CVE-2024-20397
Vulnerability from cvelistv5
Published
2024-12-04 16:13
Modified
2024-12-04 21:39
Summary
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.
Impacted products
Vendor Product Version
Cisco Cisco NX-OS System Software in ACI Mode Version: 14.1(1j)
Version: 14.0(3d)
Version: 14.1(1k)
Version: 13.2(1m)
Version: 14.0(3c)
Version: 13.2(2l)
Version: 13.2(7k)
Version: 14.1(1l)
Version: 14.2(2f)
Version: 13.2(3s)
Version: 13.2(2o)
Version: 14.0(2c)
Version: 14.1(2m)
Version: 13.2(5e)
Version: 14.1(2o)
Version: 13.2(7f)
Version: 13.2(41d)
Version: 13.2(4d)
Version: 13.2(3o)
Version: 13.2(1l)
Version: 14.0(1h)
Version: 13.2(3n)
Version: 14.2(1l)
Version: 14.2(2e)
Version: 13.2(4e)
Version: 14.2(1i)
Version: 13.2(9b)
Version: 14.1(2s)
Version: 14.1(1i)
Version: 14.1(2g)
Version: 13.2(3j)
Version: 13.2(5d)
Version: 13.2(6i)
Version: 14.1(2u)
Version: 13.2(3i)
Version: 13.2(3r)
Version: 13.2(5f)
Version: 14.2(1j)
Version: 14.1(2w)
Version: 14.2(3n)
Version: 14.2(3l)
Version: 14.2(3j)
Version: 14.2(2g)
Version: 13.2(8d)
Version: 14.1(2x)
Version: 13.2(9f)
Version: 14.2(3q)
Version: 14.2(4i)
Version: 13.2(9h)
Version: 15.0(1k)
Version: 14.2(4k)
Version: 15.0(1l)
Version: 15.0(2e)
Version: 14.2(4o)
Version: 14.2(4p)
Version: 15.0(2h)
Version: 14.2(5k)
Version: 14.2(5l)
Version: 14.2(5n)
Version: 15.1(1h)
Version: 14.2(6d)
Version: 15.1(2e)
Version: 14.2(6g)
Version: 14.2(6h)
Version: 15.1(3e)
Version: 13.2(10e)
Version: 14.2(6l)
Version: 14.2(7f)
Version: 15.1(4c)
Version: 14.2(6o)
Version: 15.2(1g)
Version: 15.2(2e)
Version: 14.2(7l)
Version: 13.2(10f)
Version: 15.2(2f)
Version: 15.2(2g)
Version: 14.2(7q)
Version: 15.2(2h)
Version: 15.2(3f)
Version: 15.2(3e)
Version: 15.2(3g)
Version: 14.2(7r)
Version: 14.2(7s)
Version: 15.2(4d)
Version: 15.2(4e)
Version: 14.2(7t)
Version: 15.2(5c)
Version: 15.2(5d)
Version: 13.2(10g)
Version: 16.0(1g)
Version: 14.2(7u)
Version: 15.2(5e)
Version: 15.2(4f)
Version: 15.2(6e)
Version: 15.2(6h)
Version: 16.0(1j)
Version: 15.2(6g)
Version: 15.2(7f)
Version: 14.2(7v)
Version: 15.2(7g)
Version: 16.0(2h)
Version: 14.2(7w)
Version: 15.2(8d)
Version: 16.0(2j)
Version: 15.2(8e)
Version: 16.0(3d)
Version: 16.0(3e)
Version: 15.2(8f)
Version: 15.2(8g)
Version: 15.3(1d)
Version: 15.2(8h)
Version: 16.0(4c)
Version: 15.3(2a)
Version: 15.2(8i)
Version: 16.0(5h)
Version: 15.3(2b)
Version: 16.0(3g)
Version: 16.0(5j)
Version: 15.3(2c)
Version: 16.0(6c)
Version: 15.3(2d)
Version: 16.1(1f)
Version: 16.0(7e)
Version: 16.0(8e)
Cisco Cisco Unified Computing System (Managed) Version: 4.0(4c)
Version: 4.0(2b)
Version: 4.1(2a)
Version: 4.0(1a)
Version: 4.0(2a)
Version: 4.0(1b)
Version: 4.1(1c)
Version: 4.0(4a)
Version: 4.0(4b)
Version: 4.0(2e)
Version: 4.1(1a)
Version: 4.0(4d)
Version: 4.0(4h)
Version: 4.0(4g)
Version: 4.0(1d)
Version: 4.1(1e)
Version: 4.0(4f)
Version: 4.0(4e)
Version: 4.0(4i)
Version: 4.1(1d)
Version: 4.0(2d)
Version: 4.1(1b)
Version: 4.0(1c)
Version: 4.1(2b)
Version: 4.0(4k)
Version: 4.1(3a)
Version: 4.1(3b)
Version: 4.1(2c)
Version: 4.0(4l)
Version: 4.1(4a)
Version: 4.1(3c)
Version: 4.1(3d)
Version: 4.2(1c)
Version: 4.2(1d)
Version: 4.0(4m)
Version: 4.1(3e)
Version: 4.2(1f)
Version: 4.1(3f)
Version: 4.2(1i)
Version: 4.1(3h)
Version: 4.2(1k)
Version: 4.2(1l)
Version: 4.0(4n)
Version: 4.2(1m)
Version: 4.1(3i)
Version: 4.2(2a)
Version: 4.2(1n)
Version: 4.1(3j)
Version: 4.2(2c)
Version: 4.2(2d)
Version: 4.2(3b)
Version: 4.1(3k)
Version: 4.0(4o)
Version: 4.2(2e)
Version: 4.2(3d)
Version: 4.2(3e)
Version: 4.2(3g)
Version: 4.1(3l)
Version: 4.3(2b)
Version: 4.2(3h)
Version: 4.2(3i)
Version: 4.3(2c)
Version: 4.1(3m)
Version: 4.3(2e)
Version: 4.3(3a)
Version: 4.2(3j)
Version: 4.3(3c)
Version: 4.2(3k)
Version: 4.2(3l)
Version: 4.3(2f)
Version: 4.2(3m)
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20397",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T19:27:41.534598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T21:39:35.478Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco NX-OS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "8.2(5)"
            },
            {
              "status": "affected",
              "version": "7.3(5)D1(1)"
            },
            {
              "status": "affected",
              "version": "8.4(2)"
            },
            {
              "status": "affected",
              "version": "8.4(3)"
            },
            {
              "status": "affected",
              "version": "9.2(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(2)"
            },
            {
              "status": "affected",
              "version": "8.2(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(5)"
            },
            {
              "status": "affected",
              "version": "7.3(1)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(3)"
            },
            {
              "status": "affected",
              "version": "9.2(2v)"
            },
            {
              "status": "affected",
              "version": "7.3(0)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11)"
            },
            {
              "status": "affected",
              "version": "7.3(4)D1(1)"
            },
            {
              "status": "affected",
              "version": "9.2(1)"
            },
            {
              "status": "affected",
              "version": "9.2(2t)"
            },
            {
              "status": "affected",
              "version": "9.2(3y)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(1t)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6z)"
            },
