Hundred of Cisco Switches Impacted by Bootloader Flaw

### #CiscoSecurity #NXOSFlaw #BootloaderExploitation

Summary: Cisco has released security patches for a vulnerability in the NX-OS software’s bootloader, tracked as CVE-2024-20397, which could allow attackers to bypass image signature verification. This vulnerability affects multiple Cisco products and poses a risk to systems with insecure bootloader settings.

Threat Actor: Unauthenticated or authenticated local attackers | unauthenticated attackers
Victim: Cisco NX-OS Software users | Cisco NX-OS Software

Key Point :

  • The vulnerability allows attackers with physical access or administrative credentials to bypass NX-OS image signature verification.
  • Insecure bootloader settings are the root cause, enabling attackers to execute bootloader commands to exploit the vulnerability.
  • A successful exploit could allow the loading of unverified software on affected devices.
  • The vulnerability impacts various Cisco products, including UCS and Nexus series switches.
  • No workarounds are available, and Cisco is not aware of any active exploitation of this vulnerability.
  • Cisco will not provide fixes for devices that have reached the End of Vulnerability/Security Support.

Cisco released security patches for a vulnerability, tracked as CVE-2024-20397 (CVSS score of 5.2), in the NX-OS software’s bootloader that could be exploited by attackers to bypass image signature verification.

“A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.” reads the advisory.

The root cause of the vulnerability is insecure bootloader settings. An attacker could execute a series of bootloader commands to trigger the vulnerability. 

“A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.” continues the advisory.

The vulnerability affects the following Cisco products running NX-OS Software with a vulnerable BIOS version, regardless of their configuration:

  • UCS 6500 Series Fabric Interconnects (CSCwj35846)
  • MDS 9000 Series Multilayer Switches (CSCwh76163)
  • Nexus 3000 Series Switches (CSCwm47438)
  • Nexus 7000 Series Switches (CSCwh76166)
  • Nexus 9000 Series Fabric Switches in ACI mode (CSCwn11901)
  • Nexus 9000 Series Switches in standalone NX-OS mode (CSCwm47438)
  • UCS 6400 Series Fabric Interconnects (CSCwj35846)

The IT giant states that there are no workarounds that address this vulnerability.

The company PSIRT is not aware of any attacks in the wild exploiting this vulnerability CVE-2024-20397

Cisco will not address the vulnerability for Nexus 92160YC-X that has reached the End of Vulnerability/Security Support.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NX-OS)



Source: https://securityaffairs.com/171729/security/cisco-switches-bootloader-flaw-cve-2024-20397.html