NX-OS Bootloader Bypass Image Signature Verification
CVE-2024-20397 Published on December 4, 2024

Cisco NX-OS Software Image Verification Bypass Vulnerability
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.  This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.

NVD

Vulnerability Analysis

CVE-2024-20397 can be exploited with physical access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:

PHYSICAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2024-20397 has been classified to as an Authorization vulnerability or weakness.

Products Associated with CVE-2024-20397

Want to know whenever a new CVE is published for Cisco Nx Os? stack.watch will email you.

Cisco Nx Os

Affected Versions

Cisco NX-OS Software:

Version 8.2(5) is affected.
Version 7.3(5)D1(1) is affected.
Version 8.4(2) is affected.
Version 8.4(3) is affected.
Version 9.2(3) is affected.
Version 7.0(3)I5(2) is affected.
Version 8.2(1) is affected.
Version 6.0(2)A8(7a) is affected.
Version 7.0(3)I4(5) is affected.
Version 7.3(1)D1(1) is affected.
Version 7.0(3)I4(6) is affected.
Version 7.0(3)I4(3) is affected.
Version 9.2(2v) is affected.
Version 7.3(0)D1(1) is affected.
Version 7.0(3)I4(7) is affected.
Version 7.0(3)I4(1) is affected.
Version 7.0(3)I4(8) is affected.
Version 7.0(3)I4(2) is affected.
Version 6.0(2)A8(11) is affected.
Version 7.3(4)D1(1) is affected.
Version 9.2(1) is affected.
Version 9.2(2t) is affected.
Version 9.2(3y) is affected.
Version 7.0(3)I4(1t) is affected.
Version 7.0(3)I7(6z) is affected.
Version 9.3(2) is affected.
Version 7.3(1)DY(1) is affected.
Version 7.0(3)F3(3) is affected.
Version 7.0(3)I7(3z) is affected.
Version 7.0(3)IM7(2) is affected.
Version 6.0(2)A8(11b) is affected.
Version 7.0(3)I7(5a) is affected.
Version 8.1(1) is affected.
Version 7.0(3)I6(1) is affected.
Version 8.2(2) is affected.
Version 7.0(3)I5(3b) is affected.
Version 8.3(2) is affected.
Version 7.3(2)D1(3a) is affected.
Version 9.2(4) is affected.
Version 6.0(2)A8(10) is affected.
Version 6.0(2)A8(2) is affected.
Version 7.0(3)IC4(4) is affected.
Version 8.1(2) is affected.
Version 7.0(3)F3(3c) is affected.
Version 7.3(3)D1(1) is affected.
Version 7.0(3)F3(1) is affected.
Version 7.0(3)F3(5) is affected.
Version 8.2(3) is affected.
Version 7.0(3)I7(2) is affected.
Version 7.0(3)I5(3) is affected.
Version 7.0(3)I7(3) is affected.
Version 6.0(2)A8(6) is affected.
Version 7.0(3)I6(2) is affected.
Version 8.3(1) is affected.
Version 8.4(1) is affected.
Version 8.1(1b) is affected.
Version 6.0(2)A8(5) is affected.
Version 7.3(0)DX(1) is affected.
Version 7.3(2)D1(1) is affected.
Version 9.3(1) is affected.
Version 6.0(2)A8(7) is affected.
Version 7.0(3)I7(6) is affected.
Version 7.3(2)D1(2) is affected.
Version 6.0(2)A8(11a) is affected.
Version 7.0(3)I4(8z) is affected.
Version 7.0(3)I4(9) is affected.
Version 8.2(4) is affected.
Version 7.0(3)I7(4) is affected.
Version 7.0(3)I7(7) is affected.
Version 7.3(0)DY(1) is affected.
Version 6.0(2)A8(9) is affected.
Version 6.0(2)A8(1) is affected.
Version 6.0(2)A8(10a) is affected.
Version 7.0(3)I5(1) is affected.
Version 9.3(1z) is affected.
Version 9.2(2) is affected.
Version 7.0(3)F3(4) is affected.
Version 7.0(3)I4(8b) is affected.
Version 8.1(2a) is affected.
Version 7.3(2)D1(3) is affected.
Version 6.0(2)A8(3) is affected.
Version 7.0(3)I4(6t) is affected.
Version 7.0(3)I5(3a) is affected.
Version 8.1(1a) is affected.
Version 6.0(2)A8(8) is affected.
Version 7.0(3)I7(5) is affected.
Version 7.0(3)F3(3a) is affected.
Version 6.0(2)A8(4) is affected.
Version 7.0(3)I4(8a) is affected.
Version 7.0(3)F3(2) is affected.
Version 7.0(3)I4(4) is affected.
Version 7.0(3)I7(1) is affected.
Version 7.0(3)IA7(2) is affected.
Version 7.0(3)IA7(1) is affected.
Version 6.0(2)A8(7b) is affected.
Version 6.0(2)A8(4a) is affected.
Version 8.4(1a) is affected.
Version 9.3(3) is affected.
Version 7.3(2)D1(1d) is affected.
Version 7.0(3)I7(8) is affected.
Version 9.3(4) is affected.
Version 7.3(6)D1(1) is affected.
Version 8.2(6) is affected.
Version 9.3(5) is affected.
Version 8.4(2a) is affected.
Version 8.4(2b) is affected.
Version 7.0(3)I7(9) is affected.
Version 8.5(1) is affected.
Version 9.3(6) is affected.
Version 10.1(2) is affected.
Version 10.1(1) is affected.
Version 8.4(4) is affected.
Version 7.3(7)D1(1) is affected.
Version 8.4(2c) is affected.
Version 9.3(5w) is affected.
Version 8.2(7) is affected.
Version 9.3(7) is affected.
Version 9.3(7k) is affected.
Version 7.0(3)I7(9w) is affected.
Version 10.2(1) is affected.
Version 7.3(8)D1(1) is affected.
Version 9.3(7a) is affected.
Version 8.2(7a) is affected.
Version 9.3(8) is affected.
Version 8.4(4a) is affected.
Version 8.4(2d) is affected.
Version 8.4(5) is affected.
Version 7.0(3)I7(10) is affected.
Version 8.2(8) is affected.
Version 10.2(1q) is affected.
Version 10.2(2) is affected.
Version 9.3(9) is affected.
Version 10.1(2t) is affected.
Version 7.3(9)D1(1) is affected.
Version 10.2(3) is affected.
Version 8.4(6) is affected.
Version 10.2(3t) is affected.
Version 8.4(2e) is affected.
Version 9.3(10) is affected.
Version 10.2(2a) is affected.
Version 9.2(1a) is affected.
Version 8.2(9) is affected.
Version 10.3(1) is affected.
Version 10.2(4) is affected.
Version 8.4(7) is affected.
Version 10.3(2) is affected.
Version 8.4(6a) is affected.
Version 9.3(11) is affected.
Version 10.3(3) is affected.
Version 10.2(5) is affected.
Version 9.4(1) is affected.
Version 9.3(2a) is affected.
Version 8.4(2f) is affected.
Version 8.2(10) is affected.
Version 9.3(12) is affected.
Version 10.2(3v) is affected.
Version 10.4(1) is affected.
Version 8.4(8) is affected.
Version 10.3(99w) is affected.
Version 10.2(6) is affected.
Version 10.3(3w) is affected.
Version 10.3(99x) is affected.
Version 10.3(3o) is affected.
Version 8.4(9) is affected.
Version 10.3(4) is affected.
Version 10.3(3p) is affected.
Version 10.3(4a) is affected.
Version 9.4(1a) is affected.
Version 10.4(2) is affected.
Version 10.3(3q) is affected.
Version 9.3(13) is affected.
Version 8.2(11) is affected.
Version 10.3(5) is affected.
Version 10.2(7) is affected.
Version 10.4(3) is affected.
Version 10.3(3x) is affected.
Version 10.3(4g) is affected.
Version 10.5(1) is affected.
Version 10.2(8) is affected.
Version 10.3(3r) is affected.
Version 10.3(6) is affected.
Version 9.3(14) is affected.
Version 10.4(4) is affected.
Version 10.3(4h) is affected.
Version 10.4(4g) is affected.

Cisco NX-OS System Software in ACI Mode:

Version 14.1(1j) is affected.
Version 14.0(3d) is affected.
Version 14.1(1k) is affected.
Version 13.2(1m) is affected.
Version 14.0(3c) is affected.
Version 13.2(2l) is affected.
Version 13.2(7k) is affected.
Version 14.1(1l) is affected.
Version 14.2(2f) is affected.
Version 13.2(3s) is affected.
Version 13.2(2o) is affected.
Version 14.0(2c) is affected.
Version 14.1(2m) is affected.
Version 13.2(5e) is affected.
Version 14.1(2o) is affected.
Version 13.2(7f) is affected.
Version 13.2(41d) is affected.
Version 13.2(4d) is affected.
Version 13.2(3o) is affected.
Version 13.2(1l) is affected.
Version 14.0(1h) is affected.
Version 13.2(3n) is affected.
Version 14.2(1l) is affected.
Version 14.2(2e) is affected.
Version 13.2(4e) is affected.
Version 14.2(1i) is affected.
Version 13.2(9b) is affected.
Version 14.1(2s) is affected.
Version 14.1(1i) is affected.
Version 14.1(2g) is affected.
Version 13.2(3j) is affected.
Version 13.2(5d) is affected.
Version 13.2(6i) is affected.
Version 14.1(2u) is affected.
Version 13.2(3i) is affected.
Version 13.2(3r) is affected.
Version 13.2(5f) is affected.
Version 14.2(1j) is affected.
Version 14.1(2w) is affected.
Version 14.2(3n) is affected.
Version 14.2(3l) is affected.
Version 14.2(3j) is affected.
Version 14.2(2g) is affected.
Version 13.2(8d) is affected.
Version 14.1(2x) is affected.
Version 13.2(9f) is affected.
Version 14.2(3q) is affected.
Version 14.2(4i) is affected.
Version 13.2(9h) is affected.
Version 15.0(1k) is affected.
Version 14.2(4k) is affected.
Version 15.0(1l) is affected.
Version 15.0(2e) is affected.
Version 14.2(4o) is affected.
Version 14.2(4p) is affected.
Version 15.0(2h) is affected.
Version 14.2(5k) is affected.
Version 14.2(5l) is affected.
Version 14.2(5n) is affected.
Version 15.1(1h) is affected.
Version 14.2(6d) is affected.
Version 15.1(2e) is affected.
Version 14.2(6g) is affected.
Version 14.2(6h) is affected.
Version 15.1(3e) is affected.
Version 13.2(10e) is affected.
Version 14.2(6l) is affected.
Version 14.2(7f) is affected.
Version 15.1(4c) is affected.
Version 14.2(6o) is affected.
Version 15.2(1g) is affected.
Version 15.2(2e) is affected.
Version 14.2(7l) is affected.
Version 13.2(10f) is affected.
Version 15.2(2f) is affected.
Version 15.2(2g) is affected.
Version 14.2(7q) is affected.
Version 15.2(2h) is affected.
Version 15.2(3f) is affected.
Version 15.2(3e) is affected.
Version 15.2(3g) is affected.
Version 14.2(7r) is affected.
Version 14.2(7s) is affected.
Version 15.2(4d) is affected.
Version 15.2(4e) is affected.
Version 14.2(7t) is affected.
Version 15.2(5c) is affected.
Version 15.2(5d) is affected.
Version 13.2(10g) is affected.
Version 16.0(1g) is affected.
Version 14.2(7u) is affected.
Version 15.2(5e) is affected.
Version 15.2(4f) is affected.
Version 15.2(6e) is affected.
Version 15.2(6h) is affected.
Version 16.0(1j) is affected.
Version 15.2(6g) is affected.
Version 15.2(7f) is affected.
Version 14.2(7v) is affected.
Version 15.2(7g) is affected.
Version 16.0(2h) is affected.
Version 14.2(7w) is affected.
Version 15.2(8d) is affected.
Version 16.0(2j) is affected.
Version 15.2(8e) is affected.
Version 16.0(3d) is affected.
Version 16.0(3e) is affected.
Version 15.2(8f) is affected.
Version 15.2(8g) is affected.
Version 15.3(1d) is affected.
Version 15.2(8h) is affected.
Version 16.0(4c) is affected.
Version 15.3(2a) is affected.
Version 15.2(8i) is affected.
Version 16.0(5h) is affected.
Version 15.3(2b) is affected.
Version 16.0(3g) is affected.
Version 16.0(5j) is affected.
Version 15.3(2c) is affected.
Version 16.0(6c) is affected.
Version 15.3(2d) is affected.
Version 16.1(1f) is affected.
Version 16.0(7e) is affected.
Version 16.0(8e) is affected.
Version 15.3(2e) is affected.

Cisco Unified Computing System (Managed):

Version 4.0(4c) is affected.
Version 4.0(2b) is affected.
Version 4.1(2a) is affected.
Version 4.0(1a) is affected.
Version 4.0(2a) is affected.
Version 4.0(1b) is affected.
Version 4.1(1c) is affected.
Version 4.0(4a) is affected.
Version 4.0(4b) is affected.
Version 4.0(2e) is affected.
Version 4.1(1a) is affected.
Version 4.0(4d) is affected.
Version 4.0(4h) is affected.
Version 4.0(4g) is affected.
Version 4.0(1d) is affected.
Version 4.1(1e) is affected.
Version 4.0(4f) is affected.
Version 4.0(4e) is affected.
Version 4.0(4i) is affected.
Version 4.1(1d) is affected.
Version 4.0(2d) is affected.
Version 4.1(1b) is affected.
Version 4.0(1c) is affected.
Version 4.1(2b) is affected.
Version 4.0(4k) is affected.
Version 4.1(3a) is affected.
Version 4.1(3b) is affected.
Version 4.1(2c) is affected.
Version 4.0(4l) is affected.
Version 4.1(4a) is affected.
Version 4.1(3c) is affected.
Version 4.1(3d) is affected.
Version 4.2(1c) is affected.
Version 4.2(1d) is affected.
Version 4.0(4m) is affected.
Version 4.1(3e) is affected.
Version 4.2(1f) is affected.
Version 4.1(3f) is affected.
Version 4.2(1i) is affected.
Version 4.1(3h) is affected.
Version 4.2(1k) is affected.
Version 4.2(1l) is affected.
Version 4.0(4n) is affected.
Version 4.2(1m) is affected.
Version 4.1(3i) is affected.
Version 4.2(2a) is affected.
Version 4.2(1n) is affected.
Version 4.1(3j) is affected.
Version 4.2(2c) is affected.
Version 4.2(2d) is affected.
Version 4.2(3b) is affected.
Version 4.1(3k) is affected.
Version 4.0(4o) is affected.
Version 4.2(2e) is affected.
Version 4.2(3d) is affected.
Version 4.2(3e) is affected.
Version 4.2(3g) is affected.
Version 4.1(3l) is affected.
Version 4.3(2b) is affected.
Version 4.2(3h) is affected.
Version 4.2(3i) is affected.
Version 4.3(2c) is affected.
Version 4.1(3m) is affected.
Version 4.3(2e) is affected.
Version 4.3(3a) is affected.
Version 4.2(3j) is affected.
Version 4.3(3c) is affected.
Version 4.2(3k) is affected.
Version 4.2(3l) is affected.
Version 4.3(2f) is affected.
Version 4.2(3m) is affected.

Exploit Probability

EPSS

0.01%

Percentile

2.65%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

NX-OS Bootloader Bypass Image Signature VerificationCVE-2024-20397 Published on December 4, 2024

Vulnerability Analysis

Weakness Type

What is an Authorization Vulnerability?

Products Associated with CVE-2024-20397

Affected Versions

Exploit Probability

NX-OS Bootloader Bypass Image Signature Verification
CVE-2024-20397 Published on December 4, 2024