            {
              "status": "affected",
              "version": "9.3(2)"
            },
            {
              "status": "affected",
              "version": "7.3(1)DY(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3z)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IM7(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5a)"
            },
            {
              "status": "affected",
              "version": "8.1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(1)"
            },
            {
              "status": "affected",
              "version": "8.2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3b)"
            },
            {
              "status": "affected",
              "version": "8.3(2)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(3a)"
            },
            {
              "status": "affected",
              "version": "9.2(4)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IC4(4)"
            },
            {
              "status": "affected",
              "version": "8.1(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3c)"
            },
            {
              "status": "affected",
              "version": "7.3(3)D1(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(5)"
            },
            {
              "status": "affected",
              "version": "8.2(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(6)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I6(2)"
            },
            {
              "status": "affected",
              "version": "8.3(1)"
            },
            {
              "status": "affected",
              "version": "8.4(1)"
            },
            {
              "status": "affected",
              "version": "8.1(1b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(5)"
            },
            {
              "status": "affected",
              "version": "7.3(0)DX(1)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(1)"
            },
            {
              "status": "affected",
              "version": "9.3(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(6)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(2)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(11a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8z)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(9)"
            },
            {
              "status": "affected",
              "version": "8.2(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(7)"
            },
            {
              "status": "affected",
              "version": "7.3(0)DY(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(9)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(10a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(1)"
            },
            {
              "status": "affected",
              "version": "9.3(1z)"
            },
            {
              "status": "affected",
              "version": "9.2(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8b)"
            },
            {
              "status": "affected",
              "version": "8.1(2a)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(3)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(3)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(6t)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I5(3a)"
            },
            {
              "status": "affected",
              "version": "8.1(1a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(8)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(3a)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(8a)"
            },
            {
              "status": "affected",
              "version": "7.0(3)F3(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I4(4)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(1)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IA7(2)"
            },
            {
              "status": "affected",
              "version": "7.0(3)IA7(1)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(7b)"
            },
            {
              "status": "affected",
              "version": "6.0(2)A8(4a)"
            },
            {
              "status": "affected",
              "version": "8.4(1a)"
            },
            {
              "status": "affected",
              "version": "9.3(3)"
            },
            {
              "status": "affected",
              "version": "7.3(2)D1(1d)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(8)"
            },
            {
              "status": "affected",
              "version": "9.3(4)"
            },
            {
              "status": "affected",
              "version": "7.3(6)D1(1)"
            },
            {
              "status": "affected",
              "version": "8.2(6)"
            },
            {
              "status": "affected",
              "version": "9.3(5)"
            },
            {
              "status": "affected",
              "version": "8.4(2a)"
            },
            {
              "status": "affected",
              "version": "8.4(2b)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9)"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "9.3(6)"
            },
            {
              "status": "affected",
              "version": "10.1(2)"
            },
            {
              "status": "affected",
              "version": "10.1(1)"
            },
            {
              "status": "affected",
              "version": "8.4(4)"
            },
            {
