Hundred of CISCO switches impacted by bootloader flaw

A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing attackers to bypass image signature checks.

Cisco released security patches for a vulnerability, tracked as CVE-2024-20397 (CVSS score of 5.2), in the NX-OS software’s bootloader that could be exploited by attackers to bypass image signature verification.

“A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.” reads the advisory.

The root cause of the vulnerability is insecure bootloader settings. An attacker could execute a series of bootloader commands to trigger the vulnerability. 

“A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.” continues the advisory.

The vulnerability affects the following Cisco products running NX-OS Software with a vulnerable BIOS version, regardless of their configuration:

• UCS 6500 Series Fabric Interconnects (CSCwj35846)
• MDS 9000 Series Multilayer Switches (CSCwh76163)
• Nexus 3000 Series Switches (CSCwm47438)
• Nexus 7000 Series Switches (CSCwh76166)
• Nexus 9000 Series Fabric Switches in ACI mode (CSCwn11901)
• Nexus 9000 Series Switches in standalone NX-OS mode (CSCwm47438)
• UCS 6400 Series Fabric Interconnects (CSCwj35846)

The IT giant states that there are no workarounds that address this vulnerability.

The company PSIRT is not aware of any attacks in the wild exploiting this vulnerability CVE-2024-20397

Cisco will not address the vulnerability for Nexus 92160YC-X that has reached the End of Vulnerability/Security Support.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NX-OS)