CVE-2019-1615

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions prior to 7.0(3)I7(5) Cisco NX-OS versions prior to 13.2(1l) Cisco NX-OS versions prior to 7.0(3)F3(5)

Description The issue is related to improper verification of digital signatures for software images, which could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. An attacker could exploit this by loading an unsigned software image. A successful exploit could allow the attacker to boot a malicious software image.

Recommendations For Nexus 3000 Series Switches running software versions prior to 7.0(3)I7(5), update to version 7.0(3)I7(5) or later, which includes a BIOS upgrade as part of the software upgrade. For Nexus 9000 Series Fabric Switches in ACI Mode running software versions prior to 13.2(1l), update to version 13.2(1l) or later. For Nexus 9000 Series Switches in Standalone NX-OS Mode running software versions prior to 7.0(3)I7(5), update to version 7.0(3)I7(5) or later. For Nexus 9500 R-Series Line Cards and Fabric Modules running software versions prior to 7.0(3)F3(5), update to version 7.0(3)F3(5) or later.