CVE-2024-20397: Cisco NX-OS Software Image Verification Bypass Vulnerability

5.2 CVSS

Description

A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.

This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.

Classification

CVE ID: CVE-2024-20397

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.2

Affected Products

Vendor: Cisco

Product: Cisco NX-OS Software

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL

Timeline

2024-12-05 00:32:25 UTC
CVE

Cisco NX-OS Software Image Verification Bypass Vulnerability
2025-02-05 20:30:25 UTC
Cisco Security Advisory

Cisco NX-OS Software Image Verification Bypass Vulnerability