Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Bootloader Vulnerability Impacts Over 100 Cisco Switches

More than 100 Cisco products are affected by an NX-OS vulnerability that allows attackers to bypass image signature verification.

Cisco on Wednesday announced patches for a vulnerability in the NX-OS software’s bootloader that could allow attackers to bypass image signature verification.

Tracked as CVE-2024-20397, the high-impact security defect exists due to insecure bootloader settings that enable an attacker to execute specific commands to bypass the verification process and load unverified software.

While authentication is not required for the successful exploitation of the flaw, physical access is, Cisco notes in its advisory. The bug can also be exploited by an authenticated, local attacker that has administrative privileges.

According to Cisco, the issue is only relevant for its MDS, Nexus, and UCS Fabric Interconnect products that support secure boot, and not for legacy devices without the feature. In total, the company’s advisory lists more than 100 device models that are impacted.

The tech giant says that this vulnerability affects all MDS 9000 series multilayer switches, Nexus 3000 and 7000 series switches, Nexus 9000 series fabric switches in ACI mode, Nexus 9000 series switches in standalone NX-OS mode, and UCS 6400 and 6500 series fabric interconnects.

Cisco notes that there are no workarounds available for this security defect. However, the company has released several NX-OS software updates to patch the flaw across the affected product series and plans to roll out updates for all devices by the end of this month.

The only devices that will not receive a patch are the Nexus 92160YC-X (N9K-C92160YC-X) switches, which have been discontinued, Cisco notes in its advisory.

The tech giant says it is not aware of the vulnerability being exploited in the wild. Although CVE-2024-20397 is considered a medium-severity issue, users should update their devices as soon as possible, as attackers are known to have exploited medium vulnerabilities in Cisco products for which patches have been released.

Advertisement. Scroll to continue reading.

Related: Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability

Related: Vulnerability Exposes MicroLogix PLCs to Remote DoS Attacks

Related: Cisco Removes Default Password From Video Surveillance Manager

Related: Weidmueller Patches Dozen Vulnerabilities in Industrial WLAN Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

MorganFranklin Cyber has appointed Keith Hollender as CEO and member of the Board of Directors.

Lisa Banks has been named Chief Financial Officer at Abnormal Security.

Threat detection and response company Trellix has appointed Vishal Rao as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.