Latest Cisco NX-OS vulnerability #
Cisco released a security advisory for a vulnerability found within the bootloader of their NX-OS software running on Cisco MDS, Nexus, and UCS Fabric Interconnect devices that support secure boot.
- CVE-2024-20397 is rated Medium with a CVSS score of 5.2, which could allow an attacker to bypass signature verification.
What was the impact? #
The NX-OS image signature verification process can be bypassed during system boot, allowing for an unauthenticated attacker with physical access to an affected device or authenticated local attacker with administrator privileges the ability to load untrusted software.
The following products are known to be affected, if running a vulnerable BIOS version of NX-OS.
- MDS 9000 Series Multilayer Switches
- Nexus 3000 Series Switches
- Nexus 7000 Series Switches
- Nexus 9000 Series Fabric Switches in ACI mode
- Nexus 9000 Series Switches in standalone NX-OS mode
- UCS 6400 Series Fabric Interconnects
- UCS 6500 Series Fabric Interconnects
How to find potentially vulnerable systems with runZero #
From the Assets Inventory, use the following query to locate systems running potentially vulnerable software:
(hw:"Nexus 9" or hw:"Nexus 7" or hw:"Nexus 3" or hw:"UCS 64" or hw:"UCS 65" or hw:"MDS 9") and os:NX-OS
