Description
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.
This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.
Reserved 2023-11-08 | Published 2024-12-04 | Updated 2024-12-04 | Assigner
ciscoMEDIUM: 5.2CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Problem types
Improper Access Control
Product status
Default status
unknown
8.2(5)
affected
7.3(5)D1(1)
affected
8.4(2)
affected
8.4(3)
affected
9.2(3)
affected
7.0(3)I5(2)
affected
8.2(1)
affected
6.0(2)A8(7a)
affected
7.0(3)I4(5)
affected
7.3(1)D1(1)
affected
7.0(3)I4(6)
affected
7.0(3)I4(3)
affected
9.2(2v)
affected
7.3(0)D1(1)
affected
7.0(3)I4(7)
affected
7.0(3)I4(1)
affected
7.0(3)I4(8)
affected
7.0(3)I4(2)
affected
6.0(2)A8(11)
affected
7.3(4)D1(1)
affected
9.2(1)
affected
9.2(2t)
affected
9.2(3y)
affected
7.0(3)I4(1t)
affected
7.0(3)I7(6z)
affected
9.3(2)
affected
7.3(1)DY(1)
affected
7.0(3)F3(3)
affected
7.0(3)I7(3z)
affected
7.0(3)IM7(2)
affected
6.0(2)A8(11b)
affected
7.0(3)I7(5a)
affected
8.1(1)
affected
7.0(3)I6(1)
affected
8.2(2)
affected
7.0(3)I5(3b)
affected
8.3(2)
affected
7.3(2)D1(3a)
affected
9.2(4)
affected
6.0(2)A8(10)
affected
6.0(2)A8(2)
affected
7.0(3)IC4(4)
affected
8.1(2)
affected
7.0(3)F3(3c)
affected
7.3(3)D1(1)
affected
7.0(3)F3(1)
affected
7.0(3)F3(5)
affected
8.2(3)
affected
7.0(3)I7(2)
affected
7.0(3)I5(3)
affected
7.0(3)I7(3)
affected
6.0(2)A8(6)
affected
7.0(3)I6(2)
affected
8.3(1)
affected
8.4(1)
affected
8.1(1b)
affected
6.0(2)A8(5)
affected
7.3(0)DX(1)
affected
7.3(2)D1(1)
affected
9.3(1)
affected
6.0(2)A8(7)
affected
7.0(3)I7(6)
affected
7.3(2)D1(2)
affected
6.0(2)A8(11a)
affected
7.0(3)I4(8z)
affected
7.0(3)I4(9)
affected
8.2(4)
affected
7.0(3)I7(4)
affected
7.0(3)I7(7)
affected
7.3(0)DY(1)
affected
6.0(2)A8(9)
affected
6.0(2)A8(1)
affected
6.0(2)A8(10a)
affected
7.0(3)I5(1)
affected
9.3(1z)
affected
9.2(2)
affected
7.0(3)F3(4)
affected
7.0(3)I4(8b)
affected
8.1(2a)
affected
7.3(2)D1(3)
affected
6.0(2)A8(3)
affected
7.0(3)I4(6t)
affected
7.0(3)I5(3a)
affected
8.1(1a)
affected
6.0(2)A8(8)
affected
7.0(3)I7(5)
affected
7.0(3)F3(3a)
affected
6.0(2)A8(4)
affected
7.0(3)I4(8a)
affected
7.0(3)F3(2)
affected
7.0(3)I4(4)
affected
7.0(3)I7(1)
affected
7.0(3)IA7(2)
affected
7.0(3)IA7(1)
affected
6.0(2)A8(7b)
affected
6.0(2)A8(4a)
affected
8.4(1a)
affected
9.3(3)
affected
7.3(2)D1(1d)
affected
7.0(3)I7(8)
affected
9.3(4)
affected
7.3(6)D1(1)
affected
8.2(6)
affected
9.3(5)
affected
8.4(2a)
affected
8.4(2b)
affected
7.0(3)I7(9)
affected
8.5(1)
affected
9.3(6)
affected
10.1(2)
