A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. 

This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Cisco Cisco NX-OS Software unknown
Version Status Constraints
8.2(5) affected
7.3(5)D1(1) affected
8.4(2) affected
8.4(3) affected
9.2(3) affected
7.0(3)I5(2) affected
8.2(1) affected
6.0(2)A8(7a) affected
7.0(3)I4(5) affected
7.3(1)D1(1) affected
7.0(3)I4(6) affected
7.0(3)I4(3) affected
9.2(2v) affected
7.3(0)D1(1) affected
7.0(3)I4(7) affected
7.0(3)I4(1) affected
7.0(3)I4(8) affected
7.0(3)I4(2) affected
6.0(2)A8(11) affected
7.3(4)D1(1) affected
9.2(1) affected
9.2(2t) affected
9.2(3y) affected
7.0(3)I4(1t) affected
7.0(3)I7(6z) affected
9.3(2) affected
7.3(1)DY(1) affected
7.0(3)F3(3) affected
7.0(3)I7(3z) affected
7.0(3)IM7(2) affected
6.0(2)A8(11b) affected
7.0(3)I7(5a) affected
8.1(1) affected
7.0(3)I6(1) affected
8.2(2) affected
7.0(3)I5(3b) affected
8.3(2) affected
7.3(2)D1(3a) affected
9.2(4) affected
6.0(2)A8(10) affected
6.0(2)A8(2) affected
7.0(3)IC4(4) affected
8.1(2) affected
7.0(3)F3(3c) affected
7.3(3)D1(1) affected
7.0(3)F3(1) affected
7.0(3)F3(5) affected
8.2(3) affected
7.0(3)I7(2) affected
7.0(3)I5(3) affected
7.0(3)I7(3) affected
6.0(2)A8(6) affected
7.0(3)I6(2) affected
8.3(1) affected
8.4(1) affected
8.1(1b) affected
6.0(2)A8(5) affected
7.3(0)DX(1) affected
7.3(2)D1(1) affected
9.3(1) affected
6.0(2)A8(7) affected
7.0(3)I7(6) affected
7.3(2)D1(2) affected
6.0(2)A8(11a) affected
7.0(3)I4(8z) affected
7.0(3)I4(9) affected
8.2(4) affected
7.0(3)I7(4) affected
7.0(3)I7(7) affected
7.3(0)DY(1) affected
6.0(2)A8(9) affected
6.0(2)A8(1) affected
6.0(2)A8(10a) affected
7.0(3)I5(1) affected
9.3(1z) affected
9.2(2) affected
7.0(3)F3(4) affected
7.0(3)I4(8b) affected
8.1(2a) affected
7.3(2)D1(3) affected
6.0(2)A8(3) affected
7.0(3)I4(6t) affected
7.0(3)I5(3a) affected
8.1(1a) affected
6.0(2)A8(8) affected
7.0(3)I7(5) affected
7.0(3)F3(3a) affected
6.0(2)A8(4) affected
7.0(3)I4(8a) affected
7.0(3)F3(2) affected
7.0(3)I4(4) affected
7.0(3)I7(1) affected
7.0(3)IA7(2) affected
7.0(3)IA7(1) affected
6.0(2)A8(7b) affected
6.0(2)A8(4a) affected
8.4(1a) affected
9.3(3) affected
7.3(2)D1(1d) affected
7.0(3)I7(8) affected
9.3(4) affected
7.3(6)D1(1) affected
8.2(6) affected
9.3(5) affected
8.4(2a) affected
8.4(2b) affected
7.0(3)I7(9) affected
8.5(1) affected
9.3(6) affected
10.1(2) affected
10.1(1) affected
8.4(4) affected
7.3(7)D1(1) affected
8.4(2c) affected
9.3(5w) affected
8.2(7) affected
9.3(7) affected
9.3(7k) affected
7.0(3)I7(9w) affected
10.2(1) affected
7.3(8)D1(1) affected
9.3(7a) affected
8.2(7a) affected
9.3(8) affected
8.4(4a) affected
8.4(2d) affected
8.4(5) affected
7.0(3)I7(10) affected
8.2(8) affected
10.2(1q) affected
10.2(2) affected
9.3(9) affected
10.1(2t) affected
7.3(9)D1(1) affected
10.2(3) affected
8.4(6) affected
10.2(3t) affected
8.4(2e) affected
9.3(10) affected
10.2(2a) affected
9.2(1a) affected
8.2(9) affected
10.3(1) affected
10.2(4) affected
8.4(7) affected
10.3(2) affected
8.4(6a) affected
9.3(11) affected
10.3(3) affected
10.2(5) affected
9.4(1) affected
9.3(2a) affected
8.4(2f) affected
8.2(10) affected
9.3(12) affected
10.2(3v) affected
10.4(1) affected
8.4(8) affected
10.3(99w) affected
10.2(6) affected
10.3(3w) affected
10.3(99x) affected
10.3(3o) affected
8.4(9) affected
10.3(4) affected
10.3(3p) affected
10.3(4a) affected
9.4(1a) affected
10.4(2) affected
10.3(3q) affected
9.3(13) affected
8.2(11) affected
10.3(5) affected
10.2(7) affected
10.4(3) affected
10.3(3x) affected
10.3(4g) affected
10.5(1) affected
10.2(8) affected
10.3(3r) affected
10.3(6) affected
9.3(14) affected
10.4(4) affected
10.3(4h) affected
10.4(4g) affected
Cisco Cisco NX-OS System Software in ACI Mode unknown
Version Status Constraints
14.1(1j) affected
14.0(3d) affected
14.1(1k) affected
13.2(1m) affected
14.0(3c) affected
13.2(2l) affected
13.2(7k) affected
14.1(1l) affected
14.2(2f) affected
13.2(3s) affected
13.2(2o) affected
14.0(2c) affected
14.1(2m) affected
13.2(5e) affected
14.1(2o) affected
13.2(7f) affected
13.2(41d) affected
13.2(4d) affected
13.2(3o) affected
13.2(1l) affected
14.0(1h) affected
