Improper Verification of Cryptographic Signature in Cisco Systems, Inc Other software

#VU25491 Improper Verification of Cryptographic Signature in Cisco Systems, Inc Other software

Published: 2020-02-20

Vulnerability identifier: #VU25491

Vulnerability risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1736

CWE-ID: CWE-347

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Firepower Management Center 1000
Client/Desktop applications / Antivirus software/Personal firewalls
Firepower Management Center 2500
Client/Desktop applications / Antivirus software/Personal firewalls
Firepower Management Center 4500
Client/Desktop applications / Antivirus software/Personal firewalls
Secure Network Server 3500 Series Appliances
Client/Desktop applications / Antivirus software/Personal firewalls
Cisco Secure Network Server 3600 Series Appliances
Client/Desktop applications / Antivirus software/Personal firewalls
Threat Grid 5504 Appliance
Other software / Other software solutions

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a local user to load a compromised software image on an affected device.

The vulnerability exists within the firmware of the Cisco UCS C-Series Rack Servers due to improper validation of the server firmware upgrade images. An administrator with physical access can install a server firmware version that would allow the attacker to disable UEFI Secure Boot.

A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Firepower Management Center 1000: All versions

Firepower Management Center 2500: All versions

Firepower Management Center 4500 : All versions

Secure Network Server 3500 Series Appliances: All versions

Cisco Secure Network Server 3600 Series Appliances: All versions

Threat Grid 5504 Appliance: All versions

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Verification of Cryptographic Signature in Multiple Cisco UCS-Based Products