CVE-2024-20397Improper Access Control in Cisco Nx-os Software

CWE-284Improper Access Control4 documents4 sources
Severity
5.2MEDIUMNVD
EPSS
0.0%
top 97.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Nx-os SoftwareCisco Nx-os System Software IN ACI ModeCisco Unified Computing System
Timeline
PublishedDec 4

Description

A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification a

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:NExploitability: 0.9 | Impact: 4.2

Affected Packages3 packages

CVEListV5cisco/cisco_nx-os_software185 versions+184
CVEListV5cisco/cisco_unified_computing_system71 versions+70

🔴Vulnerability Details

2
GHSA
GHSA-p5rq-7r6m-x7rf: A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an au2024-12-04
CVEList
Cisco NX-OS Software Image Verification Bypass Vulnerability2024-12-04

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software Image Verification Bypass Vulnerability2024-12-04
CVE-2024-20397 — Improper Access Control in Cisco | cvebase