ID

VAR-202009-0517


CVE

CVE-2019-1736


TITLE

Cisco UCS C  Digital Signature Verification Vulnerability in Series Rack Servers

Trust: 0.8

sources: JVNDB: JVNDB-2020-012517

DESCRIPTION

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. Cisco UCS C A series rack server contains a vulnerability related to digital signature verification.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco UCS C-Series is a C series rack server from Cisco (USA). The following products and versions are affected: Firepower Management Center (FMC) 1000; Firepower Management Center (FMC) 2500; Firepower Management Center (FMC) 4500; Secure Network Server 3500 Series Appliances; Secure Network Server 3600 Series Appliances; Threat Grid 5504 Appliance

Trust: 2.25

sources: NVD: CVE-2019-1736 // JVNDB: JVNDB-2020-012517 // CNVD: CNVD-2020-14317 // VULHUB: VHN-149598

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14317

AFFECTED PRODUCTS

vendor:ciscomodel:tg5004-k9 biosscope:ltversion:4.0.2d

Trust: 1.0

vendor:ciscomodel:sns-3615-k9scope:ltversion:4.0.1g

Trust: 1.0

vendor:ciscomodel:sns-3615-k9 biosscope:ltversion:4.0.1i

Trust: 1.0

vendor:ciscomodel:sns-3655-k9 biosscope:ltversion:4.0.1i

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6\(0.156\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.4\(0.357\)

Trust: 1.0

vendor:ciscomodel:fmc2500-k9 biosscope:ltversion:4.0.1f.0

Trust: 1.0

vendor:ciscomodel:fmc2500-k9scope:ltversion:4.0.2h

Trust: 1.0

vendor:ciscomodel:fmc1000-k9scope:ltversion:4.0.2h

Trust: 1.0

vendor:ciscomodel:fmc1000-k9 biosscope:ltversion:4.0.1f.0

Trust: 1.0

vendor:ciscomodel:sns-3515-k9 biosscope:ltversion:4.0.2d

Trust: 1.0

vendor:ciscomodel:unified computing systemscope:eqversion:3.2\(3h\)c

Trust: 1.0

vendor:ciscomodel:sns-3595-k9scope:ltversion:4.0.2h

Trust: 1.0

vendor:ciscomodel:tg5004-k9scope:ltversion:4.0.2h

Trust: 1.0

vendor:ciscomodel:tg5004-k9-rfscope:ltversion:4.0.2h

Trust: 1.0

vendor:ciscomodel:fmc4500-k9scope:ltversion:4.0.2h

Trust: 1.0

vendor:ciscomodel:sns-3655-k9scope:ltversion:4.0.1g

Trust: 1.0

vendor:ciscomodel:sns-3595-k9 biosscope:ltversion:4.0.2d

Trust: 1.0

vendor:ciscomodel:sns-3695-k9scope:ltversion:4.0.1g

Trust: 1.0

vendor:ciscomodel:tg5004-k9-rf biosscope:ltversion:4.0.2d

Trust: 1.0

vendor:ciscomodel:sns-3695-k9 biosscope:ltversion:4.0.1i

Trust: 1.0

vendor:ciscomodel:sns-3515-k9scope:ltversion:4.0.2h

Trust: 1.0

vendor:ciscomodel:fmc4500-k9 biosscope:ltversion:4.0.1f.0

Trust: 1.0

vendor:シスコシステムズmodel:fmc1000 k9 biosscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:fmc1000 k9scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:fmc2500 k9 biosscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:fmc2500 k9scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:fmc4500 k9 biosscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:fmc4500 k9scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:sns 3515 k9 biosscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:sns 3515 k9scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:sns 3595 k9 biosscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:sns 3595 k9scope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs c-series rack serversscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-14317 // JVNDB: JVNDB-2020-012517 // NVD: CVE-2019-1736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1736
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1736
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1736
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-14317
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-992
value: MEDIUM

Trust: 0.6

VULHUB: VHN-149598
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1736
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-14317
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-149598
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1736
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1736
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.3
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-1736
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14317 // VULHUB: VHN-149598 // JVNDB: JVNDB-2020-012517 // CNNVD: CNNVD-202002-992 // NVD: CVE-2019-1736 // NVD: CVE-2019-1736

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.1

problemtype:Improper verification of digital signatures (CWE-347) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-149598 // JVNDB: JVNDB-2020-012517 // NVD: CVE-2019-1736

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-992

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202002-992

PATCH

title:cisco-sa-20200219-ucs-boot-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass

Trust: 0.8

title:Patch for Cisco UCS C-Series Data Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/205687

Trust: 0.6

title:Cisco UCS C-Series Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110042

Trust: 0.6

sources: CNVD: CNVD-2020-14317 // JVNDB: JVNDB-2020-012517 // CNNVD: CNNVD-202002-992

EXTERNAL IDS

db:NVDid:CVE-2019-1736

Trust: 3.1

db:JVNDBid:JVNDB-2020-012517

Trust: 0.8

db:CNNVDid:CNNVD-202002-992

Trust: 0.7

db:CNVDid:CNVD-2020-14317

Trust: 0.6

db:AUSCERTid:ESB-2020.0613

Trust: 0.6

db:VULHUBid:VHN-149598

Trust: 0.1

sources: CNVD: CNVD-2020-14317 // VULHUB: VHN-149598 // JVNDB: JVNDB-2020-012517 // CNNVD: CNNVD-202002-992 // NVD: CVE-2019-1736

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200219-ucs-boot-bypass

Trust: 2.3

url:https://vigilance.fr/vulnerability/cisco-ucs-c-series-rack-server-privilege-escalation-via-uefi-secure-boot-bypass-31640

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-1736

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0613/

Trust: 0.6

sources: CNVD: CNVD-2020-14317 // VULHUB: VHN-149598 // JVNDB: JVNDB-2020-012517 // CNNVD: CNNVD-202002-992 // NVD: CVE-2019-1736

CREDITS

Emre Demirors

Trust: 0.6

sources: CNNVD: CNNVD-202002-992

SOURCES

db:CNVDid:CNVD-2020-14317
db:VULHUBid:VHN-149598
db:JVNDBid:JVNDB-2020-012517
db:CNNVDid:CNNVD-202002-992
db:NVDid:CVE-2019-1736

LAST UPDATE DATE

2024-08-14T14:50:34.457000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-14317date:2020-02-28T00:00:00
db:VULHUBid:VHN-149598date:2020-10-23T00:00:00
db:JVNDBid:JVNDB-2020-012517date:2021-05-11T08:19:00
db:CNNVDid:CNNVD-202002-992date:2020-10-26T00:00:00
db:NVDid:CVE-2019-1736date:2020-10-23T18:21:19.337

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-14317date:2020-02-28T00:00:00
db:VULHUBid:VHN-149598date:2020-09-23T00:00:00
db:JVNDBid:JVNDB-2020-012517date:2021-05-11T00:00:00
db:CNNVDid:CNNVD-202002-992date:2020-02-19T00:00:00
db:NVDid:CVE-2019-1736date:2020-09-23T01:15:14.300