CVE & CISA-KEV Catalog

CVE-2019-1736

MEDIUM
6.6
CVSS v3
NVD

Description

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

How to fix

Remediation Available
fmc1000-k9 biosNVD
Affected:< 4.0.1f.0Fixed in:4.0.1f.0CVE-2019-1736derived from NVD
fmc1000-k9 firmwareNVD
Affected:< 4.0.2hFixed in:4.0.2hCVE-2019-1736derived from NVD
fmc2500-k9 biosNVD
Affected:< 4.0.1f.0Fixed in:4.0.1f.0CVE-2019-1736derived from NVD
fmc2500-k9 firmwareNVD
Affected:< 4.0.2hFixed in:4.0.2hCVE-2019-1736derived from NVD
fmc4500-k9 biosNVD
Affected:< 4.0.1f.0Fixed in:4.0.1f.0CVE-2019-1736derived from NVD
fmc4500-k9 firmwareNVD
Affected:< 4.0.2hFixed in:4.0.2hCVE-2019-1736derived from NVD
sns-3515-k9 biosNVD
Affected:< 4.0.2dFixed in:4.0.2dCVE-2019-1736derived from NVD
sns-3515-k9 firmwareNVD
Affected:< 4.0.2hFixed in:4.0.2hCVE-2019-1736derived from NVD
sns-3595-k9 biosNVD
Affected:< 4.0.2dFixed in:4.0.2dCVE-2019-1736derived from NVD
sns-3595-k9 firmwareNVD
Affected:< 4.0.2hFixed in:4.0.2hCVE-2019-1736derived from NVD
sns-3615-k9 biosNVD
Affected:< 4.0.1iFixed in:4.0.1iCVE-2019-1736derived from NVD
sns-3615-k9 firmwareNVD
Affected:< 4.0.1gFixed in:4.0.1gCVE-2019-1736derived from NVD
sns-3655-k9 biosNVD
Affected:< 4.0.1iFixed in:4.0.1iCVE-2019-1736derived from NVD
sns-3655-k9 firmwareNVD
Affected:< 4.0.1gFixed in:4.0.1gCVE-2019-1736derived from NVD
sns-3695-k9 biosNVD
Affected:< 4.0.1iFixed in:4.0.1iCVE-2019-1736derived from NVD
sns-3695-k9 firmwareNVD
Affected:< 4.0.1gFixed in:4.0.1gCVE-2019-1736derived from NVD
tg5004-k9-rf biosNVD
Affected:< 4.0.2dFixed in:4.0.2dCVE-2019-1736derived from NVD
tg5004-k9-rf firmwareNVD
Affected:< 4.0.2hFixed in:4.0.2hCVE-2019-1736derived from NVD
tg5004-k9 biosNVD
Affected:< 4.0.2dFixed in:4.0.2dCVE-2019-1736derived from NVD
tg5004-k9 firmwareNVD
Affected:< 4.0.2hFixed in:4.0.2hCVE-2019-1736derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.25%probability of exploitation in 30 days
16thpercentile

Low risk: more likely to be exploited than 16% of all known CVEs.

References

Related Vulnerabilities

Other CWE-347 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2018-16042Medium6.582%--
CVE-2025-59718Critical9.866%KEVFix
CVE-2025-25292Critical9.864%-Fix
CVE-2021-22160Critical9.853%-Fix
CVE-2013-3900Medium5.545%KEV-
CVE-2018-0114High7.543%-Fix
Embed a live status badge for CVE-2019-1736
CVE-2019-1736 severity badge

Markdown

[![CVE-2019-1736](https://tridentstack.com/cve/badge/CVE-2019-1736.svg)](https://tridentstack.com/cve/CVE-2019-1736)

HTML

<a href="https://tridentstack.com/cve/CVE-2019-1736"><img src="https://tridentstack.com/cve/badge/CVE-2019-1736.svg" alt="CVE-2019-1736"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.