              "status": "affected",
              "version": "7.3(7)D1(1)"
            },
            {
              "status": "affected",
              "version": "8.4(2c)"
            },
            {
              "status": "affected",
              "version": "9.3(5w)"
            },
            {
              "status": "affected",
              "version": "8.2(7)"
            },
            {
              "status": "affected",
              "version": "9.3(7)"
            },
            {
              "status": "affected",
              "version": "9.3(7k)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(9w)"
            },
            {
              "status": "affected",
              "version": "10.2(1)"
            },
            {
              "status": "affected",
              "version": "7.3(8)D1(1)"
            },
            {
              "status": "affected",
              "version": "9.3(7a)"
            },
            {
              "status": "affected",
              "version": "8.2(7a)"
            },
            {
              "status": "affected",
              "version": "9.3(8)"
            },
            {
              "status": "affected",
              "version": "8.4(4a)"
            },
            {
              "status": "affected",
              "version": "8.4(2d)"
            },
            {
              "status": "affected",
              "version": "8.4(5)"
            },
            {
              "status": "affected",
              "version": "7.0(3)I7(10)"
            },
            {
              "status": "affected",
              "version": "8.2(8)"
            },
            {
              "status": "affected",
              "version": "10.2(1q)"
            },
            {
              "status": "affected",
              "version": "10.2(2)"
            },
            {
              "status": "affected",
              "version": "9.3(9)"
            },
            {
              "status": "affected",
              "version": "10.1(2t)"
            },
            {
              "status": "affected",
              "version": "7.3(9)D1(1)"
            },
            {
              "status": "affected",
              "version": "10.2(3)"
            },
            {
              "status": "affected",
              "version": "8.4(6)"
            },
            {
              "status": "affected",
              "version": "10.2(3t)"
            },
            {
              "status": "affected",
              "version": "8.4(2e)"
            },
            {
              "status": "affected",
              "version": "9.3(10)"
            },
            {
              "status": "affected",
              "version": "10.2(2a)"
            },
            {
              "status": "affected",
              "version": "9.2(1a)"
            },
            {
              "status": "affected",
              "version": "8.2(9)"
            },
            {
              "status": "affected",
              "version": "10.3(1)"
            },
            {
              "status": "affected",
              "version": "10.2(4)"
            },
            {
              "status": "affected",
              "version": "8.4(7)"
            },
            {
              "status": "affected",
              "version": "10.3(2)"
            },
            {
              "status": "affected",
              "version": "8.4(6a)"
            },
            {
              "status": "affected",
              "version": "9.3(11)"
            },
            {
              "status": "affected",
              "version": "10.3(3)"
            },
            {
              "status": "affected",
              "version": "10.2(5)"
            },
            {
              "status": "affected",
              "version": "9.4(1)"
            },
            {
              "status": "affected",
              "version": "9.3(2a)"
            },
            {
              "status": "affected",
              "version": "8.4(2f)"
            },
            {
              "status": "affected",
              "version": "8.2(10)"
            },
            {
              "status": "affected",
              "version": "9.3(12)"
            },
            {
              "status": "affected",
              "version": "10.2(3v)"
            },
            {
              "status": "affected",
              "version": "10.4(1)"
            },
            {
              "status": "affected",
              "version": "8.4(8)"
            },
            {
              "status": "affected",
              "version": "10.3(99w)"
            },
            {
              "status": "affected",
              "version": "10.2(6)"
            },
            {
              "status": "affected",
              "version": "10.3(3w)"
            },
            {
              "status": "affected",
              "version": "10.3(99x)"
            },
            {
              "status": "affected",
              "version": "10.3(3o)"
            },
            {
              "status": "affected",
              "version": "8.4(9)"
            },
            {
              "status": "affected",
              "version": "10.3(4)"
            },
            {
              "status": "affected",
              "version": "10.3(3p)"
            },
            {
              "status": "affected",
              "version": "10.3(4a)"
            },
            {
              "status": "affected",
              "version": "9.4(1a)"
            },
            {
              "status": "affected",
