December 5, 2024 at 07:31AM
Cisco has released patches for a significant vulnerability in NX-OS bootloader software (CVE-2024-20397) that could let attackers bypass image signature verification. Affecting over 100 models, the flaw requires physical access for exploitation. Cisco advises immediate updates, although no known exploits are reported. Discontinued devices will not receive patches.
**Meeting Takeaways: Cisco Security Patch Announcement**
1. **Vulnerability Overview**: Cisco announced patches for a high-impact vulnerability (CVE-2024-20397) in the NX-OS software’s bootloader that allows attackers to bypass image signature verification.
2. **Cause**: The vulnerability stems from insecure bootloader settings, permitting command execution to load unverified software without authentication, though physical access is required for exploitation.
3. **Affected Products**: The issue specifically concerns MDS, Nexus, and UCS Fabric Interconnect products supporting secure boot, affecting over 100 device models, including:
– MDS 9000 series switches
– Nexus 3000 and 7000 series switches
– Nexus 9000 series fabric switches (both ACI mode and standalone NX-OS mode)
– UCS 6400 and 6500 series fabric interconnects
4. **Patch Availability**: Cisco has released multiple NX-OS software updates to address the flaw, with further updates planned for all impacted devices by the end of the month. The discontinued Nexus 92160YC-X switches will not receive a patch.
5. **Exploitation Status**: Cisco is currently unaware of this vulnerability being exploited in the wild, although it is categorized as medium severity. Users are encouraged to apply patches promptly, as there is a history of exploitation for medium-severity vulnerabilities in their products.
6. **No Workarounds**: There are no workarounds available for this security defect. Immediate updates are recommended.
7. **Related Concerns**: Cisco continues to monitor threats, highlighting ongoing security issues in its products.
**Action Items**:
– Ensure all affected device models are updated before the end of the month.
– Monitor Cisco’s advisory for further updates and security recommendations.