CVE-2019-1736

Description

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

Risk Information

Base Score

6.6

MODERATE

Vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.033

Associated Vulnerability

Vulnerability	OS Platform
Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability For Cisco Unified Computing System	NCM
Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability For Cisco Identity Services Engine	NCM
Improper Verification of Cryptographic Signature Vulnerability (CVE-2019-1736)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706036	Security Update for Cisco Unified Computing System 3.2(1d)
PATCH-1706002	Security Update for Cisco Identity Services Engine 2.0(0.905)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234