              "version": "10.4(2)"
            },
            {
              "status": "affected",
              "version": "10.3(3q)"
            },
            {
              "status": "affected",
              "version": "9.3(13)"
            },
            {
              "status": "affected",
              "version": "8.2(11)"
            },
            {
              "status": "affected",
              "version": "10.3(5)"
            },
            {
              "status": "affected",
              "version": "10.2(7)"
            },
            {
              "status": "affected",
              "version": "10.4(3)"
            },
            {
              "status": "affected",
              "version": "10.3(3x)"
            },
            {
              "status": "affected",
              "version": "10.3(4g)"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "10.2(8)"
            },
            {
              "status": "affected",
              "version": "10.3(3r)"
            },
            {
              "status": "affected",
              "version": "10.3(6)"
            },
            {
              "status": "affected",
              "version": "9.3(14)"
            },
            {
              "status": "affected",
              "version": "10.4(4)"
            },
            {
              "status": "affected",
              "version": "10.3(4h)"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco NX-OS System Software in ACI Mode",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "14.1(1j)"
            },
            {
              "status": "affected",
              "version": "14.0(3d)"
            },
            {
              "status": "affected",
              "version": "14.1(1k)"
            },
            {
              "status": "affected",
              "version": "13.2(1m)"
            },
            {
              "status": "affected",
              "version": "14.0(3c)"
            },
            {
              "status": "affected",
              "version": "13.2(2l)"
            },
            {
              "status": "affected",
              "version": "13.2(7k)"
            },
            {
              "status": "affected",
              "version": "14.1(1l)"
            },
            {
              "status": "affected",
              "version": "14.2(2f)"
            },
            {
              "status": "affected",
              "version": "13.2(3s)"
            },
            {
              "status": "affected",
              "version": "13.2(2o)"
            },
            {
              "status": "affected",
              "version": "14.0(2c)"
            },
            {
              "status": "affected",
              "version": "14.1(2m)"
            },
            {
              "status": "affected",
              "version": "13.2(5e)"
            },
            {
              "status": "affected",
              "version": "14.1(2o)"
            },
            {
              "status": "affected",
              "version": "13.2(7f)"
            },
            {
              "status": "affected",
              "version": "13.2(41d)"
            },
            {
              "status": "affected",
              "version": "13.2(4d)"
            },
            {
              "status": "affected",
              "version": "13.2(3o)"
            },
            {
              "status": "affected",
              "version": "13.2(1l)"
            },
            {
              "status": "affected",
              "version": "14.0(1h)"
            },
            {
              "status": "affected",
              "version": "13.2(3n)"
            },
            {
              "status": "affected",
              "version": "14.2(1l)"
            },
            {
              "status": "affected",
              "version": "14.2(2e)"
            },
            {
              "status": "affected",
              "version": "13.2(4e)"
            },
            {
              "status": "affected",
              "version": "14.2(1i)"
            },
            {
              "status": "affected",
              "version": "13.2(9b)"
            },
            {
              "status": "affected",
              "version": "14.1(2s)"
            },
            {
              "status": "affected",
              "version": "14.1(1i)"
            },
            {
              "status": "affected",
              "version": "14.1(2g)"
            },
            {
              "status": "affected",
              "version": "13.2(3j)"
            },
            {
              "status": "affected",
              "version": "13.2(5d)"
            },
            {
              "status": "affected",
              "version": "13.2(6i)"
            },
            {
              "status": "affected",
              "version": "14.1(2u)"
            },
            {
              "status": "affected",
              "version": "13.2(3i)"
            },
            {
              "status": "affected",
              "version": "13.2(3r)"
            },
            {
              "status": "affected",
              "version": "13.2(5f)"
            },
            {
              "status": "affected",
              "version": "14.2(1j)"
            },
            {
              "status": "affected",
              "version": "14.1(2w)"
            },
            {
              "status": "affected",
              "version": "14.2(3n)"
            },
            {
              "status": "affected",
              "version": "14.2(3l)"
            },
