CVE-2024-20397
CVSS V2 None
CVSS V3 None
Description
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.
This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.
Overview
- CVE ID
- CVE-2024-20397
- Assigner
- cisco
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-04T16:13:13.890Z
- Last Modified Date
- 2024-12-04T21:39:35.478Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-20397 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20397 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-05 13:15:47 | Added to TrackCVE |