CVE-2024-20397

medium

Description

A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.  This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.

References

https://www.bleepingcomputer.com/news/security/critical-cisco-ise-bug-can-let-attackers-run-commands-as-root/

https://www.securityweek.com/bootloader-vulnerability-impacts-over-100-cisco-switches/

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL

Details

Source: Mitre, NVD

Published: 2024-12-04

Updated: 2025-02-05

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 5.2

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Severity: Medium