            {
              "status": "affected",
              "version": "14.2(3j)"
            },
            {
              "status": "affected",
              "version": "14.2(2g)"
            },
            {
              "status": "affected",
              "version": "13.2(8d)"
            },
            {
              "status": "affected",
              "version": "14.1(2x)"
            },
            {
              "status": "affected",
              "version": "13.2(9f)"
            },
            {
              "status": "affected",
              "version": "14.2(3q)"
            },
            {
              "status": "affected",
              "version": "14.2(4i)"
            },
            {
              "status": "affected",
              "version": "13.2(9h)"
            },
            {
              "status": "affected",
              "version": "15.0(1k)"
            },
            {
              "status": "affected",
              "version": "14.2(4k)"
            },
            {
              "status": "affected",
              "version": "15.0(1l)"
            },
            {
              "status": "affected",
              "version": "15.0(2e)"
            },
            {
              "status": "affected",
              "version": "14.2(4o)"
            },
            {
              "status": "affected",
              "version": "14.2(4p)"
            },
            {
              "status": "affected",
              "version": "15.0(2h)"
            },
            {
              "status": "affected",
              "version": "14.2(5k)"
            },
            {
              "status": "affected",
              "version": "14.2(5l)"
            },
            {
              "status": "affected",
              "version": "14.2(5n)"
            },
            {
              "status": "affected",
              "version": "15.1(1h)"
            },
            {
              "status": "affected",
              "version": "14.2(6d)"
            },
            {
              "status": "affected",
              "version": "15.1(2e)"
            },
            {
              "status": "affected",
              "version": "14.2(6g)"
            },
            {
              "status": "affected",
              "version": "14.2(6h)"
            },
            {
              "status": "affected",
              "version": "15.1(3e)"
            },
            {
              "status": "affected",
              "version": "13.2(10e)"
            },
            {
              "status": "affected",
              "version": "14.2(6l)"
            },
            {
              "status": "affected",
              "version": "14.2(7f)"
            },
            {
              "status": "affected",
              "version": "15.1(4c)"
            },
            {
              "status": "affected",
              "version": "14.2(6o)"
            },
            {
              "status": "affected",
              "version": "15.2(1g)"
            },
            {
              "status": "affected",
              "version": "15.2(2e)"
            },
            {
              "status": "affected",
              "version": "14.2(7l)"
            },
            {
              "status": "affected",
              "version": "13.2(10f)"
            },
            {
              "status": "affected",
              "version": "15.2(2f)"
            },
            {
              "status": "affected",
              "version": "15.2(2g)"
            },
            {
              "status": "affected",
              "version": "14.2(7q)"
            },
            {
              "status": "affected",
              "version": "15.2(2h)"
            },
            {
              "status": "affected",
              "version": "15.2(3f)"
            },
            {
              "status": "affected",
              "version": "15.2(3e)"
            },
            {
              "status": "affected",
              "version": "15.2(3g)"
            },
            {
              "status": "affected",
              "version": "14.2(7r)"
            },
            {
              "status": "affected",
              "version": "14.2(7s)"
            },
            {
              "status": "affected",
              "version": "15.2(4d)"
            },
            {
              "status": "affected",
              "version": "15.2(4e)"
            },
            {
              "status": "affected",
              "version": "14.2(7t)"
            },
            {
              "status": "affected",
              "version": "15.2(5c)"
            },
            {
              "status": "affected",
              "version": "15.2(5d)"
            },
            {
              "status": "affected",
              "version": "13.2(10g)"
            },
            {
              "status": "affected",
              "version": "16.0(1g)"
            },
            {
              "status": "affected",
              "version": "14.2(7u)"
            },
            {
              "status": "affected",
              "version": "15.2(5e)"
            },
            {
              "status": "affected",
              "version": "15.2(4f)"
            },
            {
              "status": "affected",
              "version": "15.2(6e)"
            },
            {
              "status": "affected",
              "version": "15.2(6h)"
            },
            {
              "status": "affected",
              "version": "16.0(1j)"
            },
            {
              "status": "affected",
