Improper Verification of Cryptographic Signature in Multiple Cisco UCS-Based Products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-1736 |
| CWE-ID | CWE-347 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Firepower Management Center 1000 Client/Desktop applications / Antivirus software/Personal firewalls Firepower Management Center 2500 Client/Desktop applications / Antivirus software/Personal firewalls Firepower Management Center 4500 Client/Desktop applications / Antivirus software/Personal firewalls Secure Network Server 3500 Series Appliances Client/Desktop applications / Antivirus software/Personal firewalls Cisco Secure Network Server 3600 Series Appliances Client/Desktop applications / Antivirus software/Personal firewalls Threat Grid 5504 Appliance Other software / Other software solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU25491
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1736
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a local user to load a compromised software image on an affected device.
The vulnerability exists within the firmware of the Cisco UCS C-Series Rack Servers due to improper validation of the server firmware upgrade images. An administrator with physical access can install a server firmware version that would allow the attacker to disable UEFI Secure Boot.
A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFirepower Management Center 1000: before 4.0.2h
Firepower Management Center 2500: before 4.0.2h
Firepower Management Center 4500 : before 4.0.2h
Secure Network Server 3500 Series Appliances: before 4.0.2h
Cisco Secure Network Server 3600 Series Appliances: before 4.0.4i
Threat Grid 5504 Appliance: before 4.0.2h
CPE2.3- cpe:2.3:a:cisco_systems:firepower_management_center_1000:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:firepower_management_center_2500:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:firepower_management_center_4500:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:secure_network_server_3500_series_appliances:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_secure_network_server_3600_series_appliances:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:threat_grid_5504_appliance:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
