CVE-2019-1736 (CNNVD-202002-992)

MEDIUM
中文标题:
Cisco UCS C-Series Rack Servers 数据伪造问题漏洞
英文标题:
Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability
CVSS分数: 6.2
发布时间: 2020-09-23 00:26:09
漏洞类型: 授权问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Cisco UCS C-Series是美国思科(Cisco)公司的一款C系列机架式服务器。 Cisco UCS C-Series Rack Servers中的固件存在数据伪造漏洞,该漏洞源于程序无法正确验证服务器固件更新镜像。攻击者可利用该漏洞利用该漏洞绕过签名验证检查并加载未被Cisco签名的软件镜像。以下产品及版本受到影响:Firepower Management Center (FMC) 1000;Firepower Management Center (FMC) 2500;Firepower Management Center (FMC) 4500;Secure Network Server 3500 Series Appliances;Secure Network Server 3600 Series Appliances;Threat Grid 5504 Appliance。

英文描述:

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

CWE类型:
CWE-347
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Cisco Cisco Identity Services Engine Software n/a - - cpe:2.3:a:cisco:cisco_identity_services_engine_software:n_a:*:*:*:*:*:*:*
cisco fmc1000-k9_bios * - - cpe:2.3:o:cisco:fmc1000-k9_bios:*:*:*:*:*:*:*:*
cisco fmc1000-k9_firmware * - - cpe:2.3:o:cisco:fmc1000-k9_firmware:*:*:*:*:*:*:*:*
cisco fmc2500-k9_bios * - - cpe:2.3:o:cisco:fmc2500-k9_bios:*:*:*:*:*:*:*:*
cisco fmc2500-k9_firmware * - - cpe:2.3:o:cisco:fmc2500-k9_firmware:*:*:*:*:*:*:*:*
cisco fmc4500-k9_bios * - - cpe:2.3:o:cisco:fmc4500-k9_bios:*:*:*:*:*:*:*:*
cisco fmc4500-k9_firmware * - - cpe:2.3:o:cisco:fmc4500-k9_firmware:*:*:*:*:*:*:*:*
cisco sns-3515-k9_bios * - - cpe:2.3:o:cisco:sns-3515-k9_bios:*:*:*:*:*:*:*:*
cisco sns-3515-k9_firmware * - - cpe:2.3:o:cisco:sns-3515-k9_firmware:*:*:*:*:*:*:*:*
cisco sns-3595-k9_bios * - - cpe:2.3:o:cisco:sns-3595-k9_bios:*:*:*:*:*:*:*:*
cisco sns-3595-k9_firmware * - - cpe:2.3:o:cisco:sns-3595-k9_firmware:*:*:*:*:*:*:*:*
cisco sns-3615-k9_bios * - - cpe:2.3:o:cisco:sns-3615-k9_bios:*:*:*:*:*:*:*:*
cisco sns-3615-k9_firmware * - - cpe:2.3:o:cisco:sns-3615-k9_firmware:*:*:*:*:*:*:*:*
cisco sns-3655-k9_bios * - - cpe:2.3:o:cisco:sns-3655-k9_bios:*:*:*:*:*:*:*:*
cisco sns-3655-k9_firmware * - - cpe:2.3:o:cisco:sns-3655-k9_firmware:*:*:*:*:*:*:*:*
cisco sns-3695-k9_bios * - - cpe:2.3:o:cisco:sns-3695-k9_bios:*:*:*:*:*:*:*:*
cisco sns-3695-k9_firmware * - - cpe:2.3:o:cisco:sns-3695-k9_firmware:*:*:*:*:*:*:*:*
cisco tg5004-k9_bios * - - cpe:2.3:o:cisco:tg5004-k9_bios:*:*:*:*:*:*:*:*
cisco tg5004-k9_firmware * - - cpe:2.3:o:cisco:tg5004-k9_firmware:*:*:*:*:*:*:*:*
cisco tg5004-k9-rf_bios * - - cpe:2.3:o:cisco:tg5004-k9-rf_bios:*:*:*:*:*:*:*:*
cisco tg5004-k9-rf_firmware * - - cpe:2.3:o:cisco:tg5004-k9-rf_firmware:*:*:*:*:*:*:*:*
cisco identity_services_engine 2.4\(0.357\) - - cpe:2.3:a:cisco:identity_services_engine:2.4\(0.357\):*:*:*:*:*:*:*
cisco identity_services_engine 2.6\(0.156\) - - cpe:2.3:a:cisco:identity_services_engine:2.6\(0.156\):*:*:*:*:*:*:*
cisco unified_computing_system 3.2\(3h\)c - - cpe:2.3:a:cisco:unified_computing_system:3.2\(3h\)c:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
20200219 Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability vendor-advisory
cve.org
访问
CVSS评分详情
3.0 (cna)
MEDIUM
6.2
CVSS向量: CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2020-09-23 00:26:09
修改时间:
2024-11-13 18:05:16
创建时间:
2025-11-11 15:35:38
更新时间:
2025-11-11 15:55:35
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2019-1736 2025-11-11 15:20:08 2025-11-11 07:35:38
NVD nvd_CVE-2019-1736 2025-11-11 14:56:33 2025-11-11 07:44:09
CNNVD cnnvd_CNNVD-202002-992 2025-11-11 15:10:22 2025-11-11 07:55:35
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:55:35
vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-202002-992; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 授权问题
  • cnnvd_id: 未提取 -> CNNVD-202002-992
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:44:09
affected_products_count: 1 → 24; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 1 -> 24
  • data_sources: ['cve'] -> ['cve', 'nvd']