              "version": "15.2(6g)"
            },
            {
              "status": "affected",
              "version": "15.2(7f)"
            },
            {
              "status": "affected",
              "version": "14.2(7v)"
            },
            {
              "status": "affected",
              "version": "15.2(7g)"
            },
            {
              "status": "affected",
              "version": "16.0(2h)"
            },
            {
              "status": "affected",
              "version": "14.2(7w)"
            },
            {
              "status": "affected",
              "version": "15.2(8d)"
            },
            {
              "status": "affected",
              "version": "16.0(2j)"
            },
            {
              "status": "affected",
              "version": "15.2(8e)"
            },
            {
              "status": "affected",
              "version": "16.0(3d)"
            },
            {
              "status": "affected",
              "version": "16.0(3e)"
            },
            {
              "status": "affected",
              "version": "15.2(8f)"
            },
            {
              "status": "affected",
              "version": "15.2(8g)"
            },
            {
              "status": "affected",
              "version": "15.3(1d)"
            },
            {
              "status": "affected",
              "version": "15.2(8h)"
            },
            {
              "status": "affected",
              "version": "16.0(4c)"
            },
            {
              "status": "affected",
              "version": "15.3(2a)"
            },
            {
              "status": "affected",
              "version": "15.2(8i)"
            },
            {
              "status": "affected",
              "version": "16.0(5h)"
            },
            {
              "status": "affected",
              "version": "15.3(2b)"
            },
            {
              "status": "affected",
              "version": "16.0(3g)"
            },
            {
              "status": "affected",
              "version": "16.0(5j)"
            },
            {
              "status": "affected",
              "version": "15.3(2c)"
            },
            {
              "status": "affected",
              "version": "16.0(6c)"
            },
            {
              "status": "affected",
              "version": "15.3(2d)"
            },
            {
              "status": "affected",
              "version": "16.1(1f)"
            },
            {
              "status": "affected",
              "version": "16.0(7e)"
            },
            {
              "status": "affected",
              "version": "16.0(8e)"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System (Managed)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.0(4c)"
            },
            {
              "status": "affected",
              "version": "4.0(2b)"
            },
            {
              "status": "affected",
              "version": "4.1(2a)"
            },
            {
              "status": "affected",
              "version": "4.0(1a)"
            },
            {
              "status": "affected",
              "version": "4.0(2a)"
            },
            {
              "status": "affected",
              "version": "4.0(1b)"
            },
            {
              "status": "affected",
              "version": "4.1(1c)"
            },
            {
              "status": "affected",
              "version": "4.0(4a)"
            },
            {
              "status": "affected",
              "version": "4.0(4b)"
            },
            {
              "status": "affected",
              "version": "4.0(2e)"
            },
            {
              "status": "affected",
              "version": "4.1(1a)"
            },
            {
              "status": "affected",
              "version": "4.0(4d)"
            },
            {
              "status": "affected",
              "version": "4.0(4h)"
            },
            {
              "status": "affected",
              "version": "4.0(4g)"
            },
            {
              "status": "affected",
              "version": "4.0(1d)"
            },
            {
              "status": "affected",
              "version": "4.1(1e)"
            },
            {
              "status": "affected",
              "version": "4.0(4f)"
            },
            {
              "status": "affected",
              "version": "4.0(4e)"
            },
            {
              "status": "affected",
              "version": "4.0(4i)"
            },
            {
              "status": "affected",
              "version": "4.1(1d)"
            },
            {
              "status": "affected",
              "version": "4.0(2d)"
            },
            {
              "status": "affected",
              "version": "4.1(1b)"
            },
            {
              "status": "affected",
              "version": "4.0(1c)"
            },
            {
              "status": "affected",
              "version": "4.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4k)"
            },
            {
              "status": "affected",
              "version": "4.1(3a)"
            },
            {
              "status": "affected",
              "version": "4.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.1(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(4l)"
            },
            {
              "status": "affected",