13.2(3n) affected
14.2(1l) affected
14.2(2e) affected
13.2(4e) affected
14.2(1i) affected
13.2(9b) affected
14.1(2s) affected
14.1(1i) affected
14.1(2g) affected
13.2(3j) affected
13.2(5d) affected
13.2(6i) affected
14.1(2u) affected
13.2(3i) affected
13.2(3r) affected
13.2(5f) affected
14.2(1j) affected
14.1(2w) affected
14.2(3n) affected
14.2(3l) affected
14.2(3j) affected
14.2(2g) affected
13.2(8d) affected
14.1(2x) affected
13.2(9f) affected
14.2(3q) affected
14.2(4i) affected
13.2(9h) affected
15.0(1k) affected
14.2(4k) affected
15.0(1l) affected
15.0(2e) affected
14.2(4o) affected
14.2(4p) affected
15.0(2h) affected
14.2(5k) affected
14.2(5l) affected
14.2(5n) affected
15.1(1h) affected
14.2(6d) affected
15.1(2e) affected
14.2(6g) affected
14.2(6h) affected
15.1(3e) affected
13.2(10e) affected
14.2(6l) affected
14.2(7f) affected
15.1(4c) affected
14.2(6o) affected
15.2(1g) affected
15.2(2e) affected
14.2(7l) affected
13.2(10f) affected
15.2(2f) affected
15.2(2g) affected
14.2(7q) affected
15.2(2h) affected
15.2(3f) affected
15.2(3e) affected
15.2(3g) affected
14.2(7r) affected
14.2(7s) affected
15.2(4d) affected
15.2(4e) affected
14.2(7t) affected
15.2(5c) affected
15.2(5d) affected
13.2(10g) affected
16.0(1g) affected
14.2(7u) affected
15.2(5e) affected
15.2(4f) affected
15.2(6e) affected
15.2(6h) affected
16.0(1j) affected
15.2(6g) affected
15.2(7f) affected
14.2(7v) affected
15.2(7g) affected
16.0(2h) affected
14.2(7w) affected
15.2(8d) affected
16.0(2j) affected
15.2(8e) affected
16.0(3d) affected
16.0(3e) affected
15.2(8f) affected
15.2(8g) affected
15.3(1d) affected
15.2(8h) affected
16.0(4c) affected
15.3(2a) affected
15.2(8i) affected
16.0(5h) affected
15.3(2b) affected
16.0(3g) affected
16.0(5j) affected
15.3(2c) affected
16.0(6c) affected
15.3(2d) affected
16.1(1f) affected
16.0(7e) affected
16.0(8e) affected
15.3(2e) affected
Cisco Cisco Unified Computing System (Managed) unknown
Version Status Constraints
4.0(4c) affected
4.0(2b) affected
4.1(2a) affected
4.0(1a) affected
4.0(2a) affected
4.0(1b) affected
4.1(1c) affected
4.0(4a) affected
4.0(4b) affected
4.0(2e) affected
4.1(1a) affected
4.0(4d) affected
4.0(4h) affected
4.0(4g) affected
4.0(1d) affected
4.1(1e) affected
4.0(4f) affected
4.0(4e) affected
4.0(4i) affected
4.1(1d) affected
4.0(2d) affected
4.1(1b) affected
4.0(1c) affected
4.1(2b) affected
4.0(4k) affected
4.1(3a) affected
4.1(3b) affected
4.1(2c) affected
4.0(4l) affected
4.1(4a) affected
4.1(3c) affected
4.1(3d) affected
4.2(1c) affected
4.2(1d) affected
4.0(4m) affected
4.1(3e) affected
4.2(1f) affected
4.1(3f) affected
4.2(1i) affected
4.1(3h) affected
4.2(1k) affected
4.2(1l) affected
4.0(4n) affected
4.2(1m) affected
4.1(3i) affected
4.2(2a) affected
4.2(1n) affected
4.1(3j) affected
4.2(2c) affected
4.2(2d) affected
4.2(3b) affected
4.1(3k) affected
4.0(4o) affected
4.2(2e) affected
4.2(3d) affected
4.2(3e) affected
4.2(3g) affected
4.1(3l) affected
4.3(2b) affected
4.2(3h) affected
4.2(3i) affected
4.3(2c) affected
4.1(3m) affected
4.3(2e) affected
4.3(3a) affected
4.2(3j) affected
4.3(3c) affected
4.2(3k) affected
4.2(3l) affected
4.3(2f) affected
4.2(3m) affected

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-18112 A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.  This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL cve-icon cve-icon
History

Wed, 05 Feb 2025 20:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.  This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.

Wed, 04 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Dec 2024 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.
Title Cisco NX-OS Software Image Verification Bypass Vulnerability
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 5.2, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2025-04-08T14:29:18.430Z

Reserved: 2023-11-08T15:08:07.660Z

Link: CVE-2024-20397

cve-icon Vulnrichment

Updated: 2024-12-04T19:27:45.801Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-04T17:15:11.913

Modified: 2025-02-05T21:15:22.590

Link: CVE-2024-20397

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses