Details of VAR-202009-0517

ID

VAR-202009-0517

CVE

CVE-2019-1736

TITLE

Cisco UCS C Digital Signature Verification Vulnerability in Series Rack Servers

Trust: 0.8

sources: JVNDB: JVNDB-2020-012517

DESCRIPTION

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. Cisco UCS C A series rack server contains a vulnerability related to digital signature verification.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco UCS C-Series is a C series rack server from Cisco (USA). The following products and versions are affected: Firepower Management Center (FMC) 1000; Firepower Management Center (FMC) 2500; Firepower Management Center (FMC) 4500; Secure Network Server 3500 Series Appliances; Secure Network Server 3600 Series Appliances; Threat Grid 5504 Appliance

Trust: 2.25

sources: NVD: CVE-2019-1736 // JVNDB: JVNDB-2020-012517 // CNVD: CNVD-2020-14317 // VULHUB: VHN-149598

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-14317

AFFECTED PRODUCTS

vendor:	cisco	model:	tg5004-k9 bios	scope:	lt	version:	4.0.2d	Trust: 1.0
vendor:	cisco	model:	sns-3615-k9	scope:	lt	version:	4.0.1g	Trust: 1.0
vendor:	cisco	model:	sns-3615-k9 bios	scope:	lt	version:	4.0.1i	Trust: 1.0
vendor:	cisco	model:	sns-3655-k9 bios	scope:	lt	version:	4.0.1i	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.6\(0.156\)	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.4\(0.357\)	Trust: 1.0
vendor:	cisco	model:	fmc2500-k9 bios	scope:	lt	version:	4.0.1f.0	Trust: 1.0
vendor:	cisco	model:	fmc2500-k9	scope:	lt	version:	4.0.2h	Trust: 1.0
vendor:	cisco	model:	fmc1000-k9	scope:	lt	version:	4.0.2h	Trust: 1.0
vendor:	cisco	model:	fmc1000-k9 bios	scope:	lt	version:	4.0.1f.0	Trust: 1.0
vendor:	cisco	model:	sns-3515-k9 bios	scope:	lt	version:	4.0.2d	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.2\(3h\)c	Trust: 1.0
vendor:	cisco	model:	sns-3595-k9	scope:	lt	version:	4.0.2h	Trust: 1.0
vendor:	cisco	model:	tg5004-k9	scope:	lt	version:	4.0.2h	Trust: 1.0
vendor:	cisco	model:	tg5004-k9-rf	scope:	lt	version:	4.0.2h	Trust: 1.0
vendor:	cisco	model:	fmc4500-k9	scope:	lt	version:	4.0.2h	Trust: 1.0
vendor:	cisco	model:	sns-3655-k9	scope:	lt	version:	4.0.1g	Trust: 1.0
vendor:	cisco	model:	sns-3595-k9 bios	scope:	lt	version:	4.0.2d	Trust: 1.0
vendor:	cisco	model:	sns-3695-k9	scope:	lt	version:	4.0.1g	Trust: 1.0
vendor:	cisco	model:	tg5004-k9-rf bios	scope:	lt	version:	4.0.2d	Trust: 1.0
vendor:	cisco	model:	sns-3695-k9 bios	scope:	lt	version:	4.0.1i	Trust: 1.0
vendor:	cisco	model:	sns-3515-k9	scope:	lt	version:	4.0.2h	Trust: 1.0
vendor:	cisco	model:	fmc4500-k9 bios	scope:	lt	version:	4.0.1f.0	Trust: 1.0
vendor:	シスコシステムズ	model:	fmc1000 k9 bios	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	fmc1000 k9	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	fmc2500 k9 bios	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	fmc2500 k9	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	fmc4500 k9 bios	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	fmc4500 k9	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	sns 3515 k9 bios	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	sns 3515 k9	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	sns 3595 k9 bios	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	sns 3595 k9	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ucs c-series rack servers	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-14317 // JVNDB: JVNDB-2020-012517 // NVD: CVE-2019-1736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1736
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1736
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1736
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-14317
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202002-992
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-149598
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1736
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-14317
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-149598
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1736
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1736
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.3
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1736
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-14317 // VULHUB: VHN-149598 // JVNDB: JVNDB-2020-012517 // CNNVD: CNNVD-202002-992 // NVD: CVE-2019-1736 // NVD: CVE-2019-1736

PROBLEMTYPE DATA

problemtype:	CWE-347	Trust: 1.1
problemtype:	Improper verification of digital signatures (CWE-347) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-149598 // JVNDB: JVNDB-2020-012517 // NVD: CVE-2019-1736

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-992

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202002-992

PATCH

title:	cisco-sa-20200219-ucs-boot-bypass	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass	Trust: 0.8
title:	Patch for Cisco UCS C-Series Data Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/205687	Trust: 0.6
title:	Cisco UCS C-Series Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110042	Trust: 0.6

sources: CNVD: CNVD-2020-14317 // JVNDB: JVNDB-2020-012517 // CNNVD: CNNVD-202002-992

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1736	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-012517	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-992	Trust: 0.7
db:	CNVD	id:	CNVD-2020-14317	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0613	Trust: 0.6
db:	VULHUB	id:	VHN-149598	Trust: 0.1

sources: CNVD: CNVD-2020-14317 // VULHUB: VHN-149598 // JVNDB: JVNDB-2020-012517 // CNNVD: CNNVD-202002-992 // NVD: CVE-2019-1736

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200219-ucs-boot-bypass	Trust: 2.3
url:	https://vigilance.fr/vulnerability/cisco-ucs-c-series-rack-server-privilege-escalation-via-uefi-secure-boot-bypass-31640	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1736	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0613/	Trust: 0.6

sources: CNVD: CNVD-2020-14317 // VULHUB: VHN-149598 // JVNDB: JVNDB-2020-012517 // CNNVD: CNNVD-202002-992 // NVD: CVE-2019-1736

CREDITS

Emre Demirors

Trust: 0.6

sources: CNNVD: CNNVD-202002-992

SOURCES

db:	CNVD	id:	CNVD-2020-14317
db:	VULHUB	id:	VHN-149598
db:	JVNDB	id:	JVNDB-2020-012517
db:	CNNVD	id:	CNNVD-202002-992
db:	NVD	id:	CVE-2019-1736

LAST UPDATE DATE

2024-08-14T14:50:34.457000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-14317	date:	2020-02-28T00:00:00
db:	VULHUB	id:	VHN-149598	date:	2020-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-012517	date:	2021-05-11T08:19:00
db:	CNNVD	id:	CNNVD-202002-992	date:	2020-10-26T00:00:00
db:	NVD	id:	CVE-2019-1736	date:	2020-10-23T18:21:19.337

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-14317	date:	2020-02-28T00:00:00
db:	VULHUB	id:	VHN-149598	date:	2020-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-012517	date:	2021-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202002-992	date:	2020-02-19T00:00:00
db:	NVD	id:	CVE-2019-1736	date:	2020-09-23T01:15:14.300