We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-20397

Cisco NX-OS Software Image Verification Bypass Vulnerability



Description

A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.

Reserved 2023-11-08 | Published 2024-12-04 | Updated 2024-12-04 | Assigner cisco


MEDIUM: 5.2CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Problem types

Improper Access Control

Product status

Default status
unknown

8.2(5)
affected

7.3(5)D1(1)
affected

8.4(2)
affected

8.4(3)
affected

9.2(3)
affected

7.0(3)I5(2)
affected

8.2(1)
affected

6.0(2)A8(7a)
affected

7.0(3)I4(5)
affected

7.3(1)D1(1)
affected

7.0(3)I4(6)
affected

7.0(3)I4(3)
affected

9.2(2v)
affected

7.3(0)D1(1)
affected

7.0(3)I4(7)
affected

7.0(3)I4(1)
affected

7.0(3)I4(8)
affected

7.0(3)I4(2)
affected

6.0(2)A8(11)
affected

7.3(4)D1(1)
affected

9.2(1)
affected

9.2(2t)
affected

9.2(3y)
affected

7.0(3)I4(1t)
affected

7.0(3)I7(6z)
affected

9.3(2)
affected

7.3(1)DY(1)
affected

7.0(3)F3(3)
affected

7.0(3)I7(3z)
affected

7.0(3)IM7(2)
affected

6.0(2)A8(11b)
affected

7.0(3)I7(5a)
affected

8.1(1)
affected

7.0(3)I6(1)
affected

8.2(2)
affected

7.0(3)I5(3b)
affected

8.3(2)
affected

7.3(2)D1(3a)
affected

9.2(4)
affected

6.0(2)A8(10)
affected

6.0(2)A8(2)
affected

7.0(3)IC4(4)
affected

8.1(2)
affected

7.0(3)F3(3c)
affected

7.3(3)D1(1)
affected

7.0(3)F3(1)
affected

7.0(3)F3(5)
affected

8.2(3)
affected

7.0(3)I7(2)
affected

7.0(3)I5(3)
affected

7.0(3)I7(3)
affected

6.0(2)A8(6)
affected

7.0(3)I6(2)
affected

8.3(1)
affected

8.4(1)
affected

8.1(1b)
affected

6.0(2)A8(5)
affected

7.3(0)DX(1)
affected

7.3(2)D1(1)
affected

9.3(1)
affected

6.0(2)A8(7)
affected

7.0(3)I7(6)
affected

7.3(2)D1(2)
affected

6.0(2)A8(11a)
affected

7.0(3)I4(8z)
affected

7.0(3)I4(9)
affected

8.2(4)
affected

7.0(3)I7(4)
affected

7.0(3)I7(7)
affected

7.3(0)DY(1)
affected

6.0(2)A8(9)
affected

6.0(2)A8(1)
affected

6.0(2)A8(10a)
affected

7.0(3)I5(1)
affected

9.3(1z)
affected

9.2(2)
affected

7.0(3)F3(4)
affected

7.0(3)I4(8b)
affected

8.1(2a)
affected

7.3(2)D1(3)
affected

6.0(2)A8(3)
affected

7.0(3)I4(6t)
affected

7.0(3)I5(3a)
affected

8.1(1a)
affected

6.0(2)A8(8)
affected

7.0(3)I7(5)
affected

7.0(3)F3(3a)
affected

6.0(2)A8(4)
affected

7.0(3)I4(8a)
affected

7.0(3)F3(2)
affected

7.0(3)I4(4)
affected

7.0(3)I7(1)
affected

7.0(3)IA7(2)
affected

7.0(3)IA7(1)
affected

6.0(2)A8(7b)
affected

6.0(2)A8(4a)
affected

8.4(1a)
affected

9.3(3)
affected

7.3(2)D1(1d)
affected

7.0(3)I7(8)
affected

9.3(4)
affected

7.3(6)D1(1)
affected

8.2(6)
affected

9.3(5)
affected

8.4(2a)
affected

8.4(2b)
affected

7.0(3)I7(9)
affected

8.5(1)
affected

9.3(6)