              "version": "4.1(4a)"
            },
            {
              "status": "affected",
              "version": "4.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.1(3d)"
            },
            {
              "status": "affected",
              "version": "4.2(1c)"
            },
            {
              "status": "affected",
              "version": "4.2(1d)"
            },
            {
              "status": "affected",
              "version": "4.0(4m)"
            },
            {
              "status": "affected",
              "version": "4.1(3e)"
            },
            {
              "status": "affected",
              "version": "4.2(1f)"
            },
            {
              "status": "affected",
              "version": "4.1(3f)"
            },
            {
              "status": "affected",
              "version": "4.2(1i)"
            },
            {
              "status": "affected",
              "version": "4.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(1k)"
            },
            {
              "status": "affected",
              "version": "4.2(1l)"
            },
            {
              "status": "affected",
              "version": "4.0(4n)"
            },
            {
              "status": "affected",
              "version": "4.2(1m)"
            },
            {
              "status": "affected",
              "version": "4.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.2(2a)"
            },
            {
              "status": "affected",
              "version": "4.2(1n)"
            },
            {
              "status": "affected",
              "version": "4.1(3j)"
            },
            {
              "status": "affected",
              "version": "4.2(2c)"
            },
            {
              "status": "affected",
              "version": "4.2(2d)"
            },
            {
              "status": "affected",
              "version": "4.2(3b)"
            },
            {
              "status": "affected",
              "version": "4.1(3k)"
            },
            {
              "status": "affected",
              "version": "4.0(4o)"
            },
            {
              "status": "affected",
              "version": "4.2(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(3d)"
            },
            {
              "status": "affected",
              "version": "4.2(3e)"
            },
            {
              "status": "affected",
              "version": "4.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.1(3l)"
            },
            {
              "status": "affected",
              "version": "4.3(2b)"
            },
            {
              "status": "affected",
              "version": "4.2(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(3i)"
            },
            {
              "status": "affected",
              "version": "4.3(2c)"
            },
            {
              "status": "affected",
              "version": "4.1(3m)"
            },
            {
              "status": "affected",
              "version": "4.3(2e)"
            },
            {
              "status": "affected",
              "version": "4.3(3a)"
            },
            {
              "status": "affected",
              "version": "4.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.3(3c)"
            },
            {
              "status": "affected",
              "version": "4.2(3k)"
            },
            {
              "status": "affected",
              "version": "4.2(3l)"
            },
            {
              "status": "affected",
              "version": "4.3(2f)"
            },
            {
              "status": "affected",
              "version": "4.2(3m)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.\r\n\r\nThis vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-04T16:13:13.890Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-nxos-image-sig-bypas-pQDRQvjL",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-nxos-image-sig-bypas-pQDRQvjL",
        "defects": [
          "CSCwm47438"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco NX-OS Software Image Verification Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20397",
    "datePublished": "2024-12-04T16:13:13.890Z",
    "dateReserved": "2023-11-08T15:08:07.660Z",
    "dateUpdated": "2024-12-04T21:39:35.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-20397\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2024-12-04T17:15:11.913\",\"lastModified\":\"2024-12-04T17:15:11.913\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.\\r\\n\\r\\nThis vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el cargador de arranque del software Cisco NX-OS podr\u00eda permitir que un atacante no autenticado con acceso f\u00edsico a un dispositivo afectado, o un atacante local autenticado con credenciales administrativas, eluda la verificaci\u00f3n de la firma de la imagen de NX-OS. Esta vulnerabilidad se debe a una configuraci\u00f3n insegura del cargador de arranque. Un atacante podr\u00eda aprovechar esta vulnerabilidad ejecutando una serie de comandos del cargador de arranque. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante eludir la verificaci\u00f3n de la firma de la imagen de NX-OS y cargar software no verificado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N\",\"baseScore\":5.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL\",\"source\":\"ykramarz@cisco.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.