How to find Cisco NX-OS assets on your network

|
Updated

Latest Cisco NX-OS vulnerability #

Cisco released a security advisory for a vulnerability found within the bootloader of their NX-OS software running on Cisco MDS, Nexus, and UCS Fabric Interconnect devices that support secure boot.

  • CVE-2024-20397 is rated Medium with a CVSS score of 5.2, which could allow an attacker to bypass signature verification.

What was the impact? #

The NX-OS image signature verification process can be bypassed during system boot, allowing for an unauthenticated attacker with physical access to an affected device or authenticated local attacker with administrator privileges the ability to load untrusted software.

The following products are known to be affected, if running a vulnerable BIOS version of NX-OS.

  • MDS 9000 Series Multilayer Switches
  • Nexus 3000 Series Switches
  • Nexus 7000 Series Switches
  • Nexus 9000 Series Fabric Switches in ACI mode
  • Nexus 9000 Series Switches in standalone NX-OS mode
  • UCS 6400 Series Fabric Interconnects
  • UCS 6500 Series Fabric Interconnects

How to find potentially vulnerable systems with runZero #

From the Assets Inventory, use the following query to locate systems running potentially vulnerable software:

(hw:"Nexus 9" or hw:"Nexus 7" or hw:"Nexus 3" or  hw:"UCS 64" or hw:"UCS 65" or hw:"MDS 9") and os:NX-OS

Written by runZero Team

Great research and development is a team effort! Multiple runZero team members collaborated on this post. Go team!

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Explore more

Webcasts
The Unreasonable Effectiveness of Inside Out Attack Surface Management
HD Moore, founder of runZero (and previously Metasploit), presents new research that will forever redefine how you approach attack surface...
Webcasts
Safeguarding OT/ICS Assets: Insights from the U.S. Department of Energy
Security experts from the National Renewable Energy Lab’s (NREL) Clean Energy Cybersecurity Accelerator™ (CECA) program join runZero to discuss...
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Talks
DEF CON 32: SSHamble: Unexpected Exposures in SSH (Video)
This talk digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them.

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

© Copyright 2025 runZero, Inc. All Rights Reserved

Discover the new era of exposure management!