affected

10.1(2)
affected

10.1(1)
affected

8.4(4)
affected

7.3(7)D1(1)
affected

8.4(2c)
affected

9.3(5w)
affected

8.2(7)
affected

9.3(7)
affected

9.3(7k)
affected

7.0(3)I7(9w)
affected

10.2(1)
affected

7.3(8)D1(1)
affected

9.3(7a)
affected

8.2(7a)
affected

9.3(8)
affected

8.4(4a)
affected

8.4(2d)
affected

8.4(5)
affected

7.0(3)I7(10)
affected

8.2(8)
affected

10.2(1q)
affected

10.2(2)
affected

9.3(9)
affected

10.1(2t)
affected

7.3(9)D1(1)
affected

10.2(3)
affected

8.4(6)
affected

10.2(3t)
affected

8.4(2e)
affected

9.3(10)
affected

10.2(2a)
affected

9.2(1a)
affected

8.2(9)
affected

10.3(1)
affected

10.2(4)
affected

8.4(7)
affected

10.3(2)
affected

8.4(6a)
affected

9.3(11)
affected

10.3(3)
affected

10.2(5)
affected

9.4(1)
affected

9.3(2a)
affected

8.4(2f)
affected

8.2(10)
affected

9.3(12)
affected

10.2(3v)
affected

10.4(1)
affected

8.4(8)
affected

10.3(99w)
affected

10.2(6)
affected

10.3(3w)
affected

10.3(99x)
affected

10.3(3o)
affected

8.4(9)
affected

10.3(4)
affected

10.3(3p)
affected

10.3(4a)
affected

9.4(1a)
affected

10.4(2)
affected

10.3(3q)
affected

9.3(13)
affected

8.2(11)
affected

10.3(5)
affected

10.2(7)
affected

10.4(3)
affected

10.3(3x)
affected

10.3(4g)
affected

10.5(1)
affected

10.2(8)
affected

10.3(3r)
affected

10.3(6)
affected

9.3(14)
affected

10.4(4)
affected

10.3(4h)
affected

Default status
unknown

14.1(1j)
affected

14.0(3d)
affected

14.1(1k)
affected

13.2(1m)
affected

14.0(3c)
affected

13.2(2l)
affected

13.2(7k)
affected

14.1(1l)
affected

14.2(2f)
affected

13.2(3s)
affected

13.2(2o)
affected

14.0(2c)
affected

14.1(2m)
affected

13.2(5e)
affected

14.1(2o)
affected

13.2(7f)
affected

13.2(41d)
affected

13.2(4d)
affected

13.2(3o)
affected

13.2(1l)
affected

14.0(1h)
affected

13.2(3n)
affected

14.2(1l)
affected

14.2(2e)
affected

13.2(4e)
affected

14.2(1i)
affected

13.2(9b)
affected

14.1(2s)
affected

14.1(1i)
affected

14.1(2g)
affected

13.2(3j)
affected

13.2(5d)
affected

13.2(6i)
affected

14.1(2u)
affected

13.2(3i)
affected

13.2(3r)
affected

13.2(5f)
affected

14.2(1j)
affected

14.1(2w)
affected

14.2(3n)
affected

14.2(3l)
affected

14.2(3j)
affected

14.2(2g)
affected

13.2(8d)
affected

14.1(2x)
affected

13.2(9f)
affected

14.2(3q)
affected

14.2(4i)
affected

13.2(9h)
affected

15.0(1k)
affected

14.2(4k)
affected

15.0(1l)
affected

15.0(2e)
affected

14.2(4o)
affected

14.2(4p)
affected

15.0(2h)
affected

14.2(5k)
affected

14.2(5l)
affected

14.2(5n)
affected

15.1(1h)
affected

14.2(6d)
affected

15.1(2e)
affected

14.2(6g)
affected

14.2(6h)
affected

15.1(3e)
affected

13.2(10e)
affected

14.2(6l)
