CVE-2024-20397

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. The issue affects over 100 models, including MDS 9000, Nexus 3000/7000/9000.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.