CVE-2024-20397

medium

Description

A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.  This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.

References

Details

Source: Mitre, NVD

Published: 2024-12-04

Updated: 2025-02-05

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 5.2

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.0003