Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially allowing attackers to bypass image signature verification.

This flaw, which affects several Cisco product lines, could enable unauthorized users to load unverified software onto affected devices.

The vulnerability is attributed to insecure bootloader settings within the Cisco NX-OS Software. Exploitation of this flaw requires either physical access to the device or administrative credentials from a local attacker.

By executing specific bootloader commands, an attacker can bypass the image signature verification process, a crucial security measure designed to ensure that only authenticated software is executed on network devices.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Affected Products

The vulnerability impacts a range of Cisco products that utilize secure boot technology. The affected product lines include:

• MDS 9000 Series Multilayer Switches
• Nexus 3000, 7000, and 9000 Series Switches
• UCS 6400 and 6500 Series Fabric Interconnects

It is important to note that only devices running a vulnerable BIOS version of Cisco NX-OS Software are susceptible. Customers can determine their BIOS version by using the show version command on their devices.

Currently, there are no workarounds for this vulnerability. Cisco has emphasized the importance of applying the available software updates to mitigate potential risks. The company has released updates that address this security issue and recommends customers upgrade their systems promptly.

Cisco has provided free software updates for all affected products. Customers with active service contracts can obtain these updates through their usual channels. For those without service contracts, updates can be accessed by contacting the Cisco Technical Assistance Center (TAC).

To resolve the vulnerability, affected systems require a BIOS update. The specific steps include upgrading the Cisco NX-OS Software on impacted devices using the install all CLI command or installing a specific Software Maintenance Upgrade (SMU) as indicated in the advisory’s Fixed Release table.

The Cisco Product Security Incident Response Team (PSIRT) has not reported any public exploitation of this vulnerability to date. Ferdinand Nölscher from Google Cloud Product Security Engineering initially reported the issue, highlighting the collaborative efforts in identifying and addressing security threats.

This vulnerability underscores the importance of maintaining up-to-date software and implementing robust security practices within network infrastructures. Organizations using Cisco NX-OS Software should prioritize reviewing their systems for vulnerabilities and apply necessary patches to safeguard against potential attacks.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar