How severe is CVE-2019-1736?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2019-1736?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2019-1736

MEDIUM Year: 2019

CVSS v3 Score

6.2

Medium

CVSS v2 Score

6.9

Medium

Weakness Type

CWE-347

View all →

Vulnerability Description

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

CVE-2021-43392

MEDIUM

CVSS:6.2(Medium)

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java...

CWE-3472021

CVE-2021-43393

MEDIUM

CVSS:6.2(Medium)

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 a...

CWE-3472021

CVE-2022-31807

HIGH

CVSS:6.2(Medium)

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updat...

CWE-3472022

CVE-2024-2307

MEDIUM

CVSS:6.1(Medium)

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing unt...

CWE-3472024

CVE-2018-18203

MEDIUM

CVSS:6.4(Medium)

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the firm...

CWE-3472018

CVE-2019-1809

MEDIUM

CVSS:6.4(Medium)

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software pa...

CWE-3472019

CVE-2019-1736

Vulnerability Description

Related Vulnerabilities

CVE-2021-43392

CVE-2021-43393

CVE-2022-31807

CVE-2024-2307

CVE-2018-18203

CVE-2019-1809