9-4406-997D-E17423E029B0",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:fmc2500-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58ABEB14-1978-4153-8DEB-F7E3A4AC6CAA",
"versionEndExcluding": "4.0.1f.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fmc2500-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476C0A42-BB56-46F5-8072-714A5CB83414",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:fmc4500-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05FFE84E-B22E-4879-A278-8CA364DCB54F",
"versionEndExcluding": "4.0.1f.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fmc4500-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0E9F88-B684-48DC-BD8F-2A827F12D0A7",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sns-3515-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE189663-69EE-4729-890B-EBA9D82555E4",
"versionEndExcluding": "4.0.2d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sns-3515-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A507AB2-5532-4580-B5F4-DEDDFEFF6339",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sns-3595-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A8BA98-546F-40AC-91A5-4D8850BF5B38",
"versionEndExcluding": "4.0.2d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sns-3595-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6B2D1D-203A-4039-8D3F-8512316C68E7",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sns-3615-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57E73F85-A9BD-49FF-89D2-55CB1843909A",
"versionEndExcluding": "4.0.1i",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sns-3615-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E04D5924-66BA-461A-B9D3-69617FE21CD4",
"versionEndExcluding": "4.0.1g",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sns-3655-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D4D357-CD06-40C0-B06E-715E0C006AC8",
"versionEndExcluding": "4.0.1i",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sns-3655-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C69DA15A-B655-4C56-A902-2422BC9EC4D1",
"versionEndExcluding": "4.0.1g",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:sns-3695-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "090C0243-1592-4569-819E-DE3C141E5760",
"versionEndExcluding": "4.0.1i",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sns-3695-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC98E293-64B7-4B98-B456-B08A69D82664",
"versionEndExcluding": "4.0.1g",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:tg5004-k9_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A398C1C9-4A93-4003-8F0D-3F8AC5B7987D",
"versionEndExcluding": "4.0.2d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:tg5004-k9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02522127-7119-4C28-B5E3-1B3B01D7D7D0",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:tg5004-k9-rf_bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3085CB8E-7BAC-469C-B021-0E33169F8A50",
"versionEndExcluding": "4.0.2d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:tg5004-k9-rf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C580A0-E7A6-49B3-9F9B-7F0FB4922933",
"versionEndExcluding": "4.0.2h",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4\\(0.357\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B60E8BB7-EAC5-4120-AFD0-5E72CCC97670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6\\(0.156\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2DBAC90B-72AE-4B0B-92DC-D226F3AFD0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3h\\)c:*:*:*:*:*:*:*",
"matchCriteriaId": "94ACCB93-48B4-47D9-90BE-CB1A65994200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el firmware de Cisco UCS C-Series Rack Servers, podr\u00eda permitir a un atacante f\u00edsico autenticado omitir las comprobaciones de validaci\u00f3n de Unified Extensible Firmware Interface (UEFI) Secure Boot y cargar una imagen de software comprometida en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n inapropiada de las im\u00e1genes de actualizaci\u00f3n del firmware del servidor.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante la instalaci\u00f3n una versi\u00f3n de firmware del servidor que le permitir\u00eda deshabilitar el UEFI Secure Boot.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante omitir las comprobaciones de validaci\u00f3n de firmas que realiza la tecnolog\u00eda UEFI Secure Boot y cargar una imagen de software comprometida en el dispositivo afectado.\u0026#xa0;Una imagen de software comprometida es cualquier imagen de software que no haya sido firmada digitalmente por Cisco"
}
],
"id": "CVE-2019-1736",
"lastModified": "2024-11-21T04:37:12.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-23T01:15:14.300",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…