#VU101221 Improper Verification of Cryptographic Signature in Cisco NX-OS and Cisco UCS - CVE-2024-20397

Cybersecurity Help s.r.o.

Published: 2024-12-04

Vulnerability identifier: #VU101221

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20397

CWE-ID: CWE-347

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cisco NX-OS
Operating systems & Components / Operating system
Cisco UCS
Other software / Other software solutions

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper signature verification in the bootloader. An attacker with physical access to device or a user with administrative privileges can bypass NX-OS image signature verification and load unverified software.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco NX-OS: before 8.4(10)

Cisco UCS: before 4.1(3n)

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh76163
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh76166
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj35846
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm47438
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwn11901

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell Connectrix MDS series update for Cisco bootloader vulnerability

Software image verification bypass in Cisco NX-OS