CVE-2019-1736 — MEDIUM (6.6)

Q: How severe is CVE-2019-1736?

CVE-2019-1736 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1736?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Fmc1000-K9 Bios, Cisco Fmc1000-K9 Firmware, Cisco Fmc2500-K9 Bios, Cisco Fmc2500-K9 Firmware, Cisco Fmc4500-K9 Bios.

Vulnerability Description

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

CVSS Score

6.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Fmc1000-K9 Bios	< 4.0.1f.0
Cisco	Fmc1000-K9 Firmware	< 4.0.2h
Cisco	Fmc2500-K9 Bios	< 4.0.1f.0
Cisco	Fmc2500-K9 Firmware	< 4.0.2h
Cisco	Fmc4500-K9 Bios	< 4.0.1f.0
Cisco	Fmc4500-K9 Firmware	< 4.0.2h
Cisco	Sns-3515-K9 Bios	< 4.0.2d
Cisco	Sns-3515-K9 Firmware	< 4.0.2h
Cisco	Sns-3595-K9 Bios	< 4.0.2d
Cisco	Sns-3595-K9 Firmware	< 4.0.2h
Cisco	Sns-3615-K9 Bios	< 4.0.1i
Cisco	Sns-3615-K9 Firmware	< 4.0.1g
Cisco	Sns-3655-K9 Bios	< 4.0.1i
Cisco	Sns-3655-K9 Firmware	< 4.0.1g
Cisco	Sns-3695-K9 Bios	< 4.0.1i
Cisco	Sns-3695-K9 Firmware	< 4.0.1g
Cisco	Tg5004-K9 Bios	< 4.0.2d
Cisco	Tg5004-K9 Firmware	< 4.0.2h
Cisco	Tg5004-K9-Rf Bios	< 4.0.2d
Cisco	Tg5004-K9-Rf Firmware	< 4.0.2h

Related Weaknesses (CWE)

CWE-347

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2PatchVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2PatchVendor Advisory

FAQ

What is CVE-2019-1736?

CVE-2019-1736 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation che...

How severe is CVE-2019-1736?

CVE-2019-1736 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1736?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Fmc1000-K9 Bios, Cisco Fmc1000-K9 Firmware, Cisco Fmc2500-K9 Bios, Cisco Fmc2500-K9 Firmware, Cisco Fmc4500-K9 Bios.