Vulnerability

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially allowing attackers to bypass image signature verification.

This flaw, which affects several Cisco product lines, could enable unauthorized users to load unverified software onto affected devices.

The vulnerability is attributed to insecure bootloader settings within the Cisco NX-OS Software. Exploitation of this flaw requires either physical access to the device or administrative credentials from a local attacker.

By executing specific bootloader commands, an attacker can bypass the image signature verification process, a crucial security measure designed to ensure that only authenticated software is executed on network devices.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Affected Products

The vulnerability impacts a range of Cisco products that utilize secure boot technology. The affected product lines include:

  • MDS 9000 Series Multilayer Switches
  • Nexus 3000, 7000, and 9000 Series Switches
  • UCS 6400 and 6500 Series Fabric Interconnects

It is important to note that only devices running a vulnerable BIOS version of Cisco NX-OS Software are susceptible. Customers can determine their BIOS version by using the show version command on their devices.

Currently, there are no workarounds for this vulnerability. Cisco has emphasized the importance of applying the available software updates to mitigate potential risks. The company has released updates that address this security issue and recommends customers upgrade their systems promptly.

Cisco has provided free software updates for all affected products. Customers with active service contracts can obtain these updates through their usual channels. For those without service contracts, updates can be accessed by contacting the Cisco Technical Assistance Center (TAC).

To resolve the vulnerability, affected systems require a BIOS update. The specific steps include upgrading the Cisco NX-OS Software on impacted devices using the install all CLI command or installing a specific Software Maintenance Upgrade (SMU) as indicated in the advisory’s Fixed Release table.

The Cisco Product Security Incident Response Team (PSIRT) has not reported any public exploitation of this vulnerability to date. Ferdinand Nölscher from Google Cloud Product Security Engineering initially reported the issue, highlighting the collaborative efforts in identifying and addressing security threats.

This vulnerability underscores the importance of maintaining up-to-date software and implementing robust security practices within network infrastructures. Organizations using Cisco NX-OS Software should prioritize reviewing their systems for vulnerabilities and apply necessary patches to safeguard against potential attacks.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Jaguar Land Rover Hit by HELLCAT Ransomware Using Stolen Jira Credentials

The HELLCAT ransomware group has claimed responsibility for a significant data breach at Jaguar Land…

6 minutes ago

Hackers Exploit Tomcat Vulnerability to Hijack Apache Servers

A recent and significant cybersecurity threat has emerged involving a critical vulnerability in Apache Tomcat,…

2 hours ago

Apple Introduces RCS End-to-End Encryption for iPhone Messages

Apple has announced the integration of end-to-end encryption (E2EE) for Rich Communication Services (RCS) on…

3 hours ago

Adobe Acrobat Vulnerabilities Enable Remote Code Execution

A recent disclosure by Cisco Talos' Vulnerability Discovery & Research team highlighted several vulnerability issues…

4 hours ago

Hackers Use CSS Tricks to Bypass Spam Filters and Monitor Users

Cybersecurity experts have uncovered how hackers use Cascading Style Sheets (CSS) to deceive spam filters…

4 hours ago

Hackers Target TP-Link Vulnerability to Gain Full System Control

Hackers exploit a vulnerability in TP-Link routers, specifically the TL-WR845N model, to gain full control…

6 hours ago