affected

14.2(7f)
affected

15.1(4c)
affected

14.2(6o)
affected

15.2(1g)
affected

15.2(2e)
affected

14.2(7l)
affected

13.2(10f)
affected

15.2(2f)
affected

15.2(2g)
affected

14.2(7q)
affected

15.2(2h)
affected

15.2(3f)
affected

15.2(3e)
affected

15.2(3g)
affected

14.2(7r)
affected

14.2(7s)
affected

15.2(4d)
affected

15.2(4e)
affected

14.2(7t)
affected

15.2(5c)
affected

15.2(5d)
affected

13.2(10g)
affected

16.0(1g)
affected

14.2(7u)
affected

15.2(5e)
affected

15.2(4f)
affected

15.2(6e)
affected

15.2(6h)
affected

16.0(1j)
affected

15.2(6g)
affected

15.2(7f)
affected

14.2(7v)
affected

15.2(7g)
affected

16.0(2h)
affected

14.2(7w)
affected

15.2(8d)
affected

16.0(2j)
affected

15.2(8e)
affected

16.0(3d)
affected

16.0(3e)
affected

15.2(8f)
affected

15.2(8g)
affected

15.3(1d)
affected

15.2(8h)
affected

16.0(4c)
affected

15.3(2a)
affected

15.2(8i)
affected

16.0(5h)
affected

15.3(2b)
affected

16.0(3g)
affected

16.0(5j)
affected

15.3(2c)
affected

16.0(6c)
affected

15.3(2d)
affected

16.1(1f)
affected

16.0(7e)
affected

16.0(8e)
affected

Default status
unknown

4.0(4c)
affected

4.0(2b)
affected

4.1(2a)
affected

4.0(1a)
affected

4.0(2a)
affected

4.0(1b)
affected

4.1(1c)
affected

4.0(4a)
affected

4.0(4b)
affected

4.0(2e)
affected

4.1(1a)
affected

4.0(4d)
affected

4.0(4h)
affected

4.0(4g)
affected

4.0(1d)
affected

4.1(1e)
affected

4.0(4f)
affected

4.0(4e)
affected

4.0(4i)
affected

4.1(1d)
affected

4.0(2d)
affected

4.1(1b)
affected

4.0(1c)
affected

4.1(2b)
affected

4.0(4k)
affected

4.1(3a)
affected

4.1(3b)
affected

4.1(2c)
affected

4.0(4l)
affected

4.1(4a)
affected

4.1(3c)
affected

4.1(3d)
affected

4.2(1c)
affected

4.2(1d)
affected

4.0(4m)
affected

4.1(3e)
affected

4.2(1f)
affected

4.1(3f)
affected

4.2(1i)
affected

4.1(3h)
affected

4.2(1k)
affected

4.2(1l)
affected

4.0(4n)
affected

4.2(1m)
affected

4.1(3i)
affected

4.2(2a)
affected

4.2(1n)
affected

4.1(3j)
affected

4.2(2c)
affected

4.2(2d)
affected

4.2(3b)
affected

4.1(3k)
affected

4.0(4o)
affected

4.2(2e)
affected

4.2(3d)
affected

4.2(3e)
affected

4.2(3g)
affected

4.1(3l)
affected

4.3(2b)
affected

4.2(3h)
affected

4.2(3i)
affected

4.3(2c)
affected

4.1(3m)
affected

4.3(2e)
affected

4.3(3a)
affected

4.2(3j)
affected

4.3(3c)
affected

4.2(3k)
affected

4.2(3l)
affected

4.3(2f)
affected

4.2(3m)
affected

References

sec.cloudapps.cisco.com/...-sa-nxos-image-sig-bypas-pQDRQvjL (cisco-sa-nxos-image-sig-bypas-pQDRQvjL)

cve.org (CVE-2024-20397)

nvd.nist.gov (CVE-2024-20397)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-20397

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.