affected
10.1(1)
affected
8.4(4)
affected
7.3(7)D1(1)
affected
8.4(2c)
affected
9.3(5w)
affected
8.2(7)
affected
9.3(7)
affected
9.3(7k)
affected
7.0(3)I7(9w)
affected
10.2(1)
affected
7.3(8)D1(1)
affected
9.3(7a)
affected
8.2(7a)
affected
9.3(8)
affected
8.4(4a)
affected
8.4(2d)
affected
8.4(5)
affected
7.0(3)I7(10)
affected
8.2(8)
affected
10.2(1q)
affected
10.2(2)
affected
9.3(9)
affected
10.1(2t)
affected
7.3(9)D1(1)
affected
10.2(3)
affected
8.4(6)
affected
10.2(3t)
affected
8.4(2e)
affected
9.3(10)
affected
10.2(2a)
affected
9.2(1a)
affected
8.2(9)
affected
10.3(1)
affected
10.2(4)
affected
8.4(7)
affected
10.3(2)
affected
8.4(6a)
affected
9.3(11)
affected
10.3(3)
affected
10.2(5)
affected
9.4(1)
affected
9.3(2a)
affected
8.4(2f)
affected
8.2(10)
affected
9.3(12)
affected
10.2(3v)
affected
10.4(1)
affected
8.4(8)
affected
10.3(99w)
affected
10.2(6)
affected
10.3(3w)
affected
10.3(99x)
affected
10.3(3o)
affected
8.4(9)
affected
10.3(4)
affected
10.3(3p)
affected
10.3(4a)
affected
9.4(1a)
affected
10.4(2)
affected
10.3(3q)
affected
9.3(13)
affected
8.2(11)
affected
10.3(5)
affected
10.2(7)
affected
10.4(3)
affected
10.3(3x)
affected
10.3(4g)
affected
10.5(1)
affected
10.2(8)
affected
10.3(3r)
affected
10.3(6)
affected
9.3(14)
affected
10.4(4)
affected
10.3(4h)
affected
Default status
unknown
14.1(1j)
affected
14.0(3d)
affected
14.1(1k)
affected
13.2(1m)
affected
14.0(3c)
affected
13.2(2l)
affected
13.2(7k)
affected
14.1(1l)
affected
14.2(2f)
affected
13.2(3s)
affected
13.2(2o)
affected
14.0(2c)
affected
14.1(2m)
affected
13.2(5e)
affected
14.1(2o)
affected
13.2(7f)
affected
13.2(41d)
affected
13.2(4d)
affected
13.2(3o)
affected
13.2(1l)
affected
14.0(1h)
affected
13.2(3n)
affected
14.2(1l)
affected
14.2(2e)
affected
13.2(4e)
affected
14.2(1i)
affected
13.2(9b)
affected
14.1(2s)
affected
14.1(1i)
affected
14.1(2g)
affected
13.2(3j)
affected
13.2(5d)
affected
13.2(6i)
affected
14.1(2u)
affected
13.2(3i)
affected
13.2(3r)
affected
13.2(5f)
affected
14.2(1j)
affected
14.1(2w)
affected
14.2(3n)
affected
14.2(3l)
affected
14.2(3j)
affected
14.2(2g)
affected
13.2(8d)
affected
14.1(2x)
affected
13.2(9f)
affected
14.2(3q)
affected
14.2(4i)
affected
13.2(9h)
affected
15.0(1k)
affected
14.2(4k)
affected
15.0(1l)
affected
15.0(2e)
affected
14.2(4o)
affected
14.2(4p)
affected
15.0(2h)
affected
14.2(5k)
affected
14.2(5l)
affected
14.2(5n)
affected
15.1(1h)
affected
14.2(6d)
affected
15.1(2e)
affected
14.2(6g)
affected
14.2(6h)
affected
15.1(3e)
affected
13.2(10e)
affected
14.2(6l)
affected
14.2(7f)
affected
15.1(4c)
affected
14.2(6o)
affected
15.2(1g)
affected
15.2(2e)
affected
14.2(7l)
affected
13.2(10f)
affected
15.2(2f)
affected
15.2(2g)
affected
14.2(7q)
affected
15.2(2h)
affected
15.2(3f)
affected
15.2(3e)
affected
15.2(3g)
affected
14.2(7r)
affected
14.2(7s)
affected
15.2(4d)
affected
15.2(4e)
affected
14.2(7t)
affected
15.2(5c)
affected
15.2(5d)
affected
13.2(10g)
affected
16.0(1g)
affected
14.2(7u)
affected
15.2(5e)
affected
15.2(4f)
affected
15.2(6e)
affected
15.2(6h)
affected
16.0(1j)
affected
15.2(6g)
affected
15.2(7f)
affected
14.2(7v)
affected
15.2(7g)
affected
16.0(2h)
affected
14.2(7w)
affected
15.2(8d)
affected
16.0(2j)
affected
15.2(8e)
affected
16.0(3d)
affected
16.0(3e)
affected
15.2(8f)
affected
15.2(8g)
affected
15.3(1d)
affected
15.2(8h)
affected
16.0(4c)
affected
15.3(2a)
affected
15.2(8i)
affected
16.0(5h)
affected
15.3(2b)
affected
16.0(3g)
affected
16.0(5j)
affected
15.3(2c)
affected
16.0(6c)
affected
15.3(2d)
affected
16.1(1f)
affected
16.0(7e)
affected
16.0(8e)
affected
Default status
unknown
4.0(4c)
affected
4.0(2b)
affected
4.1(2a)
affected
4.0(1a)
affected
4.0(2a)
affected
4.0(1b)
affected
4.1(1c)
affected
4.0(4a)
affected
4.0(4b)
affected
4.0(2e)
affected
4.1(1a)
affected
4.0(4d)
affected
4.0(4h)
affected
4.0(4g)
affected
4.0(1d)
affected
4.1(1e)
affected
4.0(4f)
affected
4.0(4e)
affected
4.0(4i)
affected
4.1(1d)
affected
4.0(2d)
affected
4.1(1b)
affected
4.0(1c)
affected
4.1(2b)
affected
4.0(4k)
affected
4.1(3a)
affected
4.1(3b)
affected
4.1(2c)
affected
4.0(4l)
affected
4.1(4a)
affected
4.1(3c)
affected
4.1(3d)
affected
4.2(1c)
affected
4.2(1d)
affected
4.0(4m)
affected
4.1(3e)
affected
4.2(1f)
affected
4.1(3f)
affected
4.2(1i)
affected
4.1(3h)
affected
4.2(1k)
affected
4.2(1l)
affected
4.0(4n)
affected
4.2(1m)
affected
4.1(3i)
affected
4.2(2a)
affected
4.2(1n)
affected
4.1(3j)
affected
4.2(2c)
affected
4.2(2d)
affected
4.2(3b)
affected
4.1(3k)
affected
4.0(4o)
affected
4.2(2e)
affected
4.2(3d)
affected
4.2(3e)
affected
4.2(3g)
affected
4.1(3l)
affected
4.3(2b)
affected
4.2(3h)
affected
4.2(3i)
affected
4.3(2c)
affected
4.1(3m)
affected
4.3(2e)
affected
4.3(3a)
affected
4.2(3j)
affected
4.3(3c)
affected
4.2(3k)
affected
4.2(3l)
affected
4.3(2f)
affected
4.2(3m)
affected
References
sec.cloudapps.cisco.com/...-sa-nxos-image-sig-bypas-pQDRQvjL (cisco-sa-nxos-image-sig-bypas-pQDRQvjL)
cve.org (CVE-2024-20397)
nvd.nist.gov (CVE-2024-20397)
Download JSON
Subscribe to our newsletter to learn more about our work.