Hundred of Cisco Switches Impacted by Bootloader Flaw

### #CiscoSecurity #NXOSFlaw #BootloaderExploitation

Summary: Cisco has released security patches for a vulnerability in the NX-OS software’s bootloader, tracked as CVE-2024-20397, which could allow attackers to bypass image signature verification. This vulnerability affects multiple Cisco products and poses a risk to systems with insecure bootloader settings.

Threat Actor: Unauthenticated or authenticated local attackers | unauthenticated attackers
Victim: Cisco NX-OS Software users | Cisco NX-OS Software

Key Point :

  • The vulnerability allows attackers with physical access or administrative credentials to bypass NX-OS image signature verification.
  • Insecure bootloader settings are the root cause, enabling attackers to execute bootloader commands to exploit the vulnerability.
  • A successful exploit could allow the loading of unverified software on affected devices.
  • The vulnerability impacts various Cisco products, including UCS and Nexus series switches.
  • No workarounds are available, and Cisco is not aware of any active exploitation of this vulnerability.
  • Cisco will not provide fixes for devices that have reached the End of Vulnerability/Security Support.

Cisco released security patches for a vulnerability, tracked as CVE-2024-20397 (CVSS score of 5.2), in the NX-OS software’s bootloader that could be exploited by attackers to bypass image signature verification.

“A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.” reads the advisory.

The root cause of the vulnerability is insecure bootloader settings. An attacker could execute a series of bootloader commands to trigger the vulnerability. 

“A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.” continues the advisory.

The vulnerability affects the following Cisco products running NX-OS Software with a vulnerable BIOS version, regardless of their configuration:

The IT giant states that there are no workarounds that address this vulnerability.

The company PSIRT is not aware of any attacks in the wild exploiting this vulnerability CVE-2024-20397

Cisco will not address the vulnerability for Nexus 92160YC-X that has reached the End of Vulnerability/Security Support.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NX-OS)



Source: https://securityaffairs.com/171729/security/cisco-switches-bootloader-flaw-cve-2024-20397.html