CVE-2024-20397

Published Dec 4, 2024

Last updated 22 days ago

CVSS medium 5.2

Overview

Description
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.  This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.
Source
psirt@cisco.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.2
Impact score
4.2
Exploitability score
0.9
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Severity
MEDIUM

Weaknesses

psirt@cisco.com
CWE-284

Social media

Hype score
Not currently trending

  1. Cisco NX-OS Software Image Verification Bypass Vulnerability (CVE-2024-20397) #Cisco #CiscoNXOS #CVE202420397 #CyberSecurity https://t.co/PN1IryAigl https://t.co/JHa2CbiuWT

    @SystemTek_UK

    6 Feb 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Cisco NX-OS の脆弱性 CVE-2024-20397 が FIX:イメージ署名検証のバイパス https://t.co/pK3ZuquqLQ Cisco NX-OS のブートローダーに存在する脆弱性により、広範な製品群に影響が生じるとのことです。アップデートに関しては、Cisco アドバイザリの [Fixed Software] をご参照ください。 #BIOS… https://t.co/DOnLqLgonJ

    @iototsecnews

    16 Dec 2024

    58 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨🛠️ Attention IT professionals! A critical bootloader vulnerability has been discovered in over 100 CISCO switches, allowing attackers to bypass image signature checks. This flaw, tracked as CVE-2024-20397, has a CVSS score of 5.2. Thankfully, Cisco has released security patche

    @MachadoClement

    8 Dec 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. A bootloader vulnerability (CVE-2024-20397) in #Cisco NX-OS affects 100+ switches. #Cybersecurity #infosec https://t.co/Zu36zRtMyN https://t.co/AKKHAXOlYh

    @twelvesec

    8 Dec 2024

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 「Cisco NX-OS」に不正イメージを起動できる脆弱性:Security NEXT https://t.co/yrYMqQ8Dhg ”イメージの署名検証をバイパスできる脆弱性「CVE-2024-20397」について明らかにしたもの。セキュアブートをサポートする「Cisco MDS」「Cisco Nexus」「Cisco UCSファブリックインターコネクト」が影響”

    @catnap707

    5 Dec 2024

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-20397 A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, loc… https://t.co/NQ5NuevHf0

    @CVEnew

    4 Dec 